| 1 | 4918.46d4: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa042ee00
|
|---|
| 2 | 4918.46d4: \SystemRoot\System32\ntdll.dll:
|
|---|
| 3 | 4918.46d4: CreationTime: 2018-12-12T16:22:11.967963000Z
|
|---|
| 4 | 4918.46d4: LastWriteTime: 2018-12-08T08:04:53.786979100Z
|
|---|
| 5 | 4918.46d4: ChangeTime: 2018-12-20T17:28:16.091009200Z
|
|---|
| 6 | 4918.46d4: FileAttributes: 0x20
|
|---|
| 7 | 4918.46d4: Size: 0x1da720
|
|---|
| 8 | 4918.46d4: NT Headers: 0xe8
|
|---|
| 9 | 4918.46d4: Timestamp: 0x7e614c22
|
|---|
| 10 | 4918.46d4: Machine: 0x8664 - amd64
|
|---|
| 11 | 4918.46d4: Timestamp: 0x7e614c22
|
|---|
| 12 | 4918.46d4: Image Version: 10.0
|
|---|
| 13 | 4918.46d4: SizeOfImage: 0x1e1000 (1970176)
|
|---|
| 14 | 4918.46d4: Resource Dir: 0x174000 LB 0x6b3e8
|
|---|
| 15 | 4918.46d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 16 | 4918.46d4: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 17 | 4918.46d4: ProductName: Microsoft® Windows® Operating System
|
|---|
| 18 | 4918.46d4: ProductVersion: 10.0.17134.471
|
|---|
| 19 | 4918.46d4: FileVersion: 10.0.17134.471 (WinBuild.160101.0800)
|
|---|
| 20 | 4918.46d4: FileDescription: NT Layer DLL
|
|---|
| 21 | 4918.46d4: \SystemRoot\System32\kernel32.dll:
|
|---|
| 22 | 4918.46d4: CreationTime: 2018-04-11T23:34:40.510607900Z
|
|---|
| 23 | 4918.46d4: LastWriteTime: 2018-04-11T23:34:40.510607900Z
|
|---|
| 24 | 4918.46d4: ChangeTime: 2018-08-02T10:52:14.292003200Z
|
|---|
| 25 | 4918.46d4: FileAttributes: 0x20
|
|---|
| 26 | 4918.46d4: Size: 0xafef8
|
|---|
| 27 | 4918.46d4: NT Headers: 0xe8
|
|---|
| 28 | 4918.46d4: Timestamp: 0x5f488a51
|
|---|
| 29 | 4918.46d4: Machine: 0x8664 - amd64
|
|---|
| 30 | 4918.46d4: Timestamp: 0x5f488a51
|
|---|
| 31 | 4918.46d4: Image Version: 10.0
|
|---|
| 32 | 4918.46d4: SizeOfImage: 0xb2000 (729088)
|
|---|
| 33 | 4918.46d4: Resource Dir: 0xb0000 LB 0x520
|
|---|
| 34 | 4918.46d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 35 | 4918.46d4: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 36 | 4918.46d4: ProductName: Microsoft® Windows® Operating System
|
|---|
| 37 | 4918.46d4: ProductVersion: 10.0.17134.1
|
|---|
| 38 | 4918.46d4: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
|
|---|
| 39 | 4918.46d4: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 40 | 4918.46d4: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 41 | 4918.46d4: CreationTime: 2018-11-27T20:43:23.300474400Z
|
|---|
| 42 | 4918.46d4: LastWriteTime: 2018-11-09T02:47:52.285920600Z
|
|---|
| 43 | 4918.46d4: ChangeTime: 2018-12-20T17:28:16.089057400Z
|
|---|
| 44 | 4918.46d4: FileAttributes: 0x20
|
|---|
| 45 | 4918.46d4: Size: 0x273b78
|
|---|
| 46 | 4918.46d4: NT Headers: 0xf0
|
|---|
| 47 | 4918.46d4: Timestamp: 0x428de48c
|
|---|
| 48 | 4918.46d4: Machine: 0x8664 - amd64
|
|---|
| 49 | 4918.46d4: Timestamp: 0x428de48c
|
|---|
| 50 | 4918.46d4: Image Version: 10.0
|
|---|
| 51 | 4918.46d4: SizeOfImage: 0x273000 (2568192)
|
|---|
| 52 | 4918.46d4: Resource Dir: 0x251000 LB 0x548
|
|---|
| 53 | 4918.46d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 54 | 4918.46d4: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 55 | 4918.46d4: ProductName: Microsoft® Windows® Operating System
|
|---|
| 56 | 4918.46d4: ProductVersion: 10.0.17134.441
|
|---|
| 57 | 4918.46d4: FileVersion: 10.0.17134.441 (WinBuild.160101.0800)
|
|---|
| 58 | 4918.46d4: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 59 | 4918.46d4: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 60 | 4918.46d4: CreationTime: 2018-04-11T23:34:44.042150700Z
|
|---|
| 61 | 4918.46d4: LastWriteTime: 2018-04-11T23:34:44.042150700Z
|
|---|
| 62 | 4918.46d4: ChangeTime: 2018-08-02T11:35:09.677325500Z
|
|---|
| 63 | 4918.46d4: FileAttributes: 0x20
|
|---|
| 64 | 4918.46d4: Size: 0x1bd98
|
|---|
| 65 | 4918.46d4: NT Headers: 0xd0
|
|---|
| 66 | 4918.46d4: Timestamp: 0xd02ff418
|
|---|
| 67 | 4918.46d4: Machine: 0x8664 - amd64
|
|---|
| 68 | 4918.46d4: Timestamp: 0xd02ff418
|
|---|
| 69 | 4918.46d4: Image Version: 10.0
|
|---|
| 70 | 4918.46d4: SizeOfImage: 0x1c000 (114688)
|
|---|
| 71 | 4918.46d4: Resource Dir: 0x1b000 LB 0x408
|
|---|
| 72 | 4918.46d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 73 | 4918.46d4: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 74 | 4918.46d4: ProductName: Microsoft® Windows® Operating System
|
|---|
| 75 | 4918.46d4: ProductVersion: 10.0.17134.1
|
|---|
| 76 | 4918.46d4: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
|
|---|
| 77 | 4918.46d4: FileDescription: ApiSet Schema DLL
|
|---|
| 78 | 4918.46d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
|
|---|
| 79 | 4918.46d4: supR3HardenedWinFindAdversaries: 0x20
|
|---|
| 80 | 4918.46d4: \SystemRoot\System32\drivers\cfwids.sys:
|
|---|
| 81 | 4918.46d4: CreationTime: 2018-01-31T17:06:48.000000000Z
|
|---|
| 82 | 4918.46d4: LastWriteTime: 2018-10-04T08:27:26.000000000Z
|
|---|
| 83 | 4918.46d4: ChangeTime: 2018-12-26T04:19:44.333339400Z
|
|---|
| 84 | 4918.46d4: FileAttributes: 0x20
|
|---|
| 85 | 4918.46d4: Size: 0x12d40
|
|---|
| 86 | 4918.46d4: NT Headers: 0xf0
|
|---|
| 87 | 4918.46d4: Timestamp: 0x5b7cebbe
|
|---|
| 88 | 4918.46d4: Machine: 0x8664 - amd64
|
|---|
| 89 | 4918.46d4: Timestamp: 0x5b7cebbe
|
|---|
| 90 | 4918.46d4: Image Version: 0.0
|
|---|
| 91 | 4918.46d4: SizeOfImage: 0x14000 (81920)
|
|---|
| 92 | 4918.46d4: Resource Dir: 0x12000 LB 0x550
|
|---|
| 93 | 4918.46d4: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 94 | 4918.46d4: [Raw version resource data: 0x120a0 LB 0x318, codepage 0x0 (reserved 0x0)]
|
|---|
| 95 | 4918.46d4: ProductName: SYSCORE
|
|---|
| 96 | 4918.46d4: ProductVersion: 18.9.0.174
|
|---|
| 97 | 4918.46d4: FileVersion: SYSCORE.18.9.0.174
|
|---|
| 98 | 4918.46d4: PrivateBuild: SYSCORE.18.9.0.174
|
|---|
| 99 | 4918.46d4: FileDescription: McAfee Personal Firewall IDS Plugin
|
|---|
| 100 | 4918.46d4: \SystemRoot\System32\drivers\mfeavfk.sys:
|
|---|
| 101 | 4918.46d4: CreationTime: 2018-01-31T17:06:48.000000000Z
|
|---|
| 102 | 4918.46d4: LastWriteTime: 2018-10-04T08:27:26.000000000Z
|
|---|
| 103 | 4918.46d4: ChangeTime: 2018-12-26T04:19:44.054118000Z
|
|---|
| 104 | 4918.46d4: FileAttributes: 0x20
|
|---|
| 105 | 4918.46d4: Size: 0x5ab40
|
|---|
| 106 | 4918.46d4: NT Headers: 0xe8
|
|---|
| 107 | 4918.46d4: Timestamp: 0x5b7ceb01
|
|---|
| 108 | 4918.46d4: Machine: 0x8664 - amd64
|
|---|
| 109 | 4918.46d4: Timestamp: 0x5b7ceb01
|
|---|
| 110 | 4918.46d4: Image Version: 0.0
|
|---|
| 111 | 4918.46d4: SizeOfImage: 0x5b000 (372736)
|
|---|
| 112 | 4918.46d4: Resource Dir: 0x59000 LB 0x758
|
|---|
| 113 | 4918.46d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 114 | 4918.46d4: [Raw version resource data: 0x59110 LB 0x334, codepage 0x0 (reserved 0x0)]
|
|---|
| 115 | 4918.46d4: ProductName: SYSCORE
|
|---|
| 116 | 4918.46d4: ProductVersion: 18.9.0.174
|
|---|
| 117 | 4918.46d4: FileVersion: SYSCORE.18.9.0.174
|
|---|
| 118 | 4918.46d4: PrivateBuild: SYSCORE.18.9.0.174 F15,F16,F19
|
|---|
| 119 | 4918.46d4: FileDescription: Anti-Virus File System Filter Driver
|
|---|
| 120 | 4918.46d4: \SystemRoot\System32\drivers\mfefirek.sys:
|
|---|
| 121 | 4918.46d4: CreationTime: 2018-01-31T17:06:48.000000000Z
|
|---|
| 122 | 4918.46d4: LastWriteTime: 2018-10-04T08:27:26.000000000Z
|
|---|
| 123 | 4918.46d4: ChangeTime: 2018-12-26T04:19:43.925830500Z
|
|---|
| 124 | 4918.46d4: FileAttributes: 0x20
|
|---|
| 125 | 4918.46d4: Size: 0x7dd40
|
|---|
| 126 | 4918.46d4: NT Headers: 0xf0
|
|---|
| 127 | 4918.46d4: Timestamp: 0x5b7ceb8a
|
|---|
| 128 | 4918.46d4: Machine: 0x8664 - amd64
|
|---|
| 129 | 4918.46d4: Timestamp: 0x5b7ceb8a
|
|---|
| 130 | 4918.46d4: Image Version: 0.0
|
|---|
| 131 | 4918.46d4: SizeOfImage: 0x7f000 (520192)
|
|---|
| 132 | 4918.46d4: Resource Dir: 0x7b000 LB 0x388
|
|---|
| 133 | 4918.46d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 134 | 4918.46d4: [Raw version resource data: 0x7b060 LB 0x328, codepage 0x0 (reserved 0x0)]
|
|---|
| 135 | 4918.46d4: ProductName: SYSCORE
|
|---|
| 136 | 4918.46d4: ProductVersion: 18.9.0.174
|
|---|
| 137 | 4918.46d4: FileVersion: SYSCORE.18.9.0.174
|
|---|
| 138 | 4918.46d4: PrivateBuild: SYSCORE.18.9.0.174 F17,F18
|
|---|
| 139 | 4918.46d4: FileDescription: McAfee Core Firewall Engine Driver
|
|---|
| 140 | 4918.46d4: \SystemRoot\System32\drivers\mfehidk.sys:
|
|---|
| 141 | 4918.46d4: CreationTime: 2018-01-31T17:06:48.000000000Z
|
|---|
| 142 | 4918.46d4: LastWriteTime: 2018-10-04T08:27:26.000000000Z
|
|---|
| 143 | 4918.46d4: ChangeTime: 2018-12-26T04:19:39.056247500Z
|
|---|
| 144 | 4918.46d4: FileAttributes: 0x20
|
|---|
| 145 | 4918.46d4: Size: 0xee140
|
|---|
| 146 | 4918.46d4: NT Headers: 0x108
|
|---|
| 147 | 4918.46d4: Timestamp: 0x5b7cea9c
|
|---|
| 148 | 4918.46d4: Machine: 0x8664 - amd64
|
|---|
| 149 | 4918.46d4: Timestamp: 0x5b7cea9c
|
|---|
| 150 | 4918.46d4: Image Version: 0.0
|
|---|
| 151 | 4918.46d4: SizeOfImage: 0xf7000 (1011712)
|
|---|
| 152 | 4918.46d4: Resource Dir: 0xf3000 LB 0x758
|
|---|
| 153 | 4918.46d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 154 | 4918.46d4: [Raw version resource data: 0xf3110 LB 0x320, codepage 0x0 (reserved 0x0)]
|
|---|
| 155 | 4918.46d4: ProductName: SYSCORE
|
|---|
| 156 | 4918.46d4: ProductVersion: 18.9.0.174
|
|---|
| 157 | 4918.46d4: FileVersion: SYSCORE.18.9.0.174
|
|---|
| 158 | 4918.46d4: PrivateBuild: SYSCORE.18.9.0.174 F14,F15,F16,F18,F20
|
|---|
| 159 | 4918.46d4: FileDescription: McAfee Link Driver
|
|---|
| 160 | 4918.46d4: \SystemRoot\System32\drivers\mfencbdc.sys:
|
|---|
| 161 | 4918.46d4: CreationTime: 2017-11-21T07:48:58.000000000Z
|
|---|
| 162 | 4918.46d4: LastWriteTime: 2018-10-02T17:09:34.000000000Z
|
|---|
| 163 | 4918.46d4: ChangeTime: 2018-12-26T04:20:13.928345700Z
|
|---|
| 164 | 4918.46d4: FileAttributes: 0x20
|
|---|
| 165 | 4918.46d4: Size: 0x88f30
|
|---|
| 166 | 4918.46d4: NT Headers: 0xe0
|
|---|
| 167 | 4918.46d4: Timestamp: 0x5b843d50
|
|---|
| 168 | 4918.46d4: Machine: 0x8664 - amd64
|
|---|
| 169 | 4918.46d4: Timestamp: 0x5b843d50
|
|---|
| 170 | 4918.46d4: Image Version: 0.0
|
|---|
| 171 | 4918.46d4: SizeOfImage: 0x8c000 (573440)
|
|---|
| 172 | 4918.46d4: Resource Dir: 0x8a000 LB 0x3e0
|
|---|
| 173 | 4918.46d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 174 | 4918.46d4: [Raw version resource data: 0x8a060 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 175 | 4918.46d4: ProductName: Anti-Malware Core
|
|---|
| 176 | 4918.46d4: ProductVersion: 18.9.0
|
|---|
| 177 | 4918.46d4: FileVersion: Anti-Malware Core.18.9.0.284.x64
|
|---|
| 178 | 4918.46d4: PrivateBuild: Anti-Malware Core.18.9.0.284.x64
|
|---|
| 179 | 4918.46d4: FileDescription: Event Driver
|
|---|
| 180 | 4918.46d4: \SystemRoot\System32\drivers\mfewfpk.sys:
|
|---|
| 181 | 4918.46d4: CreationTime: 2018-01-31T17:06:48.000000000Z
|
|---|
| 182 | 4918.46d4: LastWriteTime: 2018-10-04T08:27:26.000000000Z
|
|---|
| 183 | 4918.46d4: ChangeTime: 2018-12-26T04:18:31.226499400Z
|
|---|
| 184 | 4918.46d4: FileAttributes: 0x20
|
|---|
| 185 | 4918.46d4: Size: 0x3df40
|
|---|
| 186 | 4918.46d4: NT Headers: 0xf0
|
|---|
| 187 | 4918.46d4: Timestamp: 0x5b7ceab5
|
|---|
| 188 | 4918.46d4: Machine: 0x8664 - amd64
|
|---|
| 189 | 4918.46d4: Timestamp: 0x5b7ceab5
|
|---|
| 190 | 4918.46d4: Image Version: 0.0
|
|---|
| 191 | 4918.46d4: SizeOfImage: 0x59000 (364544)
|
|---|
| 192 | 4918.46d4: Resource Dir: 0x57000 LB 0x380
|
|---|
| 193 | 4918.46d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 194 | 4918.46d4: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
|
|---|
| 195 | 4918.46d4: ProductName: SYSCORE
|
|---|
| 196 | 4918.46d4: ProductVersion: 18.9.0.174
|
|---|
| 197 | 4918.46d4: FileVersion: SYSCORE.18.9.0.174
|
|---|
| 198 | 4918.46d4: PrivateBuild: SYSCORE.18.9.0.174 F17,F18
|
|---|
| 199 | 4918.46d4: FileDescription: Anti-Virus Mini-Firewall Driver
|
|---|
| 200 | 4918.46d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 201 | 4918.46d4: Calling main()
|
|---|
| 202 | 4918.46d4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
|
|---|
| 203 | 4918.46d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 204 | 4918.46d4: SUPR3HardenedMain: Respawn #1
|
|---|
| 205 | 4918.46d4: System32: \Device\HarddiskVolume3\Windows\System32
|
|---|
| 206 | 4918.46d4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
|
|---|
| 207 | 4918.46d4: KnownDllPath: C:\Windows\System32
|
|---|
| 208 | 4918.46d4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 209 | 4918.46d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 210 | 4918.46d4: supR3HardNtEnableThreadCreation:
|
|---|
| 211 | 4918.46d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb23f04f90 pvNtTerminateThread=00007ffb23f2b3f0
|
|---|
| 212 | 4918.46d4: supR3HardenedWinDoReSpawn(1): New child 45d8.2e30 [kernel32].
|
|---|
| 213 | 4918.46d4: supR3HardNtChildGatherData: PebBaseAddress=00000000002a4000 cbPeb=0x388
|
|---|
| 214 | 4918.46d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb23e90000 uNtDllChildAddr=00007ffb23e90000
|
|---|
| 215 | 4918.46d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb23f04f90
|
|---|
| 216 | 4918.46d4: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 217 | 4918.46d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 218 | 4918.46d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 59 sleeps
|
|---|
| 219 | 4918.46d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 220 | 4918.46d4: *0000000000000000-00000000000affff 0x0001/0x0000 0x0000000
|
|---|
| 221 | 4918.46d4: *00000000000b0000-00000000000cffff 0x0004/0x0004 0x0020000
|
|---|
| 222 | 4918.46d4: *00000000000d0000-00000000000e8fff 0x0002/0x0002 0x0040000
|
|---|
| 223 | 4918.46d4: 00000000000e9000-00000000000effff 0x0001/0x0000 0x0000000
|
|---|
| 224 | 4918.46d4: *00000000000f0000-00000000001eafff 0x0000/0x0004 0x0020000
|
|---|
| 225 | 4918.46d4: 00000000001eb000-00000000001edfff 0x0104/0x0004 0x0020000
|
|---|
| 226 | 4918.46d4: 00000000001ee000-00000000001effff 0x0004/0x0004 0x0020000
|
|---|
| 227 | 4918.46d4: *00000000001f0000-00000000001f3fff 0x0002/0x0002 0x0040000
|
|---|
| 228 | 4918.46d4: 00000000001f4000-00000000001fffff 0x0001/0x0000 0x0000000
|
|---|
| 229 | 4918.46d4: *0000000000200000-00000000002a3fff 0x0000/0x0004 0x0020000
|
|---|
| 230 | 4918.46d4: 00000000002a4000-00000000002a6fff 0x0004/0x0004 0x0020000
|
|---|
| 231 | 4918.46d4: 00000000002a7000-00000000003fffff 0x0000/0x0004 0x0020000
|
|---|
| 232 | 4918.46d4: *0000000000400000-0000000000400fff 0x0004/0x0004 0x0020000
|
|---|
| 233 | 4918.46d4: 0000000000401000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 234 | 4918.46d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 235 | 4918.46d4: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
|
|---|
| 236 | 4918.46d4: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
|
|---|
| 237 | 4918.46d4: 000000007ffe6000-00007ff5abb2ffff 0x0001/0x0000 0x0000000
|
|---|
| 238 | 4918.46d4: *00007ff5abb30000-00007ff5abb52fff 0x0002/0x0002 0x0040000
|
|---|
| 239 | 4918.46d4: 00007ff5abb53000-00007ff69b42ffff 0x0001/0x0000 0x0000000
|
|---|
| 240 | 4918.46d4: *00007ff69b430000-00007ff69b430fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 241 | 4918.46d4: 00007ff69b431000-00007ff69b4a3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 242 | 4918.46d4: 00007ff69b4a4000-00007ff69b4a4fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 243 | 4918.46d4: 00007ff69b4a5000-00007ff69b4ebfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 244 | 4918.46d4: 00007ff69b4ec000-00007ff69b4ecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 245 | 4918.46d4: 00007ff69b4ed000-00007ff69b4edfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 246 | 4918.46d4: 00007ff69b4ee000-00007ff69b4f2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 247 | 4918.46d4: 00007ff69b4f3000-00007ff69b4f3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 248 | 4918.46d4: 00007ff69b4f4000-00007ff69b4f4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 249 | 4918.46d4: 00007ff69b4f5000-00007ff69b4f8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 250 | 4918.46d4: 00007ff69b4f9000-00007ff69b541fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 251 | 4918.46d4: 00007ff69b542000-00007ffb23e8ffff 0x0001/0x0000 0x0000000
|
|---|
| 252 | 4918.46d4: *00007ffb23e90000-00007ffb23e90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 253 | 4918.46d4: 00007ffb23e91000-00007ffb23f9ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 254 | 4918.46d4: 00007ffb23fa0000-00007ffb23fe5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 255 | 4918.46d4: 00007ffb23fe6000-00007ffb23ff0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 256 | 4918.46d4: 00007ffb23ff1000-00007ffb23ffefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 257 | 4918.46d4: 00007ffb23fff000-00007ffb23ffffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 258 | 4918.46d4: 00007ffb24000000-00007ffb24002fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 259 | 4918.46d4: 00007ffb24003000-00007ffb24070fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 260 | 4918.46d4: 00007ffb24071000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 261 | 4918.46d4: VirtualBoxVM.exe: timestamp 0x5c18e1cd (rc=VINF_SUCCESS)
|
|---|
| 262 | 4918.46d4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 263 | 4918.46d4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
|
|---|
| 264 | 4918.46d4: supR3HardNtChildPurify: Done after 551 ms and 0 fixes (loop #0).
|
|---|
| 265 | 45d8.2e30: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
|
|---|
| 266 | 45d8.2e30: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb23e90000 g_uNtVerCombined=0xa042ee00
|
|---|
| 267 | 45d8.2e30: ntdll.dll: timestamp 0x7e614c22 (rc=VINF_SUCCESS)
|
|---|
| 268 | 4918.46d4: supR3HardNtEnableThreadCreation:
|
|---|
| 269 | 45d8.2e30: New simple heap: #1 0000000000510000 LB 0x400000 (for 1970176 allocation)
|
|---|
| 270 | 45d8.2e30: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 271 | 45d8.2e30: System32: \Device\HarddiskVolume3\Windows\System32
|
|---|
| 272 | 45d8.2e30: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
|
|---|
| 273 | 45d8.2e30: KnownDllPath: C:\Windows\System32
|
|---|
| 274 | 45d8.2e30: supR3HardenedVmProcessInit: Opening vboxdrv stub...
|
|---|
| 275 | 45d8.2e30: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
|
|---|
| 276 | 45d8.2e30: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
|
|---|
| 277 | 45d8.2e30: Registered Dll notification callback with NTDLL.
|
|---|
| 278 | 45d8.2e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
|
|---|
| 279 | 45d8.2e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 280 | 45d8.2e30: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 281 | 45d8.2e30: supR3HardenedDllNotificationCallback: load 00007ffb20570000 LB 0x00273000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
|
|---|
| 282 | 45d8.2e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
|
|---|
| 283 | 45d8.2e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
|
|---|
| 284 | 45d8.2e30: supR3HardenedDllNotificationCallback: load 00007ffb23da0000 LB 0x000b2000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
|
|---|
| 285 | 45d8.2e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 286 | 45d8.2e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23da0000 'C:\Windows\System32\KERNEL32.DLL'
|
|---|
| 287 | 45d8.2e30: supR3HardenedDllNotificationCallback: load 00007ff69b430000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
|
|---|
| 288 | 45d8.2e30: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 289 | 45d8.2e30: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 290 | 45d8.2e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 291 | 45d8.2e30: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb23f04f90 pvNtTerminateThread=00007ffb23f2b3f0
|
|---|
| 292 | 4918.46d4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 77 ms.
|
|---|
| 293 | 45d8.2e30: \SystemRoot\System32\ntdll.dll:
|
|---|
| 294 | 45d8.2e30: CreationTime: 2018-12-12T16:22:11.967963000Z
|
|---|
| 295 | 45d8.2e30: LastWriteTime: 2018-12-08T08:04:53.786979100Z
|
|---|
| 296 | 45d8.2e30: ChangeTime: 2018-12-20T17:28:16.091009200Z
|
|---|
| 297 | 45d8.2e30: FileAttributes: 0x20
|
|---|
| 298 | 45d8.2e30: Size: 0x1da720
|
|---|
| 299 | 45d8.2e30: NT Headers: 0xe8
|
|---|
| 300 | 45d8.2e30: Timestamp: 0x7e614c22
|
|---|
| 301 | 45d8.2e30: Machine: 0x8664 - amd64
|
|---|
| 302 | 45d8.2e30: Timestamp: 0x7e614c22
|
|---|
| 303 | 45d8.2e30: Image Version: 10.0
|
|---|
| 304 | 45d8.2e30: SizeOfImage: 0x1e1000 (1970176)
|
|---|
| 305 | 45d8.2e30: Resource Dir: 0x174000 LB 0x6b3e8
|
|---|
| 306 | 45d8.2e30: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 307 | 45d8.2e30: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 308 | 45d8.2e30: ProductName: Microsoft® Windows® Operating System
|
|---|
| 309 | 45d8.2e30: ProductVersion: 10.0.17134.471
|
|---|
| 310 | 45d8.2e30: FileVersion: 10.0.17134.471 (WinBuild.160101.0800)
|
|---|
| 311 | 45d8.2e30: FileDescription: NT Layer DLL
|
|---|
| 312 | 45d8.2e30: \SystemRoot\System32\kernel32.dll:
|
|---|
| 313 | 45d8.2e30: CreationTime: 2018-04-11T23:34:40.510607900Z
|
|---|
| 314 | 45d8.2e30: LastWriteTime: 2018-04-11T23:34:40.510607900Z
|
|---|
| 315 | 45d8.2e30: ChangeTime: 2018-08-02T10:52:14.292003200Z
|
|---|
| 316 | 45d8.2e30: FileAttributes: 0x20
|
|---|
| 317 | 45d8.2e30: Size: 0xafef8
|
|---|
| 318 | 45d8.2e30: NT Headers: 0xe8
|
|---|
| 319 | 45d8.2e30: Timestamp: 0x5f488a51
|
|---|
| 320 | 45d8.2e30: Machine: 0x8664 - amd64
|
|---|
| 321 | 45d8.2e30: Timestamp: 0x5f488a51
|
|---|
| 322 | 45d8.2e30: Image Version: 10.0
|
|---|
| 323 | 45d8.2e30: SizeOfImage: 0xb2000 (729088)
|
|---|
| 324 | 45d8.2e30: Resource Dir: 0xb0000 LB 0x520
|
|---|
| 325 | 45d8.2e30: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 326 | 45d8.2e30: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 327 | 45d8.2e30: ProductName: Microsoft® Windows® Operating System
|
|---|
| 328 | 45d8.2e30: ProductVersion: 10.0.17134.1
|
|---|
| 329 | 45d8.2e30: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
|
|---|
| 330 | 45d8.2e30: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 331 | 45d8.2e30: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 332 | 45d8.2e30: CreationTime: 2018-11-27T20:43:23.300474400Z
|
|---|
| 333 | 45d8.2e30: LastWriteTime: 2018-11-09T02:47:52.285920600Z
|
|---|
| 334 | 45d8.2e30: ChangeTime: 2018-12-20T17:28:16.089057400Z
|
|---|
| 335 | 45d8.2e30: FileAttributes: 0x20
|
|---|
| 336 | 45d8.2e30: Size: 0x273b78
|
|---|
| 337 | 45d8.2e30: NT Headers: 0xf0
|
|---|
| 338 | 45d8.2e30: Timestamp: 0x428de48c
|
|---|
| 339 | 45d8.2e30: Machine: 0x8664 - amd64
|
|---|
| 340 | 45d8.2e30: Timestamp: 0x428de48c
|
|---|
| 341 | 45d8.2e30: Image Version: 10.0
|
|---|
| 342 | 45d8.2e30: SizeOfImage: 0x273000 (2568192)
|
|---|
| 343 | 45d8.2e30: Resource Dir: 0x251000 LB 0x548
|
|---|
| 344 | 45d8.2e30: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 345 | 45d8.2e30: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 346 | 45d8.2e30: ProductName: Microsoft® Windows® Operating System
|
|---|
| 347 | 45d8.2e30: ProductVersion: 10.0.17134.441
|
|---|
| 348 | 45d8.2e30: FileVersion: 10.0.17134.441 (WinBuild.160101.0800)
|
|---|
| 349 | 45d8.2e30: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 350 | 45d8.2e30: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 351 | 45d8.2e30: CreationTime: 2018-04-11T23:34:44.042150700Z
|
|---|
| 352 | 45d8.2e30: LastWriteTime: 2018-04-11T23:34:44.042150700Z
|
|---|
| 353 | 45d8.2e30: ChangeTime: 2018-08-02T11:35:09.677325500Z
|
|---|
| 354 | 45d8.2e30: FileAttributes: 0x20
|
|---|
| 355 | 45d8.2e30: Size: 0x1bd98
|
|---|
| 356 | 45d8.2e30: NT Headers: 0xd0
|
|---|
| 357 | 45d8.2e30: Timestamp: 0xd02ff418
|
|---|
| 358 | 45d8.2e30: Machine: 0x8664 - amd64
|
|---|
| 359 | 45d8.2e30: Timestamp: 0xd02ff418
|
|---|
| 360 | 45d8.2e30: Image Version: 10.0
|
|---|
| 361 | 45d8.2e30: SizeOfImage: 0x1c000 (114688)
|
|---|
| 362 | 45d8.2e30: Resource Dir: 0x1b000 LB 0x408
|
|---|
| 363 | 45d8.2e30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 364 | 45d8.2e30: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 365 | 45d8.2e30: ProductName: Microsoft® Windows® Operating System
|
|---|
| 366 | 45d8.2e30: ProductVersion: 10.0.17134.1
|
|---|
| 367 | 45d8.2e30: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
|
|---|
| 368 | 45d8.2e30: FileDescription: ApiSet Schema DLL
|
|---|
| 369 | 45d8.2e30: NtOpenDirectoryObject failed on \Driver: 0xc0000022
|
|---|
| 370 | 45d8.2e30: supR3HardenedWinFindAdversaries: 0x20
|
|---|
| 371 | 45d8.2e30: \SystemRoot\System32\drivers\cfwids.sys:
|
|---|
| 372 | 45d8.2e30: CreationTime: 2018-01-31T17:06:48.000000000Z
|
|---|
| 373 | 45d8.2e30: LastWriteTime: 2018-10-04T08:27:26.000000000Z
|
|---|
| 374 | 45d8.2e30: ChangeTime: 2018-12-26T04:19:44.333339400Z
|
|---|
| 375 | 45d8.2e30: FileAttributes: 0x20
|
|---|
| 376 | 45d8.2e30: Size: 0x12d40
|
|---|
| 377 | 45d8.2e30: NT Headers: 0xf0
|
|---|
| 378 | 45d8.2e30: Timestamp: 0x5b7cebbe
|
|---|
| 379 | 45d8.2e30: Machine: 0x8664 - amd64
|
|---|
| 380 | 45d8.2e30: Timestamp: 0x5b7cebbe
|
|---|
| 381 | 45d8.2e30: Image Version: 0.0
|
|---|
| 382 | 45d8.2e30: SizeOfImage: 0x14000 (81920)
|
|---|
| 383 | 45d8.2e30: Resource Dir: 0x12000 LB 0x550
|
|---|
| 384 | 45d8.2e30: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 385 | 45d8.2e30: [Raw version resource data: 0x120a0 LB 0x318, codepage 0x0 (reserved 0x0)]
|
|---|
| 386 | 45d8.2e30: ProductName: SYSCORE
|
|---|
| 387 | 45d8.2e30: ProductVersion: 18.9.0.174
|
|---|
| 388 | 45d8.2e30: FileVersion: SYSCORE.18.9.0.174
|
|---|
| 389 | 45d8.2e30: PrivateBuild: SYSCORE.18.9.0.174
|
|---|
| 390 | 45d8.2e30: FileDescription: McAfee Personal Firewall IDS Plugin
|
|---|
| 391 | 45d8.2e30: \SystemRoot\System32\drivers\mfeavfk.sys:
|
|---|
| 392 | 45d8.2e30: CreationTime: 2018-01-31T17:06:48.000000000Z
|
|---|
| 393 | 45d8.2e30: LastWriteTime: 2018-10-04T08:27:26.000000000Z
|
|---|
| 394 | 45d8.2e30: ChangeTime: 2018-12-26T04:19:44.054118000Z
|
|---|
| 395 | 45d8.2e30: FileAttributes: 0x20
|
|---|
| 396 | 45d8.2e30: Size: 0x5ab40
|
|---|
| 397 | 45d8.2e30: NT Headers: 0xe8
|
|---|
| 398 | 45d8.2e30: Timestamp: 0x5b7ceb01
|
|---|
| 399 | 45d8.2e30: Machine: 0x8664 - amd64
|
|---|
| 400 | 45d8.2e30: Timestamp: 0x5b7ceb01
|
|---|
| 401 | 45d8.2e30: Image Version: 0.0
|
|---|
| 402 | 45d8.2e30: SizeOfImage: 0x5b000 (372736)
|
|---|
| 403 | 45d8.2e30: Resource Dir: 0x59000 LB 0x758
|
|---|
| 404 | 45d8.2e30: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 405 | 45d8.2e30: [Raw version resource data: 0x59110 LB 0x334, codepage 0x0 (reserved 0x0)]
|
|---|
| 406 | 45d8.2e30: ProductName: SYSCORE
|
|---|
| 407 | 45d8.2e30: ProductVersion: 18.9.0.174
|
|---|
| 408 | 45d8.2e30: FileVersion: SYSCORE.18.9.0.174
|
|---|
| 409 | 45d8.2e30: PrivateBuild: SYSCORE.18.9.0.174 F15,F16,F19
|
|---|
| 410 | 45d8.2e30: FileDescription: Anti-Virus File System Filter Driver
|
|---|
| 411 | 45d8.2e30: \SystemRoot\System32\drivers\mfefirek.sys:
|
|---|
| 412 | 45d8.2e30: CreationTime: 2018-01-31T17:06:48.000000000Z
|
|---|
| 413 | 45d8.2e30: LastWriteTime: 2018-10-04T08:27:26.000000000Z
|
|---|
| 414 | 45d8.2e30: ChangeTime: 2018-12-26T04:19:43.925830500Z
|
|---|
| 415 | 45d8.2e30: FileAttributes: 0x20
|
|---|
| 416 | 45d8.2e30: Size: 0x7dd40
|
|---|
| 417 | 45d8.2e30: NT Headers: 0xf0
|
|---|
| 418 | 45d8.2e30: Timestamp: 0x5b7ceb8a
|
|---|
| 419 | 45d8.2e30: Machine: 0x8664 - amd64
|
|---|
| 420 | 45d8.2e30: Timestamp: 0x5b7ceb8a
|
|---|
| 421 | 45d8.2e30: Image Version: 0.0
|
|---|
| 422 | 45d8.2e30: SizeOfImage: 0x7f000 (520192)
|
|---|
| 423 | 45d8.2e30: Resource Dir: 0x7b000 LB 0x388
|
|---|
| 424 | 45d8.2e30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 425 | 45d8.2e30: [Raw version resource data: 0x7b060 LB 0x328, codepage 0x0 (reserved 0x0)]
|
|---|
| 426 | 45d8.2e30: ProductName: SYSCORE
|
|---|
| 427 | 45d8.2e30: ProductVersion: 18.9.0.174
|
|---|
| 428 | 45d8.2e30: FileVersion: SYSCORE.18.9.0.174
|
|---|
| 429 | 45d8.2e30: PrivateBuild: SYSCORE.18.9.0.174 F17,F18
|
|---|
| 430 | 45d8.2e30: FileDescription: McAfee Core Firewall Engine Driver
|
|---|
| 431 | 45d8.2e30: \SystemRoot\System32\drivers\mfehidk.sys:
|
|---|
| 432 | 45d8.2e30: CreationTime: 2018-01-31T17:06:48.000000000Z
|
|---|
| 433 | 45d8.2e30: LastWriteTime: 2018-10-04T08:27:26.000000000Z
|
|---|
| 434 | 45d8.2e30: ChangeTime: 2018-12-26T04:19:39.056247500Z
|
|---|
| 435 | 45d8.2e30: FileAttributes: 0x20
|
|---|
| 436 | 45d8.2e30: Size: 0xee140
|
|---|
| 437 | 45d8.2e30: NT Headers: 0x108
|
|---|
| 438 | 45d8.2e30: Timestamp: 0x5b7cea9c
|
|---|
| 439 | 45d8.2e30: Machine: 0x8664 - amd64
|
|---|
| 440 | 45d8.2e30: Timestamp: 0x5b7cea9c
|
|---|
| 441 | 45d8.2e30: Image Version: 0.0
|
|---|
| 442 | 45d8.2e30: SizeOfImage: 0xf7000 (1011712)
|
|---|
| 443 | 45d8.2e30: Resource Dir: 0xf3000 LB 0x758
|
|---|
| 444 | 45d8.2e30: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 445 | 45d8.2e30: [Raw version resource data: 0xf3110 LB 0x320, codepage 0x0 (reserved 0x0)]
|
|---|
| 446 | 45d8.2e30: ProductName: SYSCORE
|
|---|
| 447 | 45d8.2e30: ProductVersion: 18.9.0.174
|
|---|
| 448 | 45d8.2e30: FileVersion: SYSCORE.18.9.0.174
|
|---|
| 449 | 45d8.2e30: PrivateBuild: SYSCORE.18.9.0.174 F14,F15,F16,F18,F20
|
|---|
| 450 | 45d8.2e30: FileDescription: McAfee Link Driver
|
|---|
| 451 | 45d8.2e30: \SystemRoot\System32\drivers\mfencbdc.sys:
|
|---|
| 452 | 45d8.2e30: CreationTime: 2017-11-21T07:48:58.000000000Z
|
|---|
| 453 | 45d8.2e30: LastWriteTime: 2018-10-02T17:09:34.000000000Z
|
|---|
| 454 | 45d8.2e30: ChangeTime: 2018-12-26T04:20:13.928345700Z
|
|---|
| 455 | 45d8.2e30: FileAttributes: 0x20
|
|---|
| 456 | 45d8.2e30: Size: 0x88f30
|
|---|
| 457 | 45d8.2e30: NT Headers: 0xe0
|
|---|
| 458 | 45d8.2e30: Timestamp: 0x5b843d50
|
|---|
| 459 | 45d8.2e30: Machine: 0x8664 - amd64
|
|---|
| 460 | 45d8.2e30: Timestamp: 0x5b843d50
|
|---|
| 461 | 45d8.2e30: Image Version: 0.0
|
|---|
| 462 | 45d8.2e30: SizeOfImage: 0x8c000 (573440)
|
|---|
| 463 | 45d8.2e30: Resource Dir: 0x8a000 LB 0x3e0
|
|---|
| 464 | 45d8.2e30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 465 | 45d8.2e30: [Raw version resource data: 0x8a060 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 466 | 45d8.2e30: ProductName: Anti-Malware Core
|
|---|
| 467 | 45d8.2e30: ProductVersion: 18.9.0
|
|---|
| 468 | 45d8.2e30: FileVersion: Anti-Malware Core.18.9.0.284.x64
|
|---|
| 469 | 45d8.2e30: PrivateBuild: Anti-Malware Core.18.9.0.284.x64
|
|---|
| 470 | 45d8.2e30: FileDescription: Event Driver
|
|---|
| 471 | 45d8.2e30: \SystemRoot\System32\drivers\mfewfpk.sys:
|
|---|
| 472 | 45d8.2e30: CreationTime: 2018-01-31T17:06:48.000000000Z
|
|---|
| 473 | 45d8.2e30: LastWriteTime: 2018-10-04T08:27:26.000000000Z
|
|---|
| 474 | 45d8.2e30: ChangeTime: 2018-12-26T04:18:31.226499400Z
|
|---|
| 475 | 45d8.2e30: FileAttributes: 0x20
|
|---|
| 476 | 45d8.2e30: Size: 0x3df40
|
|---|
| 477 | 45d8.2e30: NT Headers: 0xf0
|
|---|
| 478 | 45d8.2e30: Timestamp: 0x5b7ceab5
|
|---|
| 479 | 45d8.2e30: Machine: 0x8664 - amd64
|
|---|
| 480 | 45d8.2e30: Timestamp: 0x5b7ceab5
|
|---|
| 481 | 45d8.2e30: Image Version: 0.0
|
|---|
| 482 | 45d8.2e30: SizeOfImage: 0x59000 (364544)
|
|---|
| 483 | 45d8.2e30: Resource Dir: 0x57000 LB 0x380
|
|---|
| 484 | 45d8.2e30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 485 | 45d8.2e30: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
|
|---|
| 486 | 45d8.2e30: ProductName: SYSCORE
|
|---|
| 487 | 45d8.2e30: ProductVersion: 18.9.0.174
|
|---|
| 488 | 45d8.2e30: FileVersion: SYSCORE.18.9.0.174
|
|---|
| 489 | 45d8.2e30: PrivateBuild: SYSCORE.18.9.0.174 F17,F18
|
|---|
| 490 | 45d8.2e30: FileDescription: Anti-Virus Mini-Firewall Driver
|
|---|
| 491 | 45d8.2e30: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 492 | 45d8.2e30: Calling main()
|
|---|
| 493 | 45d8.2e30: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
|
|---|
| 494 | 45d8.2e30: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 495 | 45d8.2e30: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 496 | 45d8.2e30: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 497 | 45d8.2e30: SUPR3HardenedMain: Respawn #2
|
|---|
| 498 | 45d8.2e30: supR3HardNtEnableThreadCreation:
|
|---|
| 499 | 45d8.2e30: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
|
|---|
| 500 | 45d8.2e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
|
|---|
| 501 | 45d8.2e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 502 | 45d8.2e30: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 503 | 45d8.2e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23e90000 'C:\Windows\System32\ntdll.dll'
|
|---|
| 504 | 45d8.2e30: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb23f04f90 pvNtTerminateThread=00007ffb23f2b3f0
|
|---|
| 505 | 45d8.2e30: supR3HardenedWinDoReSpawn(2): New child 4564.534 [kernel32].
|
|---|
| 506 | 45d8.2e30: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
|
|---|
| 507 | 45d8.2e30: supR3HardNtChildGatherData: PebBaseAddress=0000000000a46000 cbPeb=0x388
|
|---|
| 508 | 45d8.2e30: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb23e90000 uNtDllChildAddr=00007ffb23e90000
|
|---|
| 509 | 45d8.2e30: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb23f04f90
|
|---|
| 510 | 45d8.2e30: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 511 | 45d8.2e30: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 512 | 45d8.2e30: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 59 sleeps
|
|---|
| 513 | 45d8.2e30: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 514 | 45d8.2e30: *0000000000000000-00000000008affff 0x0001/0x0000 0x0000000
|
|---|
| 515 | 45d8.2e30: *00000000008b0000-00000000008cffff 0x0004/0x0004 0x0020000
|
|---|
| 516 | 45d8.2e30: *00000000008d0000-00000000008e8fff 0x0002/0x0002 0x0040000
|
|---|
| 517 | 45d8.2e30: 00000000008e9000-00000000008effff 0x0001/0x0000 0x0000000
|
|---|
| 518 | 45d8.2e30: *00000000008f0000-00000000009eafff 0x0000/0x0004 0x0020000
|
|---|
| 519 | 45d8.2e30: 00000000009eb000-00000000009edfff 0x0104/0x0004 0x0020000
|
|---|
| 520 | 45d8.2e30: 00000000009ee000-00000000009effff 0x0004/0x0004 0x0020000
|
|---|
| 521 | 45d8.2e30: *00000000009f0000-00000000009f3fff 0x0002/0x0002 0x0040000
|
|---|
| 522 | 45d8.2e30: 00000000009f4000-00000000009fffff 0x0001/0x0000 0x0000000
|
|---|
| 523 | 45d8.2e30: *0000000000a00000-0000000000a45fff 0x0000/0x0004 0x0020000
|
|---|
| 524 | 45d8.2e30: 0000000000a46000-0000000000a48fff 0x0004/0x0004 0x0020000
|
|---|
| 525 | 45d8.2e30: 0000000000a49000-0000000000bfffff 0x0000/0x0004 0x0020000
|
|---|
| 526 | 45d8.2e30: *0000000000c00000-0000000000c00fff 0x0004/0x0004 0x0020000
|
|---|
| 527 | 45d8.2e30: 0000000000c01000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 528 | 45d8.2e30: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 529 | 45d8.2e30: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
|
|---|
| 530 | 45d8.2e30: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
|
|---|
| 531 | 45d8.2e30: 000000007ffe6000-00007ff5f14fffff 0x0001/0x0000 0x0000000
|
|---|
| 532 | 45d8.2e30: *00007ff5f1500000-00007ff5f1522fff 0x0002/0x0002 0x0040000
|
|---|
| 533 | 45d8.2e30: 00007ff5f1523000-00007ff69b42ffff 0x0001/0x0000 0x0000000
|
|---|
| 534 | 45d8.2e30: *00007ff69b430000-00007ff69b430fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 535 | 45d8.2e30: 00007ff69b431000-00007ff69b4a3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 536 | 45d8.2e30: 00007ff69b4a4000-00007ff69b4a4fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 537 | 45d8.2e30: 00007ff69b4a5000-00007ff69b4ebfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 538 | 45d8.2e30: 00007ff69b4ec000-00007ff69b4ecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 539 | 45d8.2e30: 00007ff69b4ed000-00007ff69b4edfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 540 | 45d8.2e30: 00007ff69b4ee000-00007ff69b4f2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 541 | 45d8.2e30: 00007ff69b4f3000-00007ff69b4f3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 542 | 45d8.2e30: 00007ff69b4f4000-00007ff69b4f4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 543 | 45d8.2e30: 00007ff69b4f5000-00007ff69b4f8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 544 | 45d8.2e30: 00007ff69b4f9000-00007ff69b541fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 545 | 45d8.2e30: 00007ff69b542000-00007ffb23e8ffff 0x0001/0x0000 0x0000000
|
|---|
| 546 | 45d8.2e30: *00007ffb23e90000-00007ffb23e90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 547 | 45d8.2e30: 00007ffb23e91000-00007ffb23f9ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 548 | 45d8.2e30: 00007ffb23fa0000-00007ffb23fe5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 549 | 45d8.2e30: 00007ffb23fe6000-00007ffb23ff0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 550 | 45d8.2e30: 00007ffb23ff1000-00007ffb23ffefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 551 | 45d8.2e30: 00007ffb23fff000-00007ffb23ffffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 552 | 45d8.2e30: 00007ffb24000000-00007ffb24002fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 553 | 45d8.2e30: 00007ffb24003000-00007ffb24070fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 554 | 45d8.2e30: 00007ffb24071000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 555 | 45d8.2e30: VirtualBoxVM.exe: timestamp 0x5c18e1cd (rc=VINF_SUCCESS)
|
|---|
| 556 | 45d8.2e30: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 557 | 45d8.2e30: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
|
|---|
| 558 | 45d8.2e30: supR3HardNtChildPurify: Done after 576 ms and 0 fixes (loop #0).
|
|---|
| 559 | 4564.534: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
|
|---|
| 560 | 4564.534: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb23e90000 g_uNtVerCombined=0xa042ee00
|
|---|
| 561 | 45d8.2e30: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000510000 LB 0x400000)
|
|---|
| 562 | 45d8.2e30: supR3HardNtEnableThreadCreation:
|
|---|
| 563 | 4564.534: ntdll.dll: timestamp 0x7e614c22 (rc=VINF_SUCCESS)
|
|---|
| 564 | 4564.534: New simple heap: #1 0000000000d10000 LB 0x400000 (for 1970176 allocation)
|
|---|
| 565 | 4564.534: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 566 | 4564.534: System32: \Device\HarddiskVolume3\Windows\System32
|
|---|
| 567 | 4564.534: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
|
|---|
| 568 | 4564.534: KnownDllPath: C:\Windows\System32
|
|---|
| 569 | 4564.534: supR3HardenedVmProcessInit: Opening vboxdrv...
|
|---|
| 570 | 4564.534: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
|
|---|
| 571 | 4564.534: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
|
|---|
| 572 | 4564.534: Registered Dll notification callback with NTDLL.
|
|---|
| 573 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
|
|---|
| 574 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 575 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 576 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb20570000 LB 0x00273000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
|
|---|
| 577 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
|
|---|
| 578 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
|
|---|
| 579 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23da0000 LB 0x000b2000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
|
|---|
| 580 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 581 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23da0000 'C:\Windows\System32\KERNEL32.DLL'
|
|---|
| 582 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ff69b430000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
|
|---|
| 583 | 4564.534: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 584 | 4564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 585 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 586 | 4564.534: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb23f04f90 pvNtTerminateThread=00007ffb23f2b3f0
|
|---|
| 587 | 45d8.2e30: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 98 ms.
|
|---|
| 588 | 4564.534: \SystemRoot\System32\ntdll.dll:
|
|---|
| 589 | 4564.534: CreationTime: 2018-12-12T16:22:11.967963000Z
|
|---|
| 590 | 4564.534: LastWriteTime: 2018-12-08T08:04:53.786979100Z
|
|---|
| 591 | 4564.534: ChangeTime: 2018-12-20T17:28:16.091009200Z
|
|---|
| 592 | 4564.534: FileAttributes: 0x20
|
|---|
| 593 | 4564.534: Size: 0x1da720
|
|---|
| 594 | 4564.534: NT Headers: 0xe8
|
|---|
| 595 | 4564.534: Timestamp: 0x7e614c22
|
|---|
| 596 | 4564.534: Machine: 0x8664 - amd64
|
|---|
| 597 | 4564.534: Timestamp: 0x7e614c22
|
|---|
| 598 | 4564.534: Image Version: 10.0
|
|---|
| 599 | 4564.534: SizeOfImage: 0x1e1000 (1970176)
|
|---|
| 600 | 4564.534: Resource Dir: 0x174000 LB 0x6b3e8
|
|---|
| 601 | 4564.534: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 602 | 4564.534: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 603 | 4564.534: ProductName: Microsoft® Windows® Operating System
|
|---|
| 604 | 4564.534: ProductVersion: 10.0.17134.471
|
|---|
| 605 | 4564.534: FileVersion: 10.0.17134.471 (WinBuild.160101.0800)
|
|---|
| 606 | 4564.534: FileDescription: NT Layer DLL
|
|---|
| 607 | 4564.534: \SystemRoot\System32\kernel32.dll:
|
|---|
| 608 | 4564.534: CreationTime: 2018-04-11T23:34:40.510607900Z
|
|---|
| 609 | 4564.534: LastWriteTime: 2018-04-11T23:34:40.510607900Z
|
|---|
| 610 | 4564.534: ChangeTime: 2018-08-02T10:52:14.292003200Z
|
|---|
| 611 | 4564.534: FileAttributes: 0x20
|
|---|
| 612 | 4564.534: Size: 0xafef8
|
|---|
| 613 | 4564.534: NT Headers: 0xe8
|
|---|
| 614 | 4564.534: Timestamp: 0x5f488a51
|
|---|
| 615 | 4564.534: Machine: 0x8664 - amd64
|
|---|
| 616 | 4564.534: Timestamp: 0x5f488a51
|
|---|
| 617 | 4564.534: Image Version: 10.0
|
|---|
| 618 | 4564.534: SizeOfImage: 0xb2000 (729088)
|
|---|
| 619 | 4564.534: Resource Dir: 0xb0000 LB 0x520
|
|---|
| 620 | 4564.534: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 621 | 4564.534: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 622 | 4564.534: ProductName: Microsoft® Windows® Operating System
|
|---|
| 623 | 4564.534: ProductVersion: 10.0.17134.1
|
|---|
| 624 | 4564.534: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
|
|---|
| 625 | 4564.534: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 626 | 4564.534: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 627 | 4564.534: CreationTime: 2018-11-27T20:43:23.300474400Z
|
|---|
| 628 | 4564.534: LastWriteTime: 2018-11-09T02:47:52.285920600Z
|
|---|
| 629 | 4564.534: ChangeTime: 2018-12-20T17:28:16.089057400Z
|
|---|
| 630 | 4564.534: FileAttributes: 0x20
|
|---|
| 631 | 4564.534: Size: 0x273b78
|
|---|
| 632 | 4564.534: NT Headers: 0xf0
|
|---|
| 633 | 4564.534: Timestamp: 0x428de48c
|
|---|
| 634 | 4564.534: Machine: 0x8664 - amd64
|
|---|
| 635 | 4564.534: Timestamp: 0x428de48c
|
|---|
| 636 | 4564.534: Image Version: 10.0
|
|---|
| 637 | 4564.534: SizeOfImage: 0x273000 (2568192)
|
|---|
| 638 | 4564.534: Resource Dir: 0x251000 LB 0x548
|
|---|
| 639 | 4564.534: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 640 | 4564.534: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 641 | 4564.534: ProductName: Microsoft® Windows® Operating System
|
|---|
| 642 | 4564.534: ProductVersion: 10.0.17134.441
|
|---|
| 643 | 4564.534: FileVersion: 10.0.17134.441 (WinBuild.160101.0800)
|
|---|
| 644 | 4564.534: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 645 | 4564.534: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 646 | 4564.534: CreationTime: 2018-04-11T23:34:44.042150700Z
|
|---|
| 647 | 4564.534: LastWriteTime: 2018-04-11T23:34:44.042150700Z
|
|---|
| 648 | 4564.534: ChangeTime: 2018-08-02T11:35:09.677325500Z
|
|---|
| 649 | 4564.534: FileAttributes: 0x20
|
|---|
| 650 | 4564.534: Size: 0x1bd98
|
|---|
| 651 | 4564.534: NT Headers: 0xd0
|
|---|
| 652 | 4564.534: Timestamp: 0xd02ff418
|
|---|
| 653 | 4564.534: Machine: 0x8664 - amd64
|
|---|
| 654 | 4564.534: Timestamp: 0xd02ff418
|
|---|
| 655 | 4564.534: Image Version: 10.0
|
|---|
| 656 | 4564.534: SizeOfImage: 0x1c000 (114688)
|
|---|
| 657 | 4564.534: Resource Dir: 0x1b000 LB 0x408
|
|---|
| 658 | 4564.534: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 659 | 4564.534: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 660 | 4564.534: ProductName: Microsoft® Windows® Operating System
|
|---|
| 661 | 4564.534: ProductVersion: 10.0.17134.1
|
|---|
| 662 | 4564.534: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
|
|---|
| 663 | 4564.534: FileDescription: ApiSet Schema DLL
|
|---|
| 664 | 4564.534: NtOpenDirectoryObject failed on \Driver: 0xc0000022
|
|---|
| 665 | 4564.534: supR3HardenedWinFindAdversaries: 0x20
|
|---|
| 666 | 4564.534: \SystemRoot\System32\drivers\cfwids.sys:
|
|---|
| 667 | 4564.534: CreationTime: 2018-01-31T17:06:48.000000000Z
|
|---|
| 668 | 4564.534: LastWriteTime: 2018-10-04T08:27:26.000000000Z
|
|---|
| 669 | 4564.534: ChangeTime: 2018-12-26T04:19:44.333339400Z
|
|---|
| 670 | 4564.534: FileAttributes: 0x20
|
|---|
| 671 | 4564.534: Size: 0x12d40
|
|---|
| 672 | 4564.534: NT Headers: 0xf0
|
|---|
| 673 | 4564.534: Timestamp: 0x5b7cebbe
|
|---|
| 674 | 4564.534: Machine: 0x8664 - amd64
|
|---|
| 675 | 4564.534: Timestamp: 0x5b7cebbe
|
|---|
| 676 | 4564.534: Image Version: 0.0
|
|---|
| 677 | 4564.534: SizeOfImage: 0x14000 (81920)
|
|---|
| 678 | 4564.534: Resource Dir: 0x12000 LB 0x550
|
|---|
| 679 | 4564.534: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 680 | 4564.534: [Raw version resource data: 0x120a0 LB 0x318, codepage 0x0 (reserved 0x0)]
|
|---|
| 681 | 4564.534: ProductName: SYSCORE
|
|---|
| 682 | 4564.534: ProductVersion: 18.9.0.174
|
|---|
| 683 | 4564.534: FileVersion: SYSCORE.18.9.0.174
|
|---|
| 684 | 4564.534: PrivateBuild: SYSCORE.18.9.0.174
|
|---|
| 685 | 4564.534: FileDescription: McAfee Personal Firewall IDS Plugin
|
|---|
| 686 | 4564.534: \SystemRoot\System32\drivers\mfeavfk.sys:
|
|---|
| 687 | 4564.534: CreationTime: 2018-01-31T17:06:48.000000000Z
|
|---|
| 688 | 4564.534: LastWriteTime: 2018-10-04T08:27:26.000000000Z
|
|---|
| 689 | 4564.534: ChangeTime: 2018-12-26T04:19:44.054118000Z
|
|---|
| 690 | 4564.534: FileAttributes: 0x20
|
|---|
| 691 | 4564.534: Size: 0x5ab40
|
|---|
| 692 | 4564.534: NT Headers: 0xe8
|
|---|
| 693 | 4564.534: Timestamp: 0x5b7ceb01
|
|---|
| 694 | 4564.534: Machine: 0x8664 - amd64
|
|---|
| 695 | 4564.534: Timestamp: 0x5b7ceb01
|
|---|
| 696 | 4564.534: Image Version: 0.0
|
|---|
| 697 | 4564.534: SizeOfImage: 0x5b000 (372736)
|
|---|
| 698 | 4564.534: Resource Dir: 0x59000 LB 0x758
|
|---|
| 699 | 4564.534: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 700 | 4564.534: [Raw version resource data: 0x59110 LB 0x334, codepage 0x0 (reserved 0x0)]
|
|---|
| 701 | 4564.534: ProductName: SYSCORE
|
|---|
| 702 | 4564.534: ProductVersion: 18.9.0.174
|
|---|
| 703 | 4564.534: FileVersion: SYSCORE.18.9.0.174
|
|---|
| 704 | 4564.534: PrivateBuild: SYSCORE.18.9.0.174 F15,F16,F19
|
|---|
| 705 | 4564.534: FileDescription: Anti-Virus File System Filter Driver
|
|---|
| 706 | 4564.534: \SystemRoot\System32\drivers\mfefirek.sys:
|
|---|
| 707 | 4564.534: CreationTime: 2018-01-31T17:06:48.000000000Z
|
|---|
| 708 | 4564.534: LastWriteTime: 2018-10-04T08:27:26.000000000Z
|
|---|
| 709 | 4564.534: ChangeTime: 2018-12-26T04:19:43.925830500Z
|
|---|
| 710 | 4564.534: FileAttributes: 0x20
|
|---|
| 711 | 4564.534: Size: 0x7dd40
|
|---|
| 712 | 4564.534: NT Headers: 0xf0
|
|---|
| 713 | 4564.534: Timestamp: 0x5b7ceb8a
|
|---|
| 714 | 4564.534: Machine: 0x8664 - amd64
|
|---|
| 715 | 4564.534: Timestamp: 0x5b7ceb8a
|
|---|
| 716 | 4564.534: Image Version: 0.0
|
|---|
| 717 | 4564.534: SizeOfImage: 0x7f000 (520192)
|
|---|
| 718 | 4564.534: Resource Dir: 0x7b000 LB 0x388
|
|---|
| 719 | 4564.534: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 720 | 4564.534: [Raw version resource data: 0x7b060 LB 0x328, codepage 0x0 (reserved 0x0)]
|
|---|
| 721 | 4564.534: ProductName: SYSCORE
|
|---|
| 722 | 4564.534: ProductVersion: 18.9.0.174
|
|---|
| 723 | 4564.534: FileVersion: SYSCORE.18.9.0.174
|
|---|
| 724 | 4564.534: PrivateBuild: SYSCORE.18.9.0.174 F17,F18
|
|---|
| 725 | 4564.534: FileDescription: McAfee Core Firewall Engine Driver
|
|---|
| 726 | 4564.534: \SystemRoot\System32\drivers\mfehidk.sys:
|
|---|
| 727 | 4564.534: CreationTime: 2018-01-31T17:06:48.000000000Z
|
|---|
| 728 | 4564.534: LastWriteTime: 2018-10-04T08:27:26.000000000Z
|
|---|
| 729 | 4564.534: ChangeTime: 2018-12-26T04:19:39.056247500Z
|
|---|
| 730 | 4564.534: FileAttributes: 0x20
|
|---|
| 731 | 4564.534: Size: 0xee140
|
|---|
| 732 | 4564.534: NT Headers: 0x108
|
|---|
| 733 | 4564.534: Timestamp: 0x5b7cea9c
|
|---|
| 734 | 4564.534: Machine: 0x8664 - amd64
|
|---|
| 735 | 4564.534: Timestamp: 0x5b7cea9c
|
|---|
| 736 | 4564.534: Image Version: 0.0
|
|---|
| 737 | 4564.534: SizeOfImage: 0xf7000 (1011712)
|
|---|
| 738 | 4564.534: Resource Dir: 0xf3000 LB 0x758
|
|---|
| 739 | 4564.534: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 740 | 4564.534: [Raw version resource data: 0xf3110 LB 0x320, codepage 0x0 (reserved 0x0)]
|
|---|
| 741 | 4564.534: ProductName: SYSCORE
|
|---|
| 742 | 4564.534: ProductVersion: 18.9.0.174
|
|---|
| 743 | 4564.534: FileVersion: SYSCORE.18.9.0.174
|
|---|
| 744 | 4564.534: PrivateBuild: SYSCORE.18.9.0.174 F14,F15,F16,F18,F20
|
|---|
| 745 | 4564.534: FileDescription: McAfee Link Driver
|
|---|
| 746 | 4564.534: \SystemRoot\System32\drivers\mfencbdc.sys:
|
|---|
| 747 | 4564.534: CreationTime: 2017-11-21T07:48:58.000000000Z
|
|---|
| 748 | 4564.534: LastWriteTime: 2018-10-02T17:09:34.000000000Z
|
|---|
| 749 | 4564.534: ChangeTime: 2018-12-26T04:20:13.928345700Z
|
|---|
| 750 | 4564.534: FileAttributes: 0x20
|
|---|
| 751 | 4564.534: Size: 0x88f30
|
|---|
| 752 | 4564.534: NT Headers: 0xe0
|
|---|
| 753 | 4564.534: Timestamp: 0x5b843d50
|
|---|
| 754 | 4564.534: Machine: 0x8664 - amd64
|
|---|
| 755 | 4564.534: Timestamp: 0x5b843d50
|
|---|
| 756 | 4564.534: Image Version: 0.0
|
|---|
| 757 | 4564.534: SizeOfImage: 0x8c000 (573440)
|
|---|
| 758 | 4564.534: Resource Dir: 0x8a000 LB 0x3e0
|
|---|
| 759 | 4564.534: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 760 | 4564.534: [Raw version resource data: 0x8a060 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 761 | 4564.534: ProductName: Anti-Malware Core
|
|---|
| 762 | 4564.534: ProductVersion: 18.9.0
|
|---|
| 763 | 4564.534: FileVersion: Anti-Malware Core.18.9.0.284.x64
|
|---|
| 764 | 4564.534: PrivateBuild: Anti-Malware Core.18.9.0.284.x64
|
|---|
| 765 | 4564.534: FileDescription: Event Driver
|
|---|
| 766 | 4564.534: \SystemRoot\System32\drivers\mfewfpk.sys:
|
|---|
| 767 | 4564.534: CreationTime: 2018-01-31T17:06:48.000000000Z
|
|---|
| 768 | 4564.534: LastWriteTime: 2018-10-04T08:27:26.000000000Z
|
|---|
| 769 | 4564.534: ChangeTime: 2018-12-26T04:18:31.226499400Z
|
|---|
| 770 | 4564.534: FileAttributes: 0x20
|
|---|
| 771 | 4564.534: Size: 0x3df40
|
|---|
| 772 | 4564.534: NT Headers: 0xf0
|
|---|
| 773 | 4564.534: Timestamp: 0x5b7ceab5
|
|---|
| 774 | 4564.534: Machine: 0x8664 - amd64
|
|---|
| 775 | 4564.534: Timestamp: 0x5b7ceab5
|
|---|
| 776 | 4564.534: Image Version: 0.0
|
|---|
| 777 | 4564.534: SizeOfImage: 0x59000 (364544)
|
|---|
| 778 | 4564.534: Resource Dir: 0x57000 LB 0x380
|
|---|
| 779 | 4564.534: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 780 | 4564.534: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
|
|---|
| 781 | 4564.534: ProductName: SYSCORE
|
|---|
| 782 | 4564.534: ProductVersion: 18.9.0.174
|
|---|
| 783 | 4564.534: FileVersion: SYSCORE.18.9.0.174
|
|---|
| 784 | 4564.534: PrivateBuild: SYSCORE.18.9.0.174 F17,F18
|
|---|
| 785 | 4564.534: FileDescription: Anti-Virus Mini-Firewall Driver
|
|---|
| 786 | 4564.534: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 787 | 4564.534: Calling main()
|
|---|
| 788 | 4564.534: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
|
|---|
| 789 | 4564.534: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 790 | 4564.534: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 791 | 4564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 792 | 4564.534: SUPR3HardenedMain: Final process, opening VBoxDrv...
|
|---|
| 793 | 4564.534: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000d10000 LB 0x400000)
|
|---|
| 794 | 4564.534: supR3HardNtEnableThreadCreation:
|
|---|
| 795 | 4564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
|
|---|
| 796 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
|
|---|
| 797 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 798 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 799 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb18610000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
|
|---|
| 800 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 801 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 802 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 803 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb18610000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 804 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 805 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 806 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb18610000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 807 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb18610000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 808 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 809 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
|
|---|
| 810 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
|
|---|
| 811 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
|
|---|
| 812 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
|
|---|
| 813 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
|
|---|
| 814 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 815 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 816 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
|
|---|
| 817 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 818 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
|
|---|
| 819 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 820 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
|
|---|
| 821 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
|
|---|
| 822 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
|
|---|
| 823 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
|
|---|
| 824 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
|
|---|
| 825 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
|
|---|
| 826 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
|
|---|
| 827 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 828 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 829 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
|
|---|
| 830 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 831 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
|
|---|
| 832 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
|
|---|
| 833 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
|
|---|
| 834 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 835 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23890000 LB 0x0009e000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
|
|---|
| 836 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 837 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb201a0000 LB 0x00012000 C:\Windows\System32\MSASN1.dll [fFlags=0x0]
|
|---|
| 838 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
|
|---|
| 839 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb21220000 LB 0x000fa000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
|
|---|
| 840 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
|
|---|
| 841 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
|
|---|
| 842 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb20310000 LB 0x001e2000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
|
|---|
| 843 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 844 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23090000 LB 0x00124000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
|
|---|
| 845 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 846 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23430000 LB 0x0005b000 C:\Windows\System32\sechost.dll [fFlags=0x0]
|
|---|
| 847 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
|
|---|
| 848 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
|
|---|
| 849 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
|
|---|
| 850 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23960000 LB 0x000a1000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
|
|---|
| 851 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 852 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
|
|---|
| 853 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
|
|---|
| 854 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
|
|---|
| 855 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 856 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb21020000 LB 0x00057000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
|
|---|
| 857 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 858 | 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 859 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 860 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 861 | 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 862 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 863 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 864 | 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 865 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 866 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 867 | 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 868 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 869 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 870 | 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
|
|---|
| 871 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 872 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-localization-l1-2-1'
|
|---|
| 873 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21020000 'C:\Windows\system32\Wintrust.dll'
|
|---|
| 874 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
|
|---|
| 875 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
|
|---|
| 876 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 877 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 878 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 879 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
|
|---|
| 880 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
|
|---|
| 881 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
|
|---|
| 882 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 883 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 884 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 885 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 886 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 887 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 888 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 889 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 890 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1fd00000 LB 0x00025000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
|
|---|
| 891 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 892 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1fd00000 'C:\Windows\system32\bcrypt.dll'
|
|---|
| 893 | 4564.534: bcrypt.dll loaded at 00007ffb1fd00000, BCryptOpenAlgorithmProvider at 00007ffb1fd02770, preloading providers:
|
|---|
| 894 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
|
|---|
| 895 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
|
|---|
| 896 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 897 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb20fa0000 LB 0x0007a000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0]
|
|---|
| 898 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
|
|---|
| 899 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20fa0000 'C:\Windows\system32\bcryptprimitives.dll'
|
|---|
| 900 | 4564.534: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000001125120)
|
|---|
| 901 | 4564.534: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000112c620)
|
|---|
| 902 | 4564.534: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000112f9a0)
|
|---|
| 903 | 4564.534: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000112fc70)
|
|---|
| 904 | 4564.534: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000112ff40)
|
|---|
| 905 | 4564.534: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001130210)
|
|---|
| 906 | 4564.534: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000011304e0)
|
|---|
| 907 | 4564.534: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000011307b0)
|
|---|
| 908 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
|
|---|
| 909 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
|
|---|
| 910 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1fbd0000 LB 0x00017000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
|
|---|
| 911 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
|
|---|
| 912 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
|
|---|
| 913 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
|
|---|
| 914 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
|
|---|
| 915 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 916 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 917 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 918 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 919 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 920 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1f5d0000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
|
|---|
| 921 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 922 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 923 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
|
|---|
| 924 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
|
|---|
| 925 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
|
|---|
| 926 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1fbf0000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
|
|---|
| 927 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
|
|---|
| 928 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 929 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
|
|---|
| 930 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
|
|---|
| 931 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
|
|---|
| 932 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 933 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23da0000 'C:\Windows\System32\kernel32.dll'
|
|---|
| 934 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 935 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 936 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21020000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 937 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 938 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 939 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\CRYPT32.dll'
|
|---|
| 940 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23930000 LB 0x0001d000 C:\Windows\System32\imagehlp.dll [fFlags=0x0]
|
|---|
| 941 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
|
|---|
| 942 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
|
|---|
| 943 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 944 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 945 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 946 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 947 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
|
|---|
| 948 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
|
|---|
| 949 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
|
|---|
| 950 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1eea0000 LB 0x00022000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
|
|---|
| 951 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
|
|---|
| 952 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb20220000 LB 0x0001f000 C:\Windows\System32\profapi.dll [fFlags=0x0]
|
|---|
| 953 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
|
|---|
| 954 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
|
|---|
| 955 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 956 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
|
|---|
| 957 | 4564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
|
|---|
| 958 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
|
|---|
| 959 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
|
|---|
| 960 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 961 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 962 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 963 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 964 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 965 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 966 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 967 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 968 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 969 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 970 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 971 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 972 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 973 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb0e570000 LB 0x0002e000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
|
|---|
| 974 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 975 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 976 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 977 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 978 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 979 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 980 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 981 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 982 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 983 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 984 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 985 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 986 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 987 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 988 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 989 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 990 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 991 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 992 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 993 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 994 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 995 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 996 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 997 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 998 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 999 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1000 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1001 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1002 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1003 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1004 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1005 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1006 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1007 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1008 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1009 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 1010 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1011 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1012 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
|
|---|
| 1013 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001153800
|
|---|
| 1014 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 1015 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D718C6590C8EC69621641D918F7E93AE14B7CE0C
|
|---|
| 1016 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 1017 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1018 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23090000 'C:\Windows\System32\rpcrt4.dll'
|
|---|
| 1019 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1020 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1021 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1022 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 1023 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1024 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1025 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1759_for_KB4483234~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\SystemRoot\System32\ntdll.dll'
|
|---|
| 1026 | 4564.534: g_pfnWinVerifyTrust=00007ffb21029940
|
|---|
| 1027 | 4564.534: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
|
|---|
| 1028 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1029 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1030 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1031 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 1032 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1033 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1034 | 4564.534: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
|
|---|
| 1035 | 4564.534: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
|
|---|
| 1036 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1037 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1038 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1039 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
|
|---|
| 1040 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1041 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1042 | 4564.534: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
|
|---|
| 1043 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
|
|---|
| 1044 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 1045 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 1046 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2EB3B5899525BF398A932A3B6257F3B13169332E
|
|---|
| 1047 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1048 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1049 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1050 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1051 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
|
|---|
| 1052 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1053 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
|
|---|
| 1054 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1055 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1056 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1057 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
|
|---|
| 1058 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1059 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1060 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1061 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
|
|---|
| 1062 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1063 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1064 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1065 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
|
|---|
| 1066 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1067 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1068 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1069 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
|
|---|
| 1070 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1071 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1072 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1073 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
|
|---|
| 1074 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1075 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1076 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
|
|---|
| 1077 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1078 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
|
|---|
| 1079 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1080 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1081 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
|
|---|
| 1082 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
|
|---|
| 1083 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1084 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1085 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1086 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
|
|---|
| 1087 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1088 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1089 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
|
|---|
| 1090 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1091 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1092 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
|
|---|
| 1093 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1094 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1095 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
|
|---|
| 1096 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1097 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1098 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
|
|---|
| 1099 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1100 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1101 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
|
|---|
| 1102 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1103 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1104 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
|
|---|
| 1105 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1106 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
|
|---|
| 1107 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1108 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
|
|---|
| 1109 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1110 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1111 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
|
|---|
| 1112 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1113 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1114 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
|
|---|
| 1115 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\system32\crypt32.dll'
|
|---|
| 1116 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
|
|---|
| 1117 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
|
|---|
| 1118 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
|
|---|
| 1119 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
|
|---|
| 1120 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
|
|---|
| 1121 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
|
|---|
| 1122 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
|
|---|
| 1123 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
|
|---|
| 1124 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
|
|---|
| 1125 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
|
|---|
| 1126 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
|
|---|
| 1127 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
|
|---|
| 1128 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
|
|---|
| 1129 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
|
|---|
| 1130 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
|
|---|
| 1131 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
|
|---|
| 1132 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
|
|---|
| 1133 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
|
|---|
| 1134 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
|
|---|
| 1135 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
|
|---|
| 1136 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
|
|---|
| 1137 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
|
|---|
| 1138 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
|
|---|
| 1139 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
|
|---|
| 1140 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
|
|---|
| 1141 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
|
|---|
| 1142 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
|
|---|
| 1143 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
|
|---|
| 1144 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
|
|---|
| 1145 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
|
|---|
| 1146 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
|
|---|
| 1147 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
|
|---|
| 1148 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
|
|---|
| 1149 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
|
|---|
| 1150 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
|
|---|
| 1151 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
|
|---|
| 1152 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
|
|---|
| 1153 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
|
|---|
| 1154 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
|
|---|
| 1155 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
|
|---|
| 1156 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
|
|---|
| 1157 | 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
|
|---|
| 1158 | 4564.534: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=42
|
|---|
| 1159 | 4564.534: SUPR3HardenedMain: Load Runtime...
|
|---|
| 1160 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1161 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 1162 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 1163 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 1164 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 1165 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
|
|---|
| 1166 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1167 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 1168 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1169 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1170 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1171 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
|
|---|
| 1172 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
|
|---|
| 1173 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 1174 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1175 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1176 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 1177 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1178 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1179 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1180 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1181 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 1182 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1183 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 1184 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
|
|---|
| 1185 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1186 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1187 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1188 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1189 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1190 | 4564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1191 | 4564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
|
|---|
| 1192 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1193 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1194 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
|
|---|
| 1195 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
|
|---|
| 1196 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1197 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
|
|---|
| 1198 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1199 | 4564.534: supR3HardenedDllNotificationCallback: load 0000000074eb0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
|
|---|
| 1200 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
|
|---|
| 1201 | 4564.534: supR3HardenedDllNotificationCallback: load 00000000748a0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
|
|---|
| 1202 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1203 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23330000 LB 0x0006c000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
|
|---|
| 1204 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 1205 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffae4b10000 LB 0x0052a000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
|
|---|
| 1206 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1207 | 4564.534: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1208 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1209 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1210 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1211 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1212 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1213 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1214 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1215 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1216 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1217 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1218 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1219 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1220 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1221 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1222 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1223 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1224 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1225 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1226 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1227 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1228 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1229 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1230 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1231 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1232 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1233 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1234 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1235 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1236 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1237 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1238 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1239 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1240 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1241 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1242 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1243 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1244 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1245 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1246 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1247 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1248 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1249 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1250 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1251 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1252 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1253 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1254 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1255 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1256 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1257 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1258 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
|
|---|
| 1259 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1260 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21020000 'C:\Windows\system32\Wintrust.dll'
|
|---|
| 1261 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1262 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1263 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
|
|---|
| 1264 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1265 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1266 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1267 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\system32\crypt32.dll'
|
|---|
| 1268 | 4564.534: SUPR3HardenedMain: Load TrustedMain...
|
|---|
| 1269 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1270 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
|
|---|
| 1271 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
|
|---|
| 1272 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 1273 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
|
|---|
| 1274 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
|
|---|
| 1275 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
|
|---|
| 1276 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
|
|---|
| 1277 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
|
|---|
| 1278 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
|
|---|
| 1279 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
|
|---|
| 1280 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
|
|---|
| 1281 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
|
|---|
| 1282 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
|
|---|
| 1283 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
|
|---|
| 1284 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
|
|---|
| 1285 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 1286 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1287 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1288 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1289 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
|
|---|
| 1290 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
|
|---|
| 1291 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
|
|---|
| 1292 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 1293 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1294 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1295 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1296 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1297 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 1298 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
|
|---|
| 1299 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1300 | 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 1301 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1302 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
|
|---|
| 1303 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
|
|---|
| 1304 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1305 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1306 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 1307 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1308 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
|
|---|
| 1309 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1310 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1311 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 1312 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
|
|---|
| 1313 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
|
|---|
| 1314 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
|
|---|
| 1315 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 1316 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1317 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1318 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1319 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1320 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 1321 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1322 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1323 | 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 1324 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 1325 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
|
|---|
| 1326 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
|
|---|
| 1327 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 1328 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 1329 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1330 | 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 1331 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
|
|---|
| 1332 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
|
|---|
| 1333 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
|
|---|
| 1334 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1335 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
|
|---|
| 1336 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1337 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1338 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1339 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1340 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
|
|---|
| 1341 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'gdi32.dll'.
|
|---|
| 1342 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'user32.dll'.
|
|---|
| 1343 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
|
|---|
| 1344 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
|
|---|
| 1345 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1346 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1347 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1348 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1349 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1350 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
|
|---|
| 1351 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1352 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1353 | 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 1354 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
|
|---|
| 1355 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
|
|---|
| 1356 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
|
|---|
| 1357 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 1358 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1359 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1360 | 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 1361 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
|
|---|
| 1362 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
|
|---|
| 1363 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1364 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1365 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1366 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1367 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1368 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1369 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1370 | 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 1371 | 4564.534: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
|
|---|
| 1372 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
|
|---|
| 1373 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
|
|---|
| 1374 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1375 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1376 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
|
|---|
| 1377 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
|
|---|
| 1378 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
|
|---|
| 1379 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
|
|---|
| 1380 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1381 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1382 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1383 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1384 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1385 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1386 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
|
|---|
| 1387 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1388 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
|
|---|
| 1389 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
|
|---|
| 1390 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
|
|---|
| 1391 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
|
|---|
| 1392 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
|
|---|
| 1393 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1394 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1395 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1396 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1397 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1398 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
|
|---|
| 1399 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1400 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1401 | 4564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
|
|---|
| 1402 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1403 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
|
|---|
| 1404 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
|
|---|
| 1405 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 1406 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 1407 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
|
|---|
| 1408 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
|
|---|
| 1409 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
|
|---|
| 1410 | 4564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
|
|---|
| 1411 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1412 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1413 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1414 | 4564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
|
|---|
| 1415 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
|
|---|
| 1416 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
|
|---|
| 1417 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
|
|---|
| 1418 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1419 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
|
|---|
| 1420 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1421 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1422 | 4564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
|
|---|
| 1423 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1424 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1425 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1426 | 4564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 1427 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 1428 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1429 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
|
|---|
| 1430 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
|
|---|
| 1431 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
|
|---|
| 1432 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1433 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1434 | 4564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
|
|---|
| 1435 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
|
|---|
| 1436 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1437 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1438 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
|
|---|
| 1439 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1440 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1441 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1442 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1443 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1444 | 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
|
|---|
| 1445 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1446 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'user32.dll'.
|
|---|
| 1447 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #76 'gdi32.dll'.
|
|---|
| 1448 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
|
|---|
| 1449 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 1450 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1451 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1452 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1453 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1454 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1455 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1456 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1457 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1458 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1459 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1460 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1461 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1462 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1463 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1464 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
|
|---|
| 1465 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1466 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1467 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1468 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1469 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1470 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1471 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1472 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1473 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1474 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1475 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1476 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1477 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1478 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1479 | 4564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
|
|---|
| 1480 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1481 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
|
|---|
| 1482 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1483 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
|
|---|
| 1484 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
|
|---|
| 1485 | 4564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
|
|---|
| 1486 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
|
|---|
| 1487 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1488 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1489 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1490 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1491 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1492 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
|
|---|
| 1493 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1494 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1495 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1496 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
|
|---|
| 1497 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1498 | 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 1499 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
|
|---|
| 1500 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
|
|---|
| 1501 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 1502 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1503 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 1504 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1505 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1506 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 1507 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1508 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1509 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1510 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1511 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1512 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
|
|---|
| 1513 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1514 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1515 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1516 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
|
|---|
| 1517 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1518 | 4564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 1519 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1520 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 1521 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
|
|---|
| 1522 | 4564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
|
|---|
| 1523 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
|
|---|
| 1524 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1525 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1526 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1527 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1528 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1529 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1530 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1531 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1532 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 1533 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1534 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1535 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 1536 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1537 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1538 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1539 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1540 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1541 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1542 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1543 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1544 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 1545 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1546 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1547 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
|
|---|
| 1548 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1549 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1550 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1551 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1552 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1553 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1554 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 1555 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1556 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
|
|---|
| 1557 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
|
|---|
| 1558 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
|
|---|
| 1559 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1560 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1561 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
|
|---|
| 1562 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1563 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1564 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
|
|---|
| 1565 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1566 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1567 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
|
|---|
| 1568 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1569 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1570 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1571 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1572 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1573 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
|
|---|
| 1574 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1575 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1576 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1577 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1578 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1579 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1580 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1581 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1582 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1583 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1584 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1585 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1586 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1587 | 4564.534: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
|
|---|
| 1588 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1589 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1590 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
|
|---|
| 1591 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1592 | 4564.534: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
|
|---|
| 1593 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1594 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1595 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
|
|---|
| 1596 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1597 | 4564.534: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
|
|---|
| 1598 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1599 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1600 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1601 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 1602 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1603 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
|
|---|
| 1604 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1605 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1606 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
|
|---|
| 1607 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
|
|---|
| 1608 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
|
|---|
| 1609 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
|
|---|
| 1610 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
|
|---|
| 1611 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 1612 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
|
|---|
| 1613 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
|
|---|
| 1614 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
|
|---|
| 1615 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
|
|---|
| 1616 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
|
|---|
| 1617 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1618 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1619 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
|
|---|
| 1620 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000047c pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
|
|---|
| 1621 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 1622 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 1623 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=19A1CD90C2208B3BD0567A538CC10CADA852F417
|
|---|
| 1624 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1625 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1626 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 1627 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1628 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1629 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1630 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1631 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1632 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 1633 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1634 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1635 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1636 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1637 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1638 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1639 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1640 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1641 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1642 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1643 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1644 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1645 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1646 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1647 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 1648 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1649 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1650 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1651 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
|
|---|
| 1652 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1653 | 4564.534: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
|
|---|
| 1654 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
|
|---|
| 1655 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
|
|---|
| 1656 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
|
|---|
| 1657 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
|
|---|
| 1658 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1659 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1660 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
|
|---|
| 1661 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1662 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 1663 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
|
|---|
| 1664 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
|
|---|
| 1665 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
|
|---|
| 1666 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb20500000 LB 0x00020000 C:\Windows\System32\win32u.dll [fFlags=0x0]
|
|---|
| 1667 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
|
|---|
| 1668 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb207f0000 LB 0x0009f000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0]
|
|---|
| 1669 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
|
|---|
| 1670 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb21080000 LB 0x00192000 C:\Windows\System32\gdi32full.dll [fFlags=0x0]
|
|---|
| 1671 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 1672 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
|
|---|
| 1673 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
|
|---|
| 1674 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
|
|---|
| 1675 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
|
|---|
| 1676 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
|
|---|
| 1677 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23060000 LB 0x00028000 C:\Windows\System32\GDI32.dll [fFlags=0x0]
|
|---|
| 1678 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
|
|---|
| 1679 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb215d0000 LB 0x00190000 C:\Windows\System32\USER32.dll [fFlags=0x0]
|
|---|
| 1680 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust]
|
|---|
| 1681 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb11460000 LB 0x0002c000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
|
|---|
| 1682 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
|
|---|
| 1683 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffafd380000 LB 0x00120000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
|
|---|
| 1684 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
|
|---|
| 1685 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb20520000 LB 0x00049000 C:\Windows\System32\cfgmgr32.dll [fFlags=0x0]
|
|---|
| 1686 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
|
|---|
| 1687 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
|
|---|
| 1688 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23560000 LB 0x00322000 C:\Windows\System32\combase.dll [fFlags=0x0]
|
|---|
| 1689 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
|
|---|
| 1690 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23cf0000 LB 0x000a9000 C:\Windows\System32\shcore.dll [fFlags=0x0]
|
|---|
| 1691 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1692 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
|
|---|
| 1693 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
|
|---|
| 1694 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
|
|---|
| 1695 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 1696 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb233d0000 LB 0x00051000 C:\Windows\System32\shlwapi.dll [fFlags=0x0]
|
|---|
| 1697 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
|
|---|
| 1698 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
|
|---|
| 1699 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
|
|---|
| 1700 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
|
|---|
| 1701 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
|
|---|
| 1702 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb20240000 LB 0x00011000 C:\Windows\System32\kernel.appcore.dll [fFlags=0x0]
|
|---|
| 1703 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
|
|---|
| 1704 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
|
|---|
| 1705 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
|
|---|
| 1706 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
|
|---|
| 1707 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb201d0000 LB 0x0004c000 C:\Windows\System32\powrprof.dll [fFlags=0x0]
|
|---|
| 1708 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
|
|---|
| 1709 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
|
|---|
| 1710 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
|
|---|
| 1711 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb201c0000 LB 0x0000a000 C:\Windows\System32\FLTLIB.DLL [fFlags=0x0]
|
|---|
| 1712 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\fltLib.dll)
|
|---|
| 1713 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\fltLib.dll
|
|---|
| 1714 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb20890000 LB 0x0070d000 C:\Windows\System32\windows.storage.dll [fFlags=0x0]
|
|---|
| 1715 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1716 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
|
|---|
| 1717 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #54 'combase.dll'.
|
|---|
| 1718 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'profapi.dll'.
|
|---|
| 1719 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #81 'fltlib.dll'.
|
|---|
| 1720 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
|
|---|
| 1721 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
|
|---|
| 1722 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb21770000 LB 0x01440000 C:\Windows\System32\SHELL32.dll [fFlags=0x0]
|
|---|
| 1723 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
|
|---|
| 1724 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23a10000 LB 0x00151000 C:\Windows\System32\ole32.dll [fFlags=0x0]
|
|---|
| 1725 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1726 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb173b0000 LB 0x0001a000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
|
|---|
| 1727 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
|
|---|
| 1728 | 4564.534: supR3HardenedDllNotificationCallback: load 0000000074940000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
|
|---|
| 1729 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1730 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffad9900000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
|
|---|
| 1731 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1732 | 4564.534: supR3HardenedDllNotificationCallback: load 00000000741a0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
|
|---|
| 1733 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
|
|---|
| 1734 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23490000 LB 0x000c2000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0]
|
|---|
| 1735 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 1736 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffad9f00000 LB 0x00592000 C:\Program Files\Oracle\VirtualBox\VBoxGlobal.dll [fFlags=0x0]
|
|---|
| 1737 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
|
|---|
| 1738 | 4564.534: supR3HardenedDllNotificationCallback: load 0000000075c10000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
|
|---|
| 1739 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1740 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1d520000 LB 0x0002a000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
|
|---|
| 1741 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
|
|---|
| 1742 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1db20000 LB 0x00023000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
|
|---|
| 1743 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 1744 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffad4ec0000 LB 0x01f0f000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
|
|---|
| 1745 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
|
|---|
| 1746 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
|
|---|
| 1747 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 1748 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\fltLib.dll'.
|
|---|
| 1749 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\fltLib.dll' [rescheduled]
|
|---|
| 1750 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
|
|---|
| 1751 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 1752 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
|
|---|
| 1753 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 1754 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
|
|---|
| 1755 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 1756 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
|
|---|
| 1757 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 1758 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
|
|---|
| 1759 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 1760 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
|
|---|
| 1761 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 1762 | 4564.534: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 1763 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 1764 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 1765 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 1766 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
|
|---|
| 1767 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 1768 | 4564.534: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 1769 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 1770 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 1771 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 1772 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 1773 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 1774 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 1775 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 1776 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 1777 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 1778 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 1779 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 1780 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 1781 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 1782 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 1783 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'fltlib.dll'...
|
|---|
| 1784 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'fltlib.dll' -> '\Device\HarddiskVolume3\Windows\System32\fltlib.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1785 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\fltLib.dll [redoing WinVerifyTrust]
|
|---|
| 1786 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\fltLib.dll'.
|
|---|
| 1787 | 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\fltLib.dll
|
|---|
| 1788 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
|
|---|
| 1789 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1790 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
|
|---|
| 1791 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1792 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1793 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
|
|---|
| 1794 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 1795 | 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 1796 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1797 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1798 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1799 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1800 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1801 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1802 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1803 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1804 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1805 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1806 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1807 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1808 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
|
|---|
| 1809 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 1810 | 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 1811 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1812 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1813 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
|
|---|
| 1814 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 1815 | 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
|
|---|
| 1816 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1817 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1818 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1819 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1820 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
|
|---|
| 1821 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 1822 | 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 1823 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1824 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1825 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1826 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1827 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1828 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1829 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
|
|---|
| 1830 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 1831 | 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
|
|---|
| 1832 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1833 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1834 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
|
|---|
| 1835 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 1836 | 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 1837 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1838 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1839 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
|
|---|
| 1840 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 1841 | 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
|
|---|
| 1842 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 1843 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1844 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
|
|---|
| 1845 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 1846 | 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
|
|---|
| 1847 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1848 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23da0000 'C:\Windows\System32\kernel32.dll'
|
|---|
| 1849 | 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
|
|---|
| 1850 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1851 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-string-l1-1-0'
|
|---|
| 1852 | 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 1853 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1854 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-datetime-l1-1-1'
|
|---|
| 1855 | 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 1856 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1857 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-localization-obsolete-l1-2-0'
|
|---|
| 1858 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
|
|---|
| 1859 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
|
|---|
| 1860 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
|
|---|
| 1861 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
|
|---|
| 1862 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
|
|---|
| 1863 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1864 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1865 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
|
|---|
| 1866 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 1867 | 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
|
|---|
| 1868 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1869 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1870 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
|
|---|
| 1871 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 1872 | 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 1873 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 1874 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb233a0000 LB 0x0002d000 C:\Windows\System32\IMM32.DLL [fFlags=0x0]
|
|---|
| 1875 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
|
|---|
| 1876 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb233a0000 'C:\Windows\system32\IMM32.DLL'
|
|---|
| 1877 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
|
|---|
| 1878 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
|
|---|
| 1879 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 1880 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1881 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23960000 'C:\Windows\System32\ADVAPI32.DLL'
|
|---|
| 1882 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4ec0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
|
|---|
| 1883 | 4564.534: SUPR3HardenedMain: Calling TrustedMain (00007ffad4ec16c0)...
|
|---|
| 1884 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1885 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 1886 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
|
|---|
| 1887 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 1888 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
|
|---|
| 1889 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
|
|---|
| 1890 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
|
|---|
| 1891 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
|
|---|
| 1892 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
|
|---|
| 1893 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
|
|---|
| 1894 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
|
|---|
| 1895 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
|
|---|
| 1896 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
|
|---|
| 1897 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
|
|---|
| 1898 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1899 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1900 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1901 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1902 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1903 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1904 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1905 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1906 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1907 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1908 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 1909 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1910 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1911 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [redoing WinVerifyTrust]
|
|---|
| 1912 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1913 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1914 | 4564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
|
|---|
| 1915 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1916 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1917 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 1918 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 1919 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1920 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 1921 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 1922 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1923 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
|
|---|
| 1924 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1925 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1926 | 4564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
|
|---|
| 1927 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1928 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1929 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
|
|---|
| 1930 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1931 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1932 | 4564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
|
|---|
| 1933 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1934 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1935 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1936 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1937 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1938 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
|
|---|
| 1939 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1940 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1941 | 4564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
|
|---|
| 1942 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1943 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
|
|---|
| 1944 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffaebee0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
|
|---|
| 1945 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
|
|---|
| 1946 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaebee0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
|
|---|
| 1947 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000614 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
|
|---|
| 1948 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 1949 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 1950 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=15C67EA66CCB2DD0FE18A5AB58A7BA1C113BBA6A
|
|---|
| 1951 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1952 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1953 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
|
|---|
| 1954 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1955 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1956 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
|
|---|
| 1957 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
|
|---|
| 1958 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
|
|---|
| 1959 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
|
|---|
| 1960 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1961 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1962 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1963 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1964 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1965 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1966 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 1967 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
|
|---|
| 1968 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1ea90000 LB 0x00098000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
|
|---|
| 1969 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
|
|---|
| 1970 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ea90000 'C:\Windows\system32\uxtheme.dll'
|
|---|
| 1971 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'C:\Windows\system32\user32.dll'
|
|---|
| 1972 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 1973 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1974 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll'
|
|---|
| 1975 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
|
|---|
| 1976 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1977 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1978 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
|
|---|
| 1979 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1980 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23cf0000 'C:\Windows\system32\SHCore.dll'
|
|---|
| 1981 | 4564.534: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
|
|---|
| 1982 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
|
|---|
| 1983 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1984 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'win32u.dll'.
|
|---|
| 1985 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
|
|---|
| 1986 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'gdi32.dll'.
|
|---|
| 1987 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
|
|---|
| 1988 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
|
|---|
| 1989 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1eb60000 LB 0x00029000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
|
|---|
| 1990 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
|
|---|
| 1991 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1992 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1993 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1994 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1995 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 1996 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1997 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1998 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
|
|---|
| 1999 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2000 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2001 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2002 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2003 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
|
|---|
| 2004 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 2005 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2006 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\system32\winmm.dll'
|
|---|
| 2007 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 2008 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2009 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\system32\winmm.dll'
|
|---|
| 2010 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 2011 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2012 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll'
|
|---|
| 2013 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
|
|---|
| 2014 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2015 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ea90000 'C:\Windows\system32\uxtheme.dll'
|
|---|
| 2016 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 2017 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2018 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23960000 'C:\Windows\system32\advapi32.dll'
|
|---|
| 2019 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2020 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2021 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
|
|---|
| 2022 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'profapi.dll'.
|
|---|
| 2023 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
|
|---|
| 2024 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
|
|---|
| 2025 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
|
|---|
| 2026 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2027 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
|
|---|
| 2028 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2029 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2030 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2031 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
|
|---|
| 2032 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb200a0000 LB 0x00028000 C:\Windows\system32\userenv.dll [fFlags=0x0]
|
|---|
| 2033 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
|
|---|
| 2034 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb200a0000 'C:\Windows\system32\userenv.dll'
|
|---|
| 2035 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 2036 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2037 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23da0000 'C:\Windows\System32\kernel32.dll'
|
|---|
| 2038 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb214d0000 LB 0x000a0000 C:\Windows\System32\clbcatq.dll [fFlags=0x0]
|
|---|
| 2039 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2040 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
|
|---|
| 2041 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
|
|---|
| 2042 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
|
|---|
| 2043 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2044 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2045 | 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 2046 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2047 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2048 | 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 2049 | 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2050 | 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2051 | 4564.160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
|
|---|
| 2052 | 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2053 | 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2054 | 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 2055 | 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2056 | 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 2057 | 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
|
|---|
| 2058 | 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
|
|---|
| 2059 | 4564.160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
|
|---|
| 2060 | 4564.160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 2061 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2062 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2063 | 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 2064 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2065 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2066 | 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 2067 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2068 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2069 | 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 2070 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2071 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2072 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 2073 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2074 | 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 2075 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2076 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2077 | 4564.160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2078 | 4564.160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 2079 | 4564.160: supR3HardenedDllNotificationCallback: load 00007ffadf3a0000 LB 0x003a0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
|
|---|
| 2080 | 4564.160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 2081 | 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadf3a0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
|
|---|
| 2082 | 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2083 | 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2084 | 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 2085 | 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 2086 | 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
|
|---|
| 2087 | 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
|
|---|
| 2088 | 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
|
|---|
| 2089 | 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
|
|---|
| 2090 | 4564.160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
|
|---|
| 2091 | 4564.160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
|
|---|
| 2092 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2093 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2094 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2095 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2096 | 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 2097 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2098 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2099 | 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 2100 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 2101 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2102 | 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
|
|---|
| 2103 | 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2104 | 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2105 | 4564.160: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
|
|---|
| 2106 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2107 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2108 | 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 2109 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2110 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2111 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2112 | 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2113 | 4564.160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2114 | 4564.160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
|
|---|
| 2115 | 4564.160: supR3HardenedDllNotificationCallback: load 00007ffaebe00000 LB 0x000d4000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
|
|---|
| 2116 | 4564.160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
|
|---|
| 2117 | 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaebe00000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
|
|---|
| 2118 | 4564.160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 2119 | 4564.160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2120 | 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23490000 'C:\Windows\System32\oleaut32.dll'
|
|---|
| 2121 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23060000 'C:\Windows\system32\gdi32.dll'
|
|---|
| 2122 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 2123 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2124 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll'
|
|---|
| 2125 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23b70000 LB 0x00173000 C:\Windows\System32\MSCTF.dll [fFlags=0x0]
|
|---|
| 2126 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2127 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'oleaut32.dll'.
|
|---|
| 2128 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
|
|---|
| 2129 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
|
|---|
| 2130 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
|
|---|
| 2131 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
|
|---|
| 2132 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
|
|---|
| 2133 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 2134 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2135 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
|
|---|
| 2136 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2137 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2138 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2139 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2140 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2141 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2142 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 2143 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2144 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2145 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2146 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2147 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
|
|---|
| 2148 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000098c pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
|
|---|
| 2149 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 2150 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 2151 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07B480615AD13C4A3DD6B7A2F86ED35195B9CA49
|
|---|
| 2152 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2153 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2154 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
|
|---|
| 2155 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2156 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2157 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
|
|---|
| 2158 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
|
|---|
| 2159 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
|
|---|
| 2160 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
|
|---|
| 2161 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
|
|---|
| 2162 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
|
|---|
| 2163 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
|
|---|
| 2164 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2165 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2166 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2167 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
|
|---|
| 2168 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
|
|---|
| 2169 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'oleaut32.dll'.
|
|---|
| 2170 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'dxgi.dll'.
|
|---|
| 2171 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
|
|---|
| 2172 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
|
|---|
| 2173 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
|
|---|
| 2174 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2175 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
|
|---|
| 2176 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2177 | 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
|
|---|
| 2178 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2179 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
|
|---|
| 2180 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll)
|
|---|
| 2181 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
|
|---|
| 2182 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2183 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2184 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 2185 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 2186 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2187 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
|
|---|
| 2188 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2189 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2190 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
|
|---|
| 2191 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2192 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2193 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
|
|---|
| 2194 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2195 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2196 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2197 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2198 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2199 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
|
|---|
| 2200 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
|
|---|
| 2201 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
|
|---|
| 2202 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
|
|---|
| 2203 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 2204 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2205 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
|
|---|
| 2206 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2207 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2208 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
|
|---|
| 2209 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
|
|---|
| 2210 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2211 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
|
|---|
| 2212 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2213 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2214 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2215 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2216 | 4564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
|
|---|
| 2217 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 2218 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2219 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 2220 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2221 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2222 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2223 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
|
|---|
| 2224 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
|
|---|
| 2225 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
|
|---|
| 2226 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
|
|---|
| 2227 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1ef20000 LB 0x000bb000 C:\Windows\system32\dxgi.dll [fFlags=0x0]
|
|---|
| 2228 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
|
|---|
| 2229 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1d210000 LB 0x0030b000 C:\Windows\system32\d3d11.dll [fFlags=0x0]
|
|---|
| 2230 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
|
|---|
| 2231 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1db50000 LB 0x0019c000 C:\Windows\system32\dcomp.dll [fFlags=0x0]
|
|---|
| 2232 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
|
|---|
| 2233 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb078b0000 LB 0x00058000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
|
|---|
| 2234 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
|
|---|
| 2235 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
|
|---|
| 2236 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
|
|---|
| 2237 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
|
|---|
| 2238 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2239 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23060000 'C:\Windows\System32\gdi32.dll'
|
|---|
| 2240 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb078b0000 'C:\Windows\system32\dataexchange.dll'
|
|---|
| 2241 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2242 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'.
|
|---|
| 2243 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
|
|---|
| 2244 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
|
|---|
| 2245 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
|
|---|
| 2246 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
|
|---|
| 2247 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2248 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
|
|---|
| 2249 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll)
|
|---|
| 2250 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll
|
|---|
| 2251 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1e570000 LB 0x00021000 C:\Windows\system32\RMCLIENT.dll [fFlags=0x0]
|
|---|
| 2252 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
|
|---|
| 2253 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1e5f0000 LB 0x001b8000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
|
|---|
| 2254 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
|
|---|
| 2255 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2256 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2257 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2258 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2259 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 2260 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2261 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 2262 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2263 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2264 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
|
|---|
| 2265 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2266 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
|
|---|
| 2267 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2268 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2269 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2270 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2271 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll'
|
|---|
| 2272 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
|
|---|
| 2273 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2274 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2275 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2276 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
|
|---|
| 2277 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 2278 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2279 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23cf0000 'C:\Windows\system32\Shcore.dll'
|
|---|
| 2280 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2281 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'coreuicomponents.dll'.
|
|---|
| 2282 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'coremessaging.dll'.
|
|---|
| 2283 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
|
|---|
| 2284 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
|
|---|
| 2285 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2286 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
|
|---|
| 2287 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
|
|---|
| 2288 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
|
|---|
| 2289 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
|
|---|
| 2290 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2291 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
|
|---|
| 2292 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
|
|---|
| 2293 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
|
|---|
| 2294 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
|
|---|
| 2295 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
|
|---|
| 2296 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
|
|---|
| 2297 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
|
|---|
| 2298 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcryptprimitives.dll'.
|
|---|
| 2299 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
|
|---|
| 2300 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
|
|---|
| 2301 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1f250000 LB 0x00031000 C:\Windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
|
|---|
| 2302 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
|
|---|
| 2303 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1e0f0000 LB 0x000da000 C:\Windows\System32\CoreMessaging.dll [fFlags=0x0]
|
|---|
| 2304 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
|
|---|
| 2305 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1c100000 LB 0x0014d000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0]
|
|---|
| 2306 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
|
|---|
| 2307 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1c250000 LB 0x0031e000 C:\Windows\System32\CoreUIComponents.dll [fFlags=0x0]
|
|---|
| 2308 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
|
|---|
| 2309 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1b060000 LB 0x00096000 C:\Windows\System32\TextInputFramework.dll [fFlags=0x0]
|
|---|
| 2310 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
|
|---|
| 2311 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
|
|---|
| 2312 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2313 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
|
|---|
| 2314 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2315 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2316 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 2317 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2318 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 2319 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2320 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2321 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2322 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2323 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 2324 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2325 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 2326 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
|
|---|
| 2327 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2328 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
|
|---|
| 2329 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2330 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2331 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
|
|---|
| 2332 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2333 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
|
|---|
| 2334 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
|
|---|
| 2335 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2336 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
|
|---|
| 2337 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2338 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2339 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2340 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2341 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
|
|---|
| 2342 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2343 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2344 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
|
|---|
| 2345 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2346 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2347 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
|
|---|
| 2348 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2349 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2350 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
|
|---|
| 2351 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2352 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2353 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
|
|---|
| 2354 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23490000 'C:\Windows\System32\OLEAUT32.DLL'
|
|---|
| 2355 | 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2356 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2357 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
|
|---|
| 2358 | 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2359 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2360 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
|
|---|
| 2361 | 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2362 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2363 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23560000 'api-ms-win-core-com-l1-1-0.dll'
|
|---|
| 2364 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
|
|---|
| 2365 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2366 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23b70000 'C:\Windows\System32\MSCTF.dll'
|
|---|
| 2367 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 2368 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2369 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll'
|
|---|
| 2370 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll'
|
|---|
| 2371 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
|
|---|
| 2372 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2373 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1eb60000 'C:\Windows\system32\dwmapi.dll'
|
|---|
| 2374 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
|
|---|
| 2375 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2376 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ea90000 'C:\Windows\system32\uxtheme.dll'
|
|---|
| 2377 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
|
|---|
| 2378 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\SYSTEM32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2379 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1eb60000 'C:\Windows\SYSTEM32\dwmapi.dll'
|
|---|
| 2380 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a58 pwszName=\Device\HarddiskVolume3\Windows\System32\comdlg32.dll
|
|---|
| 2381 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 2382 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 2383 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6868B70823C29BB44065B2BB121FA81DF77F96EB
|
|---|
| 2384 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2385 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2386 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'
|
|---|
| 2387 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2388 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2389 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
|
|---|
| 2390 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shlwapi.dll'.
|
|---|
| 2391 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
|
|---|
| 2392 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'comctl32.dll'.
|
|---|
| 2393 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'shell32.dll'.
|
|---|
| 2394 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll) WinVerifyTrust
|
|---|
| 2395 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
|
|---|
| 2396 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 2397 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2398 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
|
|---|
| 2399 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
|
|---|
| 2400 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2401 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2402 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
|
|---|
| 2403 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
|
|---|
| 2404 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
|
|---|
| 2405 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll) WinVerifyTrust
|
|---|
| 2406 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
|
|---|
| 2407 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2408 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2409 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 2410 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2411 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
|
|---|
| 2412 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2413 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2414 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2415 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2416 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2417 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2418 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2419 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2420 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2421 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2422 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\comdlg32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2423 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
|
|---|
| 2424 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
|
|---|
| 2425 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
|
|---|
| 2426 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\comctl32.dll)
|
|---|
| 2427 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\comctl32.dll
|
|---|
| 2428 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffaf02b0000 LB 0x000a7000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\COMCTL32.dll [fFlags=0x0]
|
|---|
| 2429 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\comctl32.dll [avoiding WinVerifyTrust]
|
|---|
| 2430 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb231c0000 LB 0x000ed000 C:\Windows\System32\comdlg32.dll [fFlags=0x0]
|
|---|
| 2431 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
|
|---|
| 2432 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\comctl32.dll'.
|
|---|
| 2433 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\comctl32.dll' [rescheduled]
|
|---|
| 2434 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
|
|---|
| 2435 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2436 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2437 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2438 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2439 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2440 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2441 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2442 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb233a0000 'C:\Windows\System32\imm32.dll'
|
|---|
| 2443 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb231c0000 'C:\Windows\System32\comdlg32.dll'
|
|---|
| 2444 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2445 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2446 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2447 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
|
|---|
| 2448 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
|
|---|
| 2449 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
|
|---|
| 2450 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
|
|---|
| 2451 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2452 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2453 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2454 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2455 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2456 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2457 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2458 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
|
|---|
| 2459 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1ca00000 LB 0x001b4000 C:\Windows\system32\propsys.dll [fFlags=0x0]
|
|---|
| 2460 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
|
|---|
| 2461 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ca00000 'C:\Windows\system32\propsys.dll'
|
|---|
| 2462 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll [redoing WinVerifyTrust]
|
|---|
| 2463 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2464 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2465 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
|
|---|
| 2466 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2467 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20890000 'C:\Windows\system32\windows.storage.dll'
|
|---|
| 2468 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
|
|---|
| 2469 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Windows.Storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2470 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20890000 'C:\Windows\system32\Windows.Storage.dll'
|
|---|
| 2471 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2472 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2473 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2474 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
|
|---|
| 2475 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
|
|---|
| 2476 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll) WinVerifyTrust
|
|---|
| 2477 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
|
|---|
| 2478 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2479 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2480 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2481 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2482 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2483 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2484 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2485 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
|
|---|
| 2486 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb0e840000 LB 0x00269000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll [fFlags=0x0]
|
|---|
| 2487 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
|
|---|
| 2488 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2489 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
|
|---|
| 2490 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2491 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2492 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
|
|---|
| 2493 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2494 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2495 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
|
|---|
| 2496 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2497 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2498 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
|
|---|
| 2499 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2500 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2501 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
|
|---|
| 2502 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2503 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2504 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
|
|---|
| 2505 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2506 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2507 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2508 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2509 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2510 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll'
|
|---|
| 2511 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2512 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2513 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2514 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2515 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2516 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
|
|---|
| 2517 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'user32.dll'.
|
|---|
| 2518 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll) WinVerifyTrust
|
|---|
| 2519 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
|
|---|
| 2520 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2521 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2522 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2523 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2524 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2525 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2526 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2527 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
|
|---|
| 2528 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffaee570000 LB 0x000a5000 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll [fFlags=0x0]
|
|---|
| 2529 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
|
|---|
| 2530 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaee570000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
|
|---|
| 2531 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2532 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2533 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2534 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
|
|---|
| 2535 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'oleaut32.dll'.
|
|---|
| 2536 | 4564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\edputil.dll)
|
|---|
| 2537 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\edputil.dll
|
|---|
| 2538 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffafecc0000 LB 0x00044000 C:\Windows\SYSTEM32\edputil.dll [fFlags=0x0]
|
|---|
| 2539 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\edputil.dll [avoiding WinVerifyTrust]
|
|---|
| 2540 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b58 pwszName=\Device\HarddiskVolume3\Windows\System32\edputil.dll
|
|---|
| 2541 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 2542 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 2543 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A98AB64534C9A66B8A26B14B7D32ACFB4404796
|
|---|
| 2544 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2545 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2546 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2547 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2548 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2549 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2550 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2551 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
|
|---|
| 2552 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2553 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2554 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0017~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\edputil.dll'
|
|---|
| 2555 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2556 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\edputil.dll'
|
|---|
| 2557 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b4c pwszName=\Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll
|
|---|
| 2558 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 2559 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 2560 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B8481834FF5C50511102DBD4C26061CFFE0C0211
|
|---|
| 2561 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2562 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2563 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll'
|
|---|
| 2564 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2565 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2566 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
|
|---|
| 2567 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
|
|---|
| 2568 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
|
|---|
| 2569 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'advapi32.dll'.
|
|---|
| 2570 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'imm32.dll'.
|
|---|
| 2571 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'user32.dll'.
|
|---|
| 2572 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'gdi32.dll'.
|
|---|
| 2573 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll) WinVerifyTrust
|
|---|
| 2574 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll
|
|---|
| 2575 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2576 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2577 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2578 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2579 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 2580 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2581 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
|
|---|
| 2582 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2583 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2584 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 2585 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2586 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
|
|---|
| 2587 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 2588 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2589 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 2590 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2591 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 2592 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2593 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2594 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\explorerframe.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2595 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll
|
|---|
| 2596 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffaf7100000 LB 0x00495000 C:\Windows\system32\explorerframe.dll [fFlags=0x0]
|
|---|
| 2597 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll
|
|---|
| 2598 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf7100000 'C:\Windows\system32\explorerframe.dll'
|
|---|
| 2599 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
|
|---|
| 2600 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 2601 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2602 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2603 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2604 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
|
|---|
| 2605 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
|
|---|
| 2606 | 4564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dui70.dll)
|
|---|
| 2607 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dui70.dll
|
|---|
| 2608 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffaec700000 LB 0x001ab000 C:\Windows\system32\DUI70.dll [fFlags=0x0]
|
|---|
| 2609 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dui70.dll [avoiding WinVerifyTrust]
|
|---|
| 2610 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb4 pwszName=\Device\HarddiskVolume3\Windows\System32\dui70.dll
|
|---|
| 2611 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 2612 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 2613 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1510BF236857F46A8A0CA102946C0B1690491DC1
|
|---|
| 2614 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2615 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2616 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2617 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2618 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2619 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2620 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 2621 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2622 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2623 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1794_for_KB4467682~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\dui70.dll'
|
|---|
| 2624 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2625 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dui70.dll'
|
|---|
| 2626 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\Comctl32.dll'
|
|---|
| 2627 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2628 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2629 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
|
|---|
| 2630 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
|
|---|
| 2631 | 4564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\duser.dll)
|
|---|
| 2632 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\duser.dll
|
|---|
| 2633 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffaef7a0000 LB 0x00093000 C:\Windows\system32\DUser.dll [fFlags=0x0]
|
|---|
| 2634 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\duser.dll [avoiding WinVerifyTrust]
|
|---|
| 2635 | 4564.534: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\duser.dll'.
|
|---|
| 2636 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\duser.dll' [rescheduled]
|
|---|
| 2637 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'.
|
|---|
| 2638 | 4564.534: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
|
|---|
| 2639 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
|
|---|
| 2640 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 2641 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2642 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2643 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2644 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2645 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2646 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2647 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2648 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23e90000 'C:\Windows\System32\ntdll.dll'
|
|---|
| 2649 | 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'.
|
|---|
| 2650 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' [rescheduled]
|
|---|
| 2651 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'C:\Windows\System32\user32.dll'
|
|---|
| 2652 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\duser.dll [redoing WinVerifyTrust]
|
|---|
| 2653 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc4 pwszName=\Device\HarddiskVolume3\Windows\System32\duser.dll
|
|---|
| 2654 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 2655 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 2656 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EEE06C65A782886576C09832F69649332E5F519E
|
|---|
| 2657 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2658 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2659 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0016~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\duser.dll'
|
|---|
| 2660 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2661 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\duser.dll'
|
|---|
| 2662 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DUser.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2663 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaef7a0000 'C:\Windows\system32\DUser.dll'
|
|---|
| 2664 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'C:\Windows\System32\user32.dll'
|
|---|
| 2665 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2666 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
|
|---|
| 2667 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll)
|
|---|
| 2668 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll
|
|---|
| 2669 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1c740000 LB 0x001ae000 C:\Windows\SYSTEM32\WindowsCodecs.dll [fFlags=0x0]
|
|---|
| 2670 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust]
|
|---|
| 2671 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2672 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2673 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2674 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2675 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2676 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2677 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll'
|
|---|
| 2678 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2679 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2680 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2681 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shcore.dll'.
|
|---|
| 2682 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
|
|---|
| 2683 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\thumbcache.dll) WinVerifyTrust
|
|---|
| 2684 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\thumbcache.dll
|
|---|
| 2685 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2686 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2687 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 2688 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2689 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 2690 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2691 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2692 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2693 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\thumbcache.dll
|
|---|
| 2694 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffaff880000 LB 0x0005c000 C:\Windows\System32\thumbcache.dll [fFlags=0x0]
|
|---|
| 2695 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\thumbcache.dll
|
|---|
| 2696 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaff880000 'C:\Windows\System32\thumbcache.dll'
|
|---|
| 2697 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c48 pwszName=\Device\HarddiskVolume3\Windows\System32\msftedit.dll
|
|---|
| 2698 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 2699 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 2700 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=267BC169582C0D29EB8471C1650D1AC3042E0E15
|
|---|
| 2701 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2702 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2703 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB4483234~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msftedit.dll'
|
|---|
| 2704 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2705 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
|
|---|
| 2706 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msftedit.dll) WinVerifyTrust
|
|---|
| 2707 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msftedit.dll
|
|---|
| 2708 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2709 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2710 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MsftEdit.dll (Input=MsftEdit.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2711 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msftedit.dll
|
|---|
| 2712 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb133d0000 LB 0x00339000 C:\Windows\System32\MsftEdit.dll [fFlags=0x0]
|
|---|
| 2713 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msftedit.dll
|
|---|
| 2714 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb133d0000 'C:\Windows\System32\MsftEdit.dll'
|
|---|
| 2715 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb8 pwszName=\Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll
|
|---|
| 2716 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 2717 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 2718 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D87514FCF2BE2B92F22EEFA7D80B8E73FED8375B
|
|---|
| 2719 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2720 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2721 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1302_for_KB4467702~31bf3856ad364e35~amd64~~10.0.1.6.cat'; file='\Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll'
|
|---|
| 2722 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2723 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 2724 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'oleaut32.dll'.
|
|---|
| 2725 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'rpcrt4.dll'.
|
|---|
| 2726 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
|
|---|
| 2727 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'bcp47langs.dll'.
|
|---|
| 2728 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'bcp47mrm.dll'.
|
|---|
| 2729 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll) WinVerifyTrust
|
|---|
| 2730 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll
|
|---|
| 2731 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcp47mrm.dll'...
|
|---|
| 2732 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcp47mrm.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcp47mrm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2733 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2734 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2735 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 2736 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\BCP47mrm.dll) WinVerifyTrust
|
|---|
| 2737 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\BCP47mrm.dll
|
|---|
| 2738 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcp47langs.dll'...
|
|---|
| 2739 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcp47langs.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcp47langs.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2740 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 2741 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2742 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
|
|---|
| 2743 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2744 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2745 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 2746 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\BCP47Langs.dll) WinVerifyTrust
|
|---|
| 2747 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\BCP47Langs.dll
|
|---|
| 2748 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 2749 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2750 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 2751 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2752 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2753 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2754 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2755 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 2756 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2757 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
|
|---|
| 2758 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 2759 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2760 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
|
|---|
| 2761 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2762 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2763 | 4564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
|
|---|
| 2764 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.Globalization.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2765 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll
|
|---|
| 2766 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\BCP47Langs.dll
|
|---|
| 2767 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\BCP47mrm.dll
|
|---|
| 2768 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb13380000 LB 0x00050000 C:\Windows\System32\Bcp47Langs.dll [fFlags=0x0]
|
|---|
| 2769 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\BCP47Langs.dll
|
|---|
| 2770 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb130c0000 LB 0x00029000 C:\Windows\System32\bcp47mrm.dll [fFlags=0x0]
|
|---|
| 2771 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\BCP47mrm.dll
|
|---|
| 2772 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb11000000 LB 0x00189000 C:\Windows\System32\Windows.Globalization.dll [fFlags=0x0]
|
|---|
| 2773 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll
|
|---|
| 2774 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb11000000 'C:\Windows\System32\Windows.Globalization.dll'
|
|---|
| 2775 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 2776 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
|
|---|
| 2777 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcp47langs.dll'.
|
|---|
| 2778 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'user32.dll'.
|
|---|
| 2779 | 4564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\globinputhost.dll)
|
|---|
| 2780 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\globinputhost.dll
|
|---|
| 2781 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1dd70000 LB 0x0002a000 C:\Windows\SYSTEM32\globinputhost.dll [fFlags=0x0]
|
|---|
| 2782 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\globinputhost.dll [avoiding WinVerifyTrust]
|
|---|
| 2783 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d0c pwszName=\Device\HarddiskVolume3\Windows\System32\globinputhost.dll
|
|---|
| 2784 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 2785 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 2786 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EE1534582E3472A41541A3E597BA88F75001380C
|
|---|
| 2787 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2788 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2789 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcp47langs.dll'...
|
|---|
| 2790 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcp47langs.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcp47langs.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2791 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\BCP47Langs.dll
|
|---|
| 2792 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2793 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2794 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 2795 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2796 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
|
|---|
| 2797 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2798 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2799 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package001021~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\globinputhost.dll'
|
|---|
| 2800 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2801 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\globinputhost.dll'
|
|---|
| 2802 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 2803 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2804 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23a10000 'C:\Windows\System32\ole32.dll'
|
|---|
| 2805 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
|
|---|
| 2806 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2807 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23b70000 'C:\Windows\System32\msctf.dll'
|
|---|
| 2808 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
|
|---|
| 2809 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2810 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23b70000 'C:\Windows\system32\msctf.dll'
|
|---|
| 2811 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 2812 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 2813 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2814 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2815 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2816 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\xmllite.dll) WinVerifyTrust
|
|---|
| 2817 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\xmllite.dll
|
|---|
| 2818 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2819 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2820 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\xmllite.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2821 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\xmllite.dll
|
|---|
| 2822 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb17360000 LB 0x00039000 C:\Windows\system32\xmllite.dll [fFlags=0x0]
|
|---|
| 2823 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\xmllite.dll
|
|---|
| 2824 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17360000 'C:\Windows\system32\xmllite.dll'
|
|---|
| 2825 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2826 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2827 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 2828 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 2829 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\shell32.dll (Input=shell32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 2830 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 2831 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2832 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2833 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2834 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
|
|---|
| 2835 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
|
|---|
| 2836 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'shcore.dll'.
|
|---|
| 2837 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\StructuredQuery.dll) WinVerifyTrust
|
|---|
| 2838 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\StructuredQuery.dll
|
|---|
| 2839 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 2840 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2841 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 2842 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2843 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2844 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2845 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2846 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2847 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2848 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\StructuredQuery.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2849 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\StructuredQuery.dll
|
|---|
| 2850 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb18550000 LB 0x000ab000 C:\Windows\System32\StructuredQuery.dll [fFlags=0x0]
|
|---|
| 2851 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\StructuredQuery.dll
|
|---|
| 2852 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb18550000 'C:\Windows\System32\StructuredQuery.dll'
|
|---|
| 2853 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d50 pwszName=\Device\HarddiskVolume3\Windows\System32\atlthunk.dll
|
|---|
| 2854 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 2855 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 2856 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2B5BAE9325DA4A6F17F099C18E3EF6C1C488D21B
|
|---|
| 2857 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2858 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2859 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\atlthunk.dll'
|
|---|
| 2860 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2861 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\atlthunk.dll) WinVerifyTrust
|
|---|
| 2862 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\atlthunk.dll
|
|---|
| 2863 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\atlthunk.dll (Input=atlthunk.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2864 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\atlthunk.dll
|
|---|
| 2865 | 4564.47b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2866 | 4564.47b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2867 | 4564.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2868 | 4564.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
|
|---|
| 2869 | 4564.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\Windows.StateRepositoryPS.dll) WinVerifyTrust
|
|---|
| 2870 | 4564.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Windows.StateRepositoryPS.dll
|
|---|
| 2871 | 4564.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2872 | 4564.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2873 | 4564.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2874 | 4564.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2875 | 4564.47b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\\Windows.StateRepositoryPS.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2876 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffaffb90000 LB 0x0000c000 C:\Windows\System32\atlthunk.dll [fFlags=0x0]
|
|---|
| 2877 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\atlthunk.dll
|
|---|
| 2878 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaffb90000 'C:\Windows\System32\atlthunk.dll'
|
|---|
| 2879 | 4564.47b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.StateRepositoryPS.dll
|
|---|
| 2880 | 4564.47b4: supR3HardenedDllNotificationCallback: load 00007ffb15a80000 LB 0x00131000 C:\Windows\System32\Windows.StateRepositoryPS.dll [fFlags=0x0]
|
|---|
| 2881 | 4564.47b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.StateRepositoryPS.dll
|
|---|
| 2882 | 4564.47b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb15a80000 'C:\Windows\System32\\Windows.StateRepositoryPS.dll'
|
|---|
| 2883 | 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000db4 pwszName=\Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll
|
|---|
| 2884 | 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 2885 | 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 2886 | 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F794961C62AEEEDBE3C6D284B2BED25756D6E295
|
|---|
| 2887 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2888 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2889 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 2890 | 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll'
|
|---|
| 2891 | 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2892 | 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2893 | 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
|
|---|
| 2894 | 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'windows.storage.dll'.
|
|---|
| 2895 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'windows.storage.dll'...
|
|---|
| 2896 | 4564.21ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll) WinVerifyTrust
|
|---|
| 2897 | 4564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll
|
|---|
| 2898 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Windows.Storage.Search.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2899 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'windows.storage.dll' -> '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2900 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
|
|---|
| 2901 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 2902 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2903 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 2904 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2905 | 4564.21ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll
|
|---|
| 2906 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2907 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 2908 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\xmllite.dll
|
|---|
| 2909 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\xmllite.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2910 | 4564.21ac: supR3HardenedDllNotificationCallback: load 00007ffaf47e0000 LB 0x000bd000 C:\Windows\system32\Windows.Storage.Search.dll [fFlags=0x0]
|
|---|
| 2911 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17360000 'C:\Windows\system32\xmllite.dll'
|
|---|
| 2912 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll
|
|---|
| 2913 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf47e0000 'C:\Windows\system32\Windows.Storage.Search.dll'
|
|---|
| 2914 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 2915 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 2916 | 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'fltlib.dll'.
|
|---|
| 2917 | 4564.21ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cldapi.dll)
|
|---|
| 2918 | 4564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cldapi.dll
|
|---|
| 2919 | 4564.21ac: supR3HardenedDllNotificationCallback: load 00007ffb11440000 LB 0x0001d000 C:\Windows\SYSTEM32\CLDAPI.dll [fFlags=0x0]
|
|---|
| 2920 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cldapi.dll [avoiding WinVerifyTrust]
|
|---|
| 2921 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000df4 pwszName=\Device\HarddiskVolume3\Windows\System32\cldapi.dll
|
|---|
| 2922 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 2923 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 2924 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0FEA052919BDD1B162D19DBCEBB2A3111F687E2C
|
|---|
| 2925 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'fltlib.dll'...
|
|---|
| 2926 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'fltlib.dll' -> '\Device\HarddiskVolume3\Windows\System32\fltlib.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2927 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\fltLib.dll [lacks WinVerifyTrust]
|
|---|
| 2928 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2929 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2930 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cldapi.dll'
|
|---|
| 2931 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2932 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cldapi.dll'
|
|---|
| 2933 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll
|
|---|
| 2934 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\windowscodecs.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2935 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1c740000 'C:\Windows\system32\windowscodecs.dll'
|
|---|
| 2936 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 2937 | 4564.21ac: supR3HardenedDllNotificationCallback: load 00007ffb232b0000 LB 0x00074000 C:\Windows\System32\coml2.dll [fFlags=0x0]
|
|---|
| 2938 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e80 pwszName=\Device\HarddiskVolume3\Windows\System32\drprov.dll
|
|---|
| 2939 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 2940 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 2941 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8CF9537AAD625E2E0D00B2260973DB1E67689249
|
|---|
| 2942 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2943 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2944 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 2945 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 2946 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 2947 | 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'bcryptprimitives.dll'.
|
|---|
| 2948 | 4564.21ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\coml2.dll)
|
|---|
| 2949 | 4564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\coml2.dll
|
|---|
| 2950 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
|
|---|
| 2951 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2952 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
|
|---|
| 2953 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2954 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00116~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\drprov.dll'
|
|---|
| 2955 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2956 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2957 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
|
|---|
| 2958 | 4564.21ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2959 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winsta.dll'.
|
|---|
| 2960 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drprov.dll) WinVerifyTrust
|
|---|
| 2961 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drprov.dll
|
|---|
| 2962 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winsta.dll'...
|
|---|
| 2963 | 4564.21ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2964 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2965 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20890000 'C:\Windows\System32\windows.storage.dll'
|
|---|
| 2966 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winsta.dll' -> '\Device\HarddiskVolume3\Windows\System32\winsta.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2967 | 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2968 | 4564.21ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\linkinfo.dll)
|
|---|
| 2969 | 4564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\linkinfo.dll
|
|---|
| 2970 | 4564.21ac: supR3HardenedDllNotificationCallback: load 00007ffb17160000 LB 0x0000d000 C:\Windows\SYSTEM32\LINKINFO.dll [fFlags=0x0]
|
|---|
| 2971 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\linkinfo.dll [avoiding WinVerifyTrust]
|
|---|
| 2972 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2973 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2974 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2975 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2976 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2977 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\coml2.dll'
|
|---|
| 2978 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dec pwszName=\Device\HarddiskVolume3\Windows\System32\linkinfo.dll
|
|---|
| 2979 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 2980 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 2981 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79BC3FF6528CDFB9282EE87911AC3B0562B5DA4C
|
|---|
| 2982 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2983 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2984 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2985 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winsta.dll) WinVerifyTrust
|
|---|
| 2986 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winsta.dll
|
|---|
| 2987 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2988 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2989 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\drprov.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2990 | 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drprov.dll
|
|---|
| 2991 | 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winsta.dll
|
|---|
| 2992 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb1f2c0000 LB 0x00056000 C:\Windows\System32\WINSTA.dll [fFlags=0x0]
|
|---|
| 2993 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winsta.dll
|
|---|
| 2994 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb17c20000 LB 0x0000b000 C:\Windows\System32\drprov.dll [fFlags=0x0]
|
|---|
| 2995 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drprov.dll
|
|---|
| 2996 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\linkinfo.dll'
|
|---|
| 2997 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17c20000 'C:\Windows\System32\drprov.dll'
|
|---|
| 2998 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2999 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\linkinfo.dll'
|
|---|
| 3000 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ec4 pwszName=\Device\HarddiskVolume3\Windows\System32\ntlanman.dll
|
|---|
| 3001 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 3002 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 3003 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3004 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD38B72E1A4E988BECE59A064EBFC4B1261047F1
|
|---|
| 3005 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3006 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3007 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0016~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ntlanman.dll'
|
|---|
| 3008 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3009 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3010 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntlanman.dll) WinVerifyTrust
|
|---|
| 3011 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntlanman.dll
|
|---|
| 3012 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3013 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3014 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntlanman.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 3015 | 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntlanman.dll
|
|---|
| 3016 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf8a70000 LB 0x00016000 C:\Windows\System32\ntlanman.dll [fFlags=0x0]
|
|---|
| 3017 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntlanman.dll
|
|---|
| 3018 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8a70000 'C:\Windows\System32\ntlanman.dll'
|
|---|
| 3019 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ebc pwszName=\Device\HarddiskVolume3\Windows\System32\davclnt.dll
|
|---|
| 3020 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 3021 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 3022 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=88420B1CF9DBB8B243714E5420E52E40098E7221
|
|---|
| 3023 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3024 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3025 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\davclnt.dll'
|
|---|
| 3026 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3027 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3028 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'davhlpr.dll'.
|
|---|
| 3029 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\davclnt.dll) WinVerifyTrust
|
|---|
| 3030 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\davclnt.dll
|
|---|
| 3031 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'davhlpr.dll'...
|
|---|
| 3032 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'davhlpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\davhlpr.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3033 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed8 pwszName=\Device\HarddiskVolume3\Windows\System32\davhlpr.dll
|
|---|
| 3034 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 3035 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 3036 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4A1E52EC251FF08444227F7EF4901D327D1E05C9
|
|---|
| 3037 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3038 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3039 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\davhlpr.dll'
|
|---|
| 3040 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3041 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3042 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\davhlpr.dll) WinVerifyTrust
|
|---|
| 3043 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\davhlpr.dll
|
|---|
| 3044 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3045 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3046 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3047 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3048 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\davclnt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 3049 | 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\davclnt.dll
|
|---|
| 3050 | 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\davhlpr.dll
|
|---|
| 3051 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb17820000 LB 0x0000c000 C:\Windows\System32\DAVHLPR.dll [fFlags=0x0]
|
|---|
| 3052 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\davhlpr.dll
|
|---|
| 3053 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf8570000 LB 0x0001d000 C:\Windows\System32\davclnt.dll [fFlags=0x0]
|
|---|
| 3054 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\davclnt.dll
|
|---|
| 3055 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8570000 'C:\Windows\System32\davclnt.dll'
|
|---|
| 3056 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drprov.dll
|
|---|
| 3057 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\drprov.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 3058 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17c20000 'C:\Windows\System32\drprov.dll'
|
|---|
| 3059 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll [redoing WinVerifyTrust]
|
|---|
| 3060 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3061 | 4564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3062 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3063 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'
|
|---|
| 3064 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3065 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23e90000 'C:\Windows\System32\ntdll.dll'
|
|---|
| 3066 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntlanman.dll
|
|---|
| 3067 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntlanman.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 3068 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8a70000 'C:\Windows\System32\ntlanman.dll'
|
|---|
| 3069 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bcrypt.dll'.
|
|---|
| 3070 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
|
|---|
| 3071 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wkscli.dll)
|
|---|
| 3072 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wkscli.dll
|
|---|
| 3073 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb17d70000 LB 0x00017000 C:\Windows\System32\wkscli.dll [fFlags=0x0]
|
|---|
| 3074 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wkscli.dll [avoiding WinVerifyTrust]
|
|---|
| 3075 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3076 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3077 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 3078 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3079 | 4564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
|
|---|
| 3080 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3081 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3082 | 4564.2e34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wkscli.dll'
|
|---|
| 3083 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000edc pwszName=\Device\HarddiskVolume3\Windows\System32\cscapi.dll
|
|---|
| 3084 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 3085 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 3086 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4DB1D8118927E8E6291E31AA26ECDAD1B680670B
|
|---|
| 3087 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3088 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3089 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cscapi.dll'
|
|---|
| 3090 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3091 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3092 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cscapi.dll) WinVerifyTrust
|
|---|
| 3093 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cscapi.dll
|
|---|
| 3094 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3095 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3096 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cscapi.dll (Input=cscapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3097 | 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cscapi.dll
|
|---|
| 3098 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb076f0000 LB 0x00012000 C:\Windows\System32\cscapi.dll [fFlags=0x0]
|
|---|
| 3099 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cscapi.dll
|
|---|
| 3100 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb076f0000 'C:\Windows\System32\cscapi.dll'
|
|---|
| 3101 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\netutils.dll)
|
|---|
| 3102 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\netutils.dll
|
|---|
| 3103 | 4564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3104 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb1f8a0000 LB 0x0000e000 C:\Windows\System32\netutils.dll [fFlags=0x0]
|
|---|
| 3105 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netutils.dll [avoiding WinVerifyTrust]
|
|---|
| 3106 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3107 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3108 | 4564.2ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3109 | 4564.2ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
|
|---|
| 3110 | 4564.2ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'combase.dll'.
|
|---|
| 3111 | 4564.2ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\OneCoreUAPCommonProxyStub.dll) WinVerifyTrust
|
|---|
| 3112 | 4564.2ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\OneCoreUAPCommonProxyStub.dll
|
|---|
| 3113 | 4564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 3114 | 4564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3115 | 4564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3116 | 4564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3117 | 4564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3118 | 4564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3119 | 4564.2ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OneCoreUAPCommonProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3120 | 4564.2ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\OneCoreUAPCommonProxyStub.dll
|
|---|
| 3121 | 4564.2ef0: supR3HardenedDllNotificationCallback: load 00007ffb1b5d0000 LB 0x0069b000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll [fFlags=0x0]
|
|---|
| 3122 | 4564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\OneCoreUAPCommonProxyStub.dll
|
|---|
| 3123 | 4564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1b5d0000 'C:\Windows\System32\OneCoreUAPCommonProxyStub.dll'
|
|---|
| 3124 | 4564.2e34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\netutils.dll'
|
|---|
| 3125 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\davclnt.dll
|
|---|
| 3126 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\davclnt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 3127 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8570000 'C:\Windows\System32\davclnt.dll'
|
|---|
| 3128 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3129 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3130 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed0 pwszName=\Device\HarddiskVolume3\Windows\System32\twinapi.dll
|
|---|
| 3131 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 3132 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 3133 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4E551B01F33916D559CF2E2ACE2E65C9DBD107C6
|
|---|
| 3134 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3135 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3136 | 4564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3137 | 4564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3138 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00116~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\twinapi.dll'
|
|---|
| 3139 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3140 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3141 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
|
|---|
| 3142 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
|
|---|
| 3143 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
|
|---|
| 3144 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'textinputframework.dll'.
|
|---|
| 3145 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.dll) WinVerifyTrust
|
|---|
| 3146 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.dll
|
|---|
| 3147 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'...
|
|---|
| 3148 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume3\Windows\System32\textinputframework.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3149 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
|
|---|
| 3150 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3151 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3152 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 3153 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3154 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 3155 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3156 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
|
|---|
| 3157 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3158 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3159 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\twinapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3160 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.dll
|
|---|
| 3161 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb01e90000 LB 0x0009b000 C:\Windows\System32\twinapi.dll [fFlags=0x0]
|
|---|
| 3162 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.dll
|
|---|
| 3163 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01e90000 'C:\Windows\System32\twinapi.dll'
|
|---|
| 3164 | 4564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3165 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3166 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3167 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 3168 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\shell32.dll (Input=shell32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 3169 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3170 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll)
|
|---|
| 3171 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll
|
|---|
| 3172 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb1e470000 LB 0x0008b000 C:\Windows\SYSTEM32\apphelp.dll [fFlags=0x0]
|
|---|
| 3173 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [avoiding WinVerifyTrust]
|
|---|
| 3174 | 4564.2e34: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\apphelp.dll'.
|
|---|
| 3175 | 4564.2e34: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\apphelp.dll' [rescheduled]
|
|---|
| 3176 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 3177 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3178 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23e90000 'C:\Windows\System32\ntdll.dll'
|
|---|
| 3179 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fb4 pwszName=\Device\HarddiskVolume3\Windows\System32\dlnashext.dll
|
|---|
| 3180 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 3181 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 3182 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D786B11B93546459BB0959B74ABE557AA296AE50
|
|---|
| 3183 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3184 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3185 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Media-Streaming-avcore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\dlnashext.dll'
|
|---|
| 3186 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3187 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3188 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'oleaut32.dll'.
|
|---|
| 3189 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dlnashext.dll) WinVerifyTrust
|
|---|
| 3190 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dlnashext.dll
|
|---|
| 3191 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 3192 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3193 | 4564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 3194 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3195 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3196 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dlnashext.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3197 | 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dlnashext.dll
|
|---|
| 3198 | 4564.534: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports
|
|---|
| 3199 | 4564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll)
|
|---|
| 3200 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll
|
|---|
| 3201 | 4564.534: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000fc8 (hFile=0000000000000ff4) with 0xc0000022 -> STATUS_TRUST_FAILURE
|
|---|
| 3202 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
|
|---|
| 3203 | 4564.534: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000ff4 (hFile=0000000000000fc8) with 0xc0000022 -> STATUS_TRUST_FAILURE
|
|---|
| 3204 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf00f0000 LB 0x0004a000 C:\Windows\System32\dlnashext.dll [fFlags=0x0]
|
|---|
| 3205 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dlnashext.dll
|
|---|
| 3206 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf00f0000 'C:\Windows\System32\dlnashext.dll'
|
|---|
| 3207 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fec pwszName=\Device\HarddiskVolume3\Windows\System32\tzres.dll
|
|---|
| 3208 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 3209 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 3210 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=19F6C79DBE47B428474B0A1A94D7A4925FA87FE8
|
|---|
| 3211 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3212 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3213 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1025_for_KB4467682~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\tzres.dll'
|
|---|
| 3214 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3215 | 4564.2e34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\tzres.dll'
|
|---|
| 3216 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001024 pwszName=\Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll
|
|---|
| 3217 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 3218 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 3219 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F63EA59A2FE63EFA3A4F1A8F43E961B943894F0A
|
|---|
| 3220 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3221 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3222 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
|
|---|
| 3223 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msctf.dll (Input=msctf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3224 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23b70000 'C:\Windows\System32\msctf.dll'
|
|---|
| 3225 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll'
|
|---|
| 3226 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3227 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3228 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
|
|---|
| 3229 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll) WinVerifyTrust
|
|---|
| 3230 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll
|
|---|
| 3231 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3232 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3233 | 4564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 3234 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3235 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3236 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\PlayToDevice.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3237 | 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll
|
|---|
| 3238 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3239 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3240 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3241 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3242 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001074 pwszName=\Device\HarddiskVolume3\Windows\System32\actxprxy.dll
|
|---|
| 3243 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 3244 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 3245 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C369042ADB3C740797A470FD44D69B8D07FF6061
|
|---|
| 3246 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3247 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3248 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0018~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\actxprxy.dll'
|
|---|
| 3249 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3250 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3251 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
|
|---|
| 3252 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\actxprxy.dll) WinVerifyTrust
|
|---|
| 3253 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\actxprxy.dll
|
|---|
| 3254 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3255 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3256 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3257 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3258 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ActXPrxy.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3259 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf56d0000 LB 0x00063000 C:\Windows\System32\PlayToDevice.dll [fFlags=0x0]
|
|---|
| 3260 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll
|
|---|
| 3261 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf56d0000 'C:\Windows\System32\PlayToDevice.dll'
|
|---|
| 3262 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\actxprxy.dll
|
|---|
| 3263 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffafc190000 LB 0x00097000 C:\Windows\System32\ActXPrxy.dll [fFlags=0x0]
|
|---|
| 3264 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\actxprxy.dll
|
|---|
| 3265 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafc190000 'C:\Windows\System32\ActXPrxy.dll'
|
|---|
| 3266 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3267 | 4564.3f28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3268 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3269 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3270 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DevDispItemProvider.dll) WinVerifyTrust
|
|---|
| 3271 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DevDispItemProvider.dll
|
|---|
| 3272 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3273 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3274 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DevDispItemProvider.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3275 | 4564.4a64: \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 df 3e 1c 38 f6 e1 a9 82 7f d7 91 40 e9 03 00 00)
|
|---|
| 3276 | 4564.4a64: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll)
|
|---|
| 3277 | 4564.4a64: Error (rc=0):
|
|---|
| 3278 | 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'.
|
|---|
| 3279 | 4564.4a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
|
|---|
| 3280 | 4564.4a64: Error (rc=0):
|
|---|
| 3281 | 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DevDispItemProvider.dll
|
|---|
| 3282 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
|
|---|
| 3283 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
|
|---|
| 3284 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf5480000 LB 0x0001e000 C:\Windows\System32\DevDispItemProvider.dll [fFlags=0x0]
|
|---|
| 3285 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DevDispItemProvider.dll
|
|---|
| 3286 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf5480000 'C:\Windows\System32\DevDispItemProvider.dll'
|
|---|
| 3287 | 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3288 | 4564.4a64: Error (rc=0):
|
|---|
| 3289 | 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
|
|---|
| 3290 | 4564.4a64: Error (rc=0):
|
|---|
| 3291 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
|
|---|
| 3292 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
|
|---|
| 3293 | 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3294 | 4564.4a64: Error (rc=0):
|
|---|
| 3295 | 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
|
|---|
| 3296 | 4564.4a64: Error (rc=0):
|
|---|
| 3297 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
|
|---|
| 3298 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
|
|---|
| 3299 | 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3300 | 4564.4a64: Error (rc=0):
|
|---|
| 3301 | 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
|
|---|
| 3302 | 4564.4a64: Error (rc=0):
|
|---|
| 3303 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
|
|---|
| 3304 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
|
|---|
| 3305 | 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3306 | 4564.4a64: Error (rc=0):
|
|---|
| 3307 | 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
|
|---|
| 3308 | 4564.4a64: Error (rc=0):
|
|---|
| 3309 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
|
|---|
| 3310 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
|
|---|
| 3311 | 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3312 | 4564.4a64: Error (rc=0):
|
|---|
| 3313 | 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
|
|---|
| 3314 | 4564.4a64: Error (rc=0):
|
|---|
| 3315 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
|
|---|
| 3316 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
|
|---|
| 3317 | 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3318 | 4564.4a64: Error (rc=0):
|
|---|
| 3319 | 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
|
|---|
| 3320 | 4564.4a64: Error (rc=0):
|
|---|
| 3321 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
|
|---|
| 3322 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
|
|---|
| 3323 | 4564.4a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011d8 pwszName=\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
|
|---|
| 3324 | 4564.4a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 3325 | 4564.4a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 3326 | 4564.4a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9A51702A19F6C63BB83D147F8FD87592666F211D
|
|---|
| 3327 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3328 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3329 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 3330 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
|
|---|
| 3331 | 4564.4a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0017~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll'
|
|---|
| 3332 | 4564.4a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3333 | 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3334 | 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 3335 | 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
|
|---|
| 3336 | 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
|
|---|
| 3337 | 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
|
|---|
| 3338 | 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
|
|---|
| 3339 | 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
|
|---|
| 3340 | 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'.
|
|---|
| 3341 | 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'comctl32.dll'.
|
|---|
| 3342 | 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'setupapi.dll'.
|
|---|
| 3343 | 4564.4a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll) WinVerifyTrust
|
|---|
| 3344 | 4564.4a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
|
|---|
| 3345 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 3346 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3347 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3348 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3349 | 4564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3350 | 4564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3351 | 4564.4200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
|
|---|
| 3352 | 4564.4200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'devobj.dll'.
|
|---|
| 3353 | 4564.4200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'propsys.dll'.
|
|---|
| 3354 | 4564.4200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
|
|---|
| 3355 | 4564.4200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
|
|---|
| 3356 | 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
|
|---|
| 3357 | 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3358 | 4564.4200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
|
|---|
| 3359 | 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
|
|---|
| 3360 | 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3361 | 4564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3362 | 4564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3363 | 4564.4200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'cfgmgr32.dll'.
|
|---|
| 3364 | 4564.4200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
|
|---|
| 3365 | 4564.4200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
|
|---|
| 3366 | 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3367 | 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3368 | 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
|
|---|
| 3369 | 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3370 | 4564.4200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
|
|---|
| 3371 | 4564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3372 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3373 | 4564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3374 | 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3375 | 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
|
|---|
| 3376 | 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
|
|---|
| 3377 | 4564.4a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
|
|---|
| 3378 | 4564.4a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
|
|---|
| 3379 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
|
|---|
| 3380 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
|
|---|
| 3381 | 4564.4a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comctl32.dll
|
|---|
| 3382 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 3383 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3384 | 4564.4a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
|
|---|
| 3385 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
|
|---|
| 3386 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3387 | 4564.4a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
|
|---|
| 3388 | 4564.4200: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
|
|---|
| 3389 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 3390 | 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
|
|---|
| 3391 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3392 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3393 | 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3394 | 4564.4200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
|
|---|
| 3395 | 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3396 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3397 | 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3398 | 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3399 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 3400 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3401 | 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3402 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 3403 | 4564.4200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3404 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3405 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3406 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3407 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3408 | 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3409 | 4564.4200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
|
|---|
| 3410 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3411 | 4564.4200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
|
|---|
| 3412 | 4564.4200: supR3HardenedDllNotificationCallback: load 00007ffb1ffb0000 LB 0x00027000 C:\Windows\System32\DEVOBJ.dll [fFlags=0x0]
|
|---|
| 3413 | 4564.4200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
|
|---|
| 3414 | 4564.4200: supR3HardenedDllNotificationCallback: load 00007ffb16440000 LB 0x00076000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
|
|---|
| 3415 | 4564.4200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
|
|---|
| 3416 | 4564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb16440000 'C:\Windows\System32\MMDevApi.dll'
|
|---|
| 3417 | 4564.4a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
|
|---|
| 3418 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3419 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010a8 pwszName=\Device\HarddiskVolume3\Windows\System32\wpdshext.dll
|
|---|
| 3420 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 3421 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 3422 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF411C4284357D09E896CD865422547CE8E1E425
|
|---|
| 3423 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3424 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3425 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WPD-UltimatePortableDeviceFeature-Feature-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wpdshext.dll'
|
|---|
| 3426 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3427 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3428 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
|
|---|
| 3429 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
|
|---|
| 3430 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
|
|---|
| 3431 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
|
|---|
| 3432 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdiplus.dll'.
|
|---|
| 3433 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wpdshext.dll) WinVerifyTrust
|
|---|
| 3434 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wpdshext.dll
|
|---|
| 3435 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdiplus.dll'...
|
|---|
| 3436 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdiplus.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdiplus.dll' [rcNtRedir=0x0]
|
|---|
| 3437 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000124c pwszName=\Device\HarddiskVolume3\Windows\System32\GdiPlus.dll
|
|---|
| 3438 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 3439 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 3440 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B29157056BC84628E10AAF028774225400A820FA
|
|---|
| 3441 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3442 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3443 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1813_for_KB4471324~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume3\Windows\System32\GdiPlus.dll'
|
|---|
| 3444 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3445 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3446 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
|
|---|
| 3447 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'gdi32.dll'.
|
|---|
| 3448 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\GdiPlus.dll) WinVerifyTrust
|
|---|
| 3449 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\GdiPlus.dll
|
|---|
| 3450 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3451 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3452 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 3453 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3454 | 4564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
|
|---|
| 3455 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 3456 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3457 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3458 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3459 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3460 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3461 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 3462 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3463 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3464 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3465 | 4564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 3466 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3467 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3468 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wpdshext.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3469 | 4564.4a64: supR3HardenedDllNotificationCallback: load 00007ffb22bb0000 LB 0x0044b000 C:\Windows\System32\SETUPAPI.dll [fFlags=0x0]
|
|---|
| 3470 | 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
|
|---|
| 3471 | 4564.4a64: supR3HardenedDllNotificationCallback: load 00007ffafe680000 LB 0x00037000 C:\Windows\System32\EhStorShell.dll [fFlags=0x0]
|
|---|
| 3472 | 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
|
|---|
| 3473 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe680000 'C:\Windows\System32\EhStorShell.dll'
|
|---|
| 3474 | 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
|
|---|
| 3475 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3476 | 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe680000 'C:\Windows\System32\EhStorShell.dll'
|
|---|
| 3477 | 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wpdshext.dll
|
|---|
| 3478 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3479 | 4564.21ac: Error (rc=0):
|
|---|
| 3480 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
|
|---|
| 3481 | 4564.21ac: Error (rc=0):
|
|---|
| 3482 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
|
|---|
| 3483 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3484 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
|
|---|
| 3485 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
|
|---|
| 3486 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'gdi32.dll'.
|
|---|
| 3487 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll)
|
|---|
| 3488 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll
|
|---|
| 3489 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3490 | 4564.21ac: Error (rc=0):
|
|---|
| 3491 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
|
|---|
| 3492 | 4564.21ac: Error (rc=0):
|
|---|
| 3493 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
|
|---|
| 3494 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
|
|---|
| 3495 | 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012f4 pwszName=\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll
|
|---|
| 3496 | 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
|
|---|
| 3497 | 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
|
|---|
| 3498 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaff6d0000 LB 0x0019a000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\gdiplus.dll [fFlags=0x0]
|
|---|
| 3499 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll [avoiding WinVerifyTrust]
|
|---|
| 3500 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf66d0000 LB 0x001e1000 C:\Windows\system32\wpdshext.dll [fFlags=0x0]
|
|---|
| 3501 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wpdshext.dll
|
|---|
| 3502 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf66d0000 'C:\Windows\system32\wpdshext.dll'
|
|---|
| 3503 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 3504 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3505 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3506 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3507 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3508 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3509 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\Comctl32.dll'
|
|---|
| 3510 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\Comctl32.dll'
|
|---|
| 3511 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001364 pwszName=\Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll
|
|---|
| 3512 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000a88a840
|
|---|
| 3513 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
|
|---|
| 3514 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B7CC541089F78F23129583FF74E5C38F6B5E14C2
|
|---|
| 3515 | 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9D766A36B546A5168A943DF2989F836F88CA44D2
|
|---|
| 3516 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3517 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3518 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3519 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3520 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WPD-UltimatePortableDeviceFeature-Feature-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll'
|
|---|
| 3521 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3522 | 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1813_for_KB4483234~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll'
|
|---|
| 3523 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3524 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
|
|---|
| 3525 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll) WinVerifyTrust
|
|---|
| 3526 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll
|
|---|
| 3527 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3528 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3529 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3530 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3531 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\PortableDeviceApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3532 | 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll
|
|---|
| 3533 | 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3534 | 4564.21ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll'
|
|---|
| 3535 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3536 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3537 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3538 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3539 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3540 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf10b0000 LB 0x0009c000 C:\Windows\System32\PortableDeviceApi.dll [fFlags=0x0]
|
|---|
| 3541 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll
|
|---|
| 3542 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf10b0000 'C:\Windows\System32\PortableDeviceApi.dll'
|
|---|
| 3543 | 4564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3544 | 4564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3545 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3546 | 4564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3547 | 4564.2a6c: Error (rc=0):
|
|---|
| 3548 | 4564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
|
|---|
| 3549 | 4564.2a6c: Error (rc=0):
|
|---|
| 3550 | 4564.2a6c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
|
|---|
| 3551 | 4564.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
|
|---|
| 3552 | 4564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3553 | 4564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3554 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000013bc pwszName=\Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll
|
|---|
| 3555 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
|
|---|
| 3556 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
|
|---|
| 3557 | 4564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3558 | 4564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3559 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C79A9C7FF4206A48DABB389F73838D462F3034B6
|
|---|
| 3560 | 4564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3561 | 4564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3562 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3563 | 4564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3564 | 4564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3565 | 4564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3566 | 4564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3567 | 4564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3568 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3569 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0017~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll'
|
|---|
| 3570 | 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3571 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3572 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 3573 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
|
|---|
| 3574 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
|
|---|
| 3575 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'.
|
|---|
| 3576 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'.
|
|---|
| 3577 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wtsapi32.dll'.
|
|---|
| 3578 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll) WinVerifyTrust
|
|---|
| 3579 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll
|
|---|
| 3580 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
|
|---|
| 3581 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3582 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3583 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3584 | 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3585 | 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll) WinVerifyTrust
|
|---|
| 3586 | 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
|
|---|
| 3587 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 3588 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3589 | 4564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
|
|---|
| 3590 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 3591 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3592 | 4564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
|
|---|
| 3593 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 3594 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3595 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3596 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3597 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3598 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3599 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3600 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3601 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3602 | 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3603 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorAPI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3604 | 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll
|
|---|
| 3605 | 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
|
|---|
| 3606 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb1cbf0000 LB 0x00013000 C:\Windows\System32\WTSAPI32.dll [fFlags=0x0]
|
|---|
| 3607 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
|
|---|
| 3608 | 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaef850000 LB 0x00025000 C:\Windows\System32\EhStorAPI.dll [fFlags=0x0]
|
|---|
| 3609 | 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll
|
|---|
| 3610 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaef850000 'C:\Windows\System32\EhStorAPI.dll'
|
|---|
| 3611 | 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3612 | 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3613 | 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
|
|---|
| 3614 | 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
|
|---|
| 3615 | 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
|
|---|
| 3616 | 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'sspicli.dll'.
|
|---|
| 3617 | 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
|
|---|
| 3618 | 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'propsys.dll'.
|
|---|
| 3619 | 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
|
|---|
| 3620 | 4564.21ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ntshrui.dll)
|
|---|
| 3621 | 4564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntshrui.dll
|
|---|
| 3622 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d14 pwszName=\Device\HarddiskVolume3\Windows\System32\ntshrui.dll
|
|---|
| 3623 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
|
|---|
| 3624 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
|
|---|
| 3625 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31DC55F045F3A7865880C09562CB550FA861F0DD
|
|---|
| 3626 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3627 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3628 | 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 3629 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
|
|---|
| 3630 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3631 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
|
|---|
| 3632 | 4564.21ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sspicli.dll)
|
|---|
| 3633 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 3634 | 4564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sspicli.dll
|
|---|
| 3635 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3636 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sspicli.dll'...
|
|---|
| 3637 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'sspicli.dll' -> '\Device\HarddiskVolume3\Windows\System32\sspicli.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3638 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sspicli.dll [lacks WinVerifyTrust]
|
|---|
| 3639 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 3640 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3641 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
|
|---|
| 3642 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 3643 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3644 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 3645 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3646 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3647 | 4564.21ac: supR3HardenedDllNotificationCallback: load 00007ffb200d0000 LB 0x00030000 C:\Windows\SYSTEM32\SspiCli.dll [fFlags=0x0]
|
|---|
| 3648 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3649 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sspicli.dll [avoiding WinVerifyTrust]
|
|---|
| 3650 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3651 | 4564.21ac: supR3HardenedDllNotificationCallback: load 00007ffafcef0000 LB 0x000da000 C:\Windows\SYSTEM32\ntshrui.dll [fFlags=0x0]
|
|---|
| 3652 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3653 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ntshrui.dll [avoiding WinVerifyTrust]
|
|---|
| 3654 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3655 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3656 | 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 3657 | 4564.21ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\srvcli.dll)
|
|---|
| 3658 | 4564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\srvcli.dll
|
|---|
| 3659 | 4564.21ac: supR3HardenedDllNotificationCallback: load 00007ffb0a090000 LB 0x00026000 C:\Windows\SYSTEM32\srvcli.dll [fFlags=0x0]
|
|---|
| 3660 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\srvcli.dll [avoiding WinVerifyTrust]
|
|---|
| 3661 | 4564.21ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3662 | 4564.21ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3663 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3664 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ntshrui.dll'
|
|---|
| 3665 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3666 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3667 | 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntshrui.dll'
|
|---|
| 3668 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3669 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bd0 pwszName=\Device\HarddiskVolume3\Windows\System32\networkexplorer.dll
|
|---|
| 3670 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
|
|---|
| 3671 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
|
|---|
| 3672 | 4564.21ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\srvcli.dll'
|
|---|
| 3673 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3674 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46012622E4C634E9BD2E2CD2F9AD4B70A49688AA
|
|---|
| 3675 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3676 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3677 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3678 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0017~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\networkexplorer.dll'
|
|---|
| 3679 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3680 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3681 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'.
|
|---|
| 3682 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ole32.dll'.
|
|---|
| 3683 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'shlwapi.dll'.
|
|---|
| 3684 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'shell32.dll'.
|
|---|
| 3685 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'propsys.dll'.
|
|---|
| 3686 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'gdi32.dll'.
|
|---|
| 3687 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
|
|---|
| 3688 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\networkexplorer.dll) WinVerifyTrust
|
|---|
| 3689 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\networkexplorer.dll
|
|---|
| 3690 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3691 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3692 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 3693 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3694 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
|
|---|
| 3695 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3696 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
|
|---|
| 3697 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 3698 | 4564.21ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sspicli.dll'
|
|---|
| 3699 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3700 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 3701 | 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cscapi.dll
|
|---|
| 3702 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3703 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cscapi.dll (Input=cscapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3704 | 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb076f0000 'C:\Windows\System32\cscapi.dll'
|
|---|
| 3705 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 3706 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3707 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 3708 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3709 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3710 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3711 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NetworkExplorer.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3712 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\networkexplorer.dll
|
|---|
| 3713 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffae8f70000 LB 0x00127000 C:\Windows\system32\NetworkExplorer.dll [fFlags=0x0]
|
|---|
| 3714 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\networkexplorer.dll
|
|---|
| 3715 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8f70000 'C:\Windows\system32\NetworkExplorer.dll'
|
|---|
| 3716 | 4564.3f28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3717 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3718 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3719 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3720 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3721 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3722 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3723 | 4564.534: supR3HardenedDllNotificationCallback: Unload 00007ffb133d0000 LB 0x00339000 C:\Windows\System32\MsftEdit.dll [flags=0x0]
|
|---|
| 3724 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3725 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3726 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3727 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3728 | 4564.534: supR3HardenedDllNotificationCallback: Unload 00007ffb17360000 LB 0x00039000 C:\Windows\system32\xmllite.dll [flags=0x0]
|
|---|
| 3729 | 4564.2e34: supR3HardenedDllNotificationCallback: Unload 00007ffaf66d0000 LB 0x001e1000 C:\Windows\system32\wpdshext.dll [flags=0x0]
|
|---|
| 3730 | 4564.2e34: supR3HardenedDllNotificationCallback: Unload 00007ffaff6d0000 LB 0x0019a000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\gdiplus.dll [flags=0x0]
|
|---|
| 3731 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23a10000 'C:\Windows\System32\ole32.dll'
|
|---|
| 3732 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23490000 'C:\Windows\System32\OLEAUT32.dll'
|
|---|
| 3733 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001010 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
|
|---|
| 3734 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
|
|---|
| 3735 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
|
|---|
| 3736 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D49375F38056AA009353FFDCCD59474093558A8B
|
|---|
| 3737 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3738 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3739 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
|
|---|
| 3740 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3741 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3742 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 3743 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
|
|---|
| 3744 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
|
|---|
| 3745 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
|
|---|
| 3746 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
|
|---|
| 3747 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3748 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fc4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
|
|---|
| 3749 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
|
|---|
| 3750 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
|
|---|
| 3751 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=85E1C37A6BD4306E57F09FFDB448860467295EFB
|
|---|
| 3752 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
|
|---|
| 3753 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3754 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3755 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3756 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
|
|---|
| 3757 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3758 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3759 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
|
|---|
| 3760 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
|
|---|
| 3761 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
|
|---|
| 3762 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
|
|---|
| 3763 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 3764 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3765 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 3766 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3767 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3768 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 3769 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3770 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 3771 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 3772 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3773 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
|
|---|
| 3774 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3775 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3776 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 3777 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3778 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
|
|---|
| 3779 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
|
|---|
| 3780 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb106c0000 LB 0x00083000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
|
|---|
| 3781 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
|
|---|
| 3782 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb0c410000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
|
|---|
| 3783 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
|
|---|
| 3784 | 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 3785 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 3786 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
|
|---|
| 3787 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c410000 'C:\Windows\system32\wbem\wbemprox.dll'
|
|---|
| 3788 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ac4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 3789 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
|
|---|
| 3790 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
|
|---|
| 3791 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38422F12A30C69B303E7EBE427C8D87E3024ED12
|
|---|
| 3792 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3793 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3794 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
|
|---|
| 3795 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3796 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3797 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
|
|---|
| 3798 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
|
|---|
| 3799 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 3800 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3801 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3802 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3803 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3804 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3805 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 3806 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb0ee90000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
|
|---|
| 3807 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 3808 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0ee90000 'C:\Windows\system32\wbem\wbemsvc.dll'
|
|---|
| 3809 | 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
|
|---|
| 3810 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 3811 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-localization-l1-2-0.dll'
|
|---|
| 3812 | 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 3813 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 3814 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
|
|---|
| 3815 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b48 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
|
|---|
| 3816 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
|
|---|
| 3817 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
|
|---|
| 3818 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07493B638EF356F68BE9306C76CDBF2D22198E5A
|
|---|
| 3819 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3820 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3821 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
|
|---|
| 3822 | 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3823 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3824 | 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
|
|---|
| 3825 | 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
|
|---|
| 3826 | 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
|
|---|
| 3827 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
|
|---|
| 3828 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3829 | 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
|
|---|
| 3830 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3831 | 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3832 | 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3833 | 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
|
|---|
| 3834 | 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb0ecc0000 LB 0x000f2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
|
|---|
| 3835 | 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
|
|---|
| 3836 | 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0ecc0000 'C:\Windows\system32\wbem\fastprox.dll'
|
|---|
| 3837 | 4564.4540: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3838 | 4564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3839 | 4564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
|
|---|
| 3840 | 4564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 3841 | 4564.4540: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
|
|---|
| 3842 | 4564.4540: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3843 | 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3844 | 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3845 | 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
|
|---|
| 3846 | 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3847 | 4564.4540: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3848 | 4564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
|
|---|
| 3849 | 4564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
|
|---|
| 3850 | 4564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
|
|---|
| 3851 | 4564.4540: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
|
|---|
| 3852 | 4564.4540: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
|
|---|
| 3853 | 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3854 | 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3855 | 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3856 | 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3857 | 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 3858 | 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3859 | 4564.4540: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3860 | 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3861 | 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3862 | 4564.4540: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3863 | 4564.4540: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3864 | 4564.4540: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
|
|---|
| 3865 | 4564.4540: supR3HardenedDllNotificationCallback: load 0000000075260000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
|
|---|
| 3866 | 4564.4540: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
|
|---|
| 3867 | 4564.4540: supR3HardenedDllNotificationCallback: load 00007ffaee110000 LB 0x00325000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
|
|---|
| 3868 | 4564.4540: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3869 | 4564.4540: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaee110000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
|
|---|
| 3870 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3871 | 4564.1b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3872 | 4564.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3873 | 4564.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
|
|---|
| 3874 | 4564.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 3875 | 4564.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
|
|---|
| 3876 | 4564.1b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
|
|---|
| 3877 | 4564.1b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
|
|---|
| 3878 | 4564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3879 | 4564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3880 | 4564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3881 | 4564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3882 | 4564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 3883 | 4564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3884 | 4564.1b24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3885 | 4564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3886 | 4564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3887 | 4564.1b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3888 | 4564.1b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
|
|---|
| 3889 | 4564.1b24: supR3HardenedDllNotificationCallback: load 00007ffb1bfe0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
|
|---|
| 3890 | 4564.1b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
|
|---|
| 3891 | 4564.1b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1bfe0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
|
|---|
| 3892 | 4564.1b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'C:\Windows\system32\User32.dll'
|
|---|
| 3893 | 4564.2988: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3894 | 4564.2988: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3895 | 4564.2988: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 3896 | 4564.2988: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 3897 | 4564.2988: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
|
|---|
| 3898 | 4564.2988: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
|
|---|
| 3899 | 4564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3900 | 4564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3901 | 4564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 3902 | 4564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3903 | 4564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3904 | 4564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3905 | 4564.2988: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3906 | 4564.2988: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
|
|---|
| 3907 | 4564.2988: supR3HardenedDllNotificationCallback: load 00007ffb18630000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
|
|---|
| 3908 | 4564.2988: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
|
|---|
| 3909 | 4564.2988: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb18630000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
|
|---|
| 3910 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\Shell32.dll'
|
|---|
| 3911 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bf8 pwszName=\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
|
|---|
| 3912 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
|
|---|
| 3913 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
|
|---|
| 3914 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2A7181E087C6ECA0DCCA8A166331DF79FF089117
|
|---|
| 3915 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3916 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3917 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll'
|
|---|
| 3918 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3919 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vid.dll'.
|
|---|
| 3920 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
|
|---|
| 3921 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
|
|---|
| 3922 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
|
|---|
| 3923 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3924 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3925 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
|
|---|
| 3926 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume3\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3927 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bf4 pwszName=\Device\HarddiskVolume3\Windows\System32\vid.dll
|
|---|
| 3928 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
|
|---|
| 3929 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
|
|---|
| 3930 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F454C22DC5AFF4C1E546711FF3DA50D9DE5A940C
|
|---|
| 3931 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3932 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3933 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-VID-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\vid.dll'
|
|---|
| 3934 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3935 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'devobj.dll'.
|
|---|
| 3936 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vid.dll) WinVerifyTrust
|
|---|
| 3937 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vid.dll
|
|---|
| 3938 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
|
|---|
| 3939 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3940 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
|
|---|
| 3941 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3942 | 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
|
|---|
| 3943 | 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
|
|---|
| 3944 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb182b0000 LB 0x0000f000 C:\Windows\SYSTEM32\vid.dll [fFlags=0x0]
|
|---|
| 3945 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
|
|---|
| 3946 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb17a60000 LB 0x00018000 C:\Windows\system32\WinHvPlatform.dll [fFlags=0x0]
|
|---|
| 3947 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
|
|---|
| 3948 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17a60000 'C:\Windows\system32\WinHvPlatform.dll'
|
|---|
| 3949 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
|
|---|
| 3950 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3951 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb182b0000 'C:\Windows\system32\vid.dll'
|
|---|
| 3952 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 3953 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3954 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23e90000 'C:\Windows\system32\NTDLL.DLL'
|
|---|
| 3955 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3956 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3957 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3958 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
|
|---|
| 3959 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 3960 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
|
|---|
| 3961 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
|
|---|
| 3962 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 3963 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
|
|---|
| 3964 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
|
|---|
| 3965 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
|
|---|
| 3966 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
|
|---|
| 3967 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
|
|---|
| 3968 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
|
|---|
| 3969 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
|
|---|
| 3970 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3971 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3972 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3973 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
|
|---|
| 3974 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
|
|---|
| 3975 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 3976 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3977 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 3978 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3979 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 3980 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 3981 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3982 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
|
|---|
| 3983 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3984 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3985 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
|
|---|
| 3986 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3987 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3988 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3989 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 3990 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
|
|---|
| 3991 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
|
|---|
| 3992 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
|
|---|
| 3993 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3994 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3995 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3996 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3997 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3998 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 3999 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4000 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 4001 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 4002 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 4003 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
|
|---|
| 4004 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
|
|---|
| 4005 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
|
|---|
| 4006 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
|
|---|
| 4007 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 4008 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4009 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 4010 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4011 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 4012 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 4013 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4014 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 4015 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4016 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 4017 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4018 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
|
|---|
| 4019 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 4020 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4021 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 4022 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4023 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 4024 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4025 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4026 | 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
|
|---|
| 4027 | 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
|
|---|
| 4028 | 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
|
|---|
| 4029 | 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
|
|---|
| 4030 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffaedf40000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
|
|---|
| 4031 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
|
|---|
| 4032 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffaf5500000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
|
|---|
| 4033 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
|
|---|
| 4034 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb1f7a0000 LB 0x00038000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
|
|---|
| 4035 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
|
|---|
| 4036 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffada7a0000 LB 0x009d7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
|
|---|
| 4037 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
|
|---|
| 4038 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffada7a0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
|
|---|
| 4039 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4040 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 4041 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4042 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadf3a0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
|
|---|
| 4043 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4044 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
|
|---|
| 4045 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4046 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf5500000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
|
|---|
| 4047 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4048 | 4564.2994: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4049 | 4564.2994: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 4050 | 4564.2994: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
|
|---|
| 4051 | 4564.2994: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 4052 | 4564.2994: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
|
|---|
| 4053 | 4564.2994: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
|
|---|
| 4054 | 4564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 4055 | 4564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4056 | 4564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 4057 | 4564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4058 | 4564.2994: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 4059 | 4564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 4060 | 4564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4061 | 4564.2994: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4062 | 4564.2994: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
|
|---|
| 4063 | 4564.2994: supR3HardenedDllNotificationCallback: load 00007ffb10f70000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
|
|---|
| 4064 | 4564.2994: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
|
|---|
| 4065 | 4564.2994: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10f70000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
|
|---|
| 4066 | 4564.49b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4067 | 4564.49b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 4068 | 4564.49b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 4069 | 4564.49b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
|
|---|
| 4070 | 4564.49b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
|
|---|
| 4071 | 4564.49b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
|
|---|
| 4072 | 4564.49b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
|
|---|
| 4073 | 4564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 4074 | 4564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4075 | 4564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 4076 | 4564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4077 | 4564.49b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 4078 | 4564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 4079 | 4564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4080 | 4564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 4081 | 4564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4082 | 4564.49b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4083 | 4564.49b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
|
|---|
| 4084 | 4564.49b4: supR3HardenedDllNotificationCallback: load 00007ffb17be0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
|
|---|
| 4085 | 4564.49b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
|
|---|
| 4086 | 4564.49b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17be0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
|
|---|
| 4087 | 4564.4af8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4088 | 4564.4af8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 4089 | 4564.4af8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 4090 | 4564.4af8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 4091 | 4564.4af8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
|
|---|
| 4092 | 4564.4af8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
|
|---|
| 4093 | 4564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 4094 | 4564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4095 | 4564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 4096 | 4564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4097 | 4564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 4098 | 4564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4099 | 4564.4af8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4100 | 4564.4af8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
|
|---|
| 4101 | 4564.4af8: supR3HardenedDllNotificationCallback: load 00007ffb177f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
|
|---|
| 4102 | 4564.4af8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
|
|---|
| 4103 | 4564.4af8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb177f0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
|
|---|
| 4104 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
|
|---|
| 4105 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4106 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f7a0000 'C:\Windows\system32\Iphlpapi.dll'
|
|---|
| 4107 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 4108 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
|
|---|
| 4109 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
|
|---|
| 4110 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
|
|---|
| 4111 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb21320000 LB 0x00008000 C:\Windows\System32\NSI.dll [fFlags=0x0]
|
|---|
| 4112 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
|
|---|
| 4113 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
|
|---|
| 4114 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb16d30000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
|
|---|
| 4115 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
|
|---|
| 4116 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 4117 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
|
|---|
| 4118 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
|
|---|
| 4119 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb16d10000 LB 0x00016000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
|
|---|
| 4120 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
|
|---|
| 4121 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 4122 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
|
|---|
| 4123 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
|
|---|
| 4124 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
|
|---|
| 4125 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
|
|---|
| 4126 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb16cf0000 LB 0x0001a000 C:\Windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
|
|---|
| 4127 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
|
|---|
| 4128 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001088 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
|
|---|
| 4129 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
|
|---|
| 4130 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
|
|---|
| 4131 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F7955EB983A0B99F7EADAA9D82F084658BFF7D9
|
|---|
| 4132 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
|
|---|
| 4133 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4134 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
|
|---|
| 4135 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 4136 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4137 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 4138 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 4139 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4140 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 4141 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4142 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
|
|---|
| 4143 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4144 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
|
|---|
| 4145 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 4146 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4147 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4148 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 4149 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_998_for_KB4467682~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
|
|---|
| 4150 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 4151 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
|
|---|
| 4152 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f60 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
|
|---|
| 4153 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
|
|---|
| 4154 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
|
|---|
| 4155 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D65F2124F64B53555EFB8BC0D52BFD144939BAA4
|
|---|
| 4156 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4157 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 4158 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_998_for_KB4467682~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
|
|---|
| 4159 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 4160 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
|
|---|
| 4161 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4162 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 4163 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
|
|---|
| 4164 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4165 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 4166 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
|
|---|
| 4167 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000014a8 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
|
|---|
| 4168 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
|
|---|
| 4169 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
|
|---|
| 4170 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5473BCFF580489A320314B844E6D3DC42BA47DE8
|
|---|
| 4171 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4172 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 4173 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
|
|---|
| 4174 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 4175 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 4176 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
|
|---|
| 4177 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
|
|---|
| 4178 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
|
|---|
| 4179 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 4180 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4181 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 4182 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 4183 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4184 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 4185 | 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
|
|---|
| 4186 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb14c00000 LB 0x0008f000 C:\Windows\System32\dsound.dll [fFlags=0x0]
|
|---|
| 4187 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
|
|---|
| 4188 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
|
|---|
| 4189 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 4190 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb14c00000 'C:\Windows\System32\dsound.dll'
|
|---|
| 4191 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb14c00000 'C:\Windows\System32\dsound.dll'
|
|---|
| 4192 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
|
|---|
| 4193 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4194 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb14c00000 'C:\Windows\system32\dsound.dll'
|
|---|
| 4195 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
|
|---|
| 4196 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4197 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb16440000 'C:\Windows\System32\MMDEVAPI.DLL'
|
|---|
| 4198 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 4199 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 4200 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
|
|---|
| 4201 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000014bc pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 4202 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
|
|---|
| 4203 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
|
|---|
| 4204 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=177AADB38B3BB8D75072CC704861E1B81617F092
|
|---|
| 4205 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4206 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 4207 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
|
|---|
| 4208 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 4209 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 4210 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
|
|---|
| 4211 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
|
|---|
| 4212 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
|
|---|
| 4213 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
|
|---|
| 4214 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 4215 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
|
|---|
| 4216 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4217 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4218 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
|
|---|
| 4219 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4220 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 4221 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
|
|---|
| 4222 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
|
|---|
| 4223 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
|
|---|
| 4224 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4225 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4226 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 4227 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 4228 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
|
|---|
| 4229 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
|
|---|
| 4230 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
|
|---|
| 4231 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4232 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
|
|---|
| 4233 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 4234 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4235 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 4236 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4237 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4238 | 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 4239 | 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
|
|---|
| 4240 | 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
|
|---|
| 4241 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb19ea0000 LB 0x00009000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
|
|---|
| 4242 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
|
|---|
| 4243 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb1c730000 LB 0x0000a000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
|
|---|
| 4244 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
|
|---|
| 4245 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffafdde0000 LB 0x00044000 C:\Windows\System32\wdmaud.drv [fFlags=0x0]
|
|---|
| 4246 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 4247 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
|
|---|
| 4248 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 4249 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4250 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
|
|---|
| 4251 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 4252 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4253 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
|
|---|
| 4254 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 4255 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4256 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
|
|---|
| 4257 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 4258 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4259 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
|
|---|
| 4260 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4261 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 4262 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 4263 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
|
|---|
| 4264 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
|
|---|
| 4265 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'.
|
|---|
| 4266 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'.
|
|---|
| 4267 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
|
|---|
| 4268 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
|
|---|
| 4269 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
|
|---|
| 4270 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4271 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
|
|---|
| 4272 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
|
|---|
| 4273 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4274 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
|
|---|
| 4275 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 4276 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4277 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 4278 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4279 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 4280 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4281 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
|
|---|
| 4282 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4283 | 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
|
|---|
| 4284 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb14ec0000 LB 0x0012c000 C:\Windows\System32\AUDIOSES.DLL [fFlags=0x0]
|
|---|
| 4285 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
|
|---|
| 4286 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb14ec0000 'C:\Windows\System32\AUDIOSES.DLL'
|
|---|
| 4287 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 4288 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4289 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
|
|---|
| 4290 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 4291 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4292 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
|
|---|
| 4293 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
|
|---|
| 4294 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
|
|---|
| 4295 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
|
|---|
| 4296 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
|
|---|
| 4297 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000013b0 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 4298 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
|
|---|
| 4299 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
|
|---|
| 4300 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7886E1CCA739C1E5ED73D45A3FBDDF8A54FC7C0F
|
|---|
| 4301 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4302 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 4303 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
|
|---|
| 4304 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 4305 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 4306 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
|
|---|
| 4307 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
|
|---|
| 4308 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
|
|---|
| 4309 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
|
|---|
| 4310 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 4311 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
|
|---|
| 4312 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4313 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
|
|---|
| 4314 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4315 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 4316 | 4564.2c6c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
|
|---|
| 4317 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
|
|---|
| 4318 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4319 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4320 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 4321 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 4322 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
|
|---|
| 4323 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
|
|---|
| 4324 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
|
|---|
| 4325 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4326 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
|
|---|
| 4327 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 4328 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4329 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 4330 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4331 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4332 | 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 4333 | 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
|
|---|
| 4334 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb18760000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
|
|---|
| 4335 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
|
|---|
| 4336 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb1cc10000 LB 0x0000d000 C:\Windows\System32\msacm32.drv [fFlags=0x0]
|
|---|
| 4337 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 4338 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
|
|---|
| 4339 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 4340 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4341 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
|
|---|
| 4342 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 4343 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4344 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
|
|---|
| 4345 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 4346 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4347 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
|
|---|
| 4348 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 4349 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4350 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
|
|---|
| 4351 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 4352 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4353 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
|
|---|
| 4354 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 4355 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4356 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
|
|---|
| 4357 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
|
|---|
| 4358 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
|
|---|
| 4359 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
|
|---|
| 4360 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001520 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
|
|---|
| 4361 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
|
|---|
| 4362 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
|
|---|
| 4363 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1DAEA3709B4BD5475FA0919C8463CA4834E4BC26
|
|---|
| 4364 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 4365 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 4366 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
|
|---|
| 4367 | 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 4368 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 4369 | 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
|
|---|
| 4370 | 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
|
|---|
| 4371 | 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
|
|---|
| 4372 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 4373 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4374 | 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 4375 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 4376 | 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 4377 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4378 | 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
|
|---|
| 4379 | 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb1c0f0000 LB 0x0000a000 C:\Windows\System32\midimap.dll [fFlags=0x0]
|
|---|
| 4380 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
|
|---|
| 4381 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1c0f0000 'C:\Windows\System32\midimap.dll'
|
|---|
| 4382 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
|
|---|
| 4383 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4384 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1c0f0000 'C:\Windows\System32\midimap.dll'
|
|---|
| 4385 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
|
|---|
| 4386 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4387 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1c0f0000 'C:\Windows\System32\midimap.dll'
|
|---|
| 4388 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
|
|---|
| 4389 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 4390 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1c0f0000 'C:\Windows\System32\midimap.dll'
|
|---|
| 4391 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
|
|---|
| 4392 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
|
|---|
| 4393 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
|
|---|
| 4394 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
|
|---|
| 4395 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
|
|---|
| 4396 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
|
|---|
| 4397 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
|
|---|
| 4398 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 4399 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4400 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
|
|---|
| 4401 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
|
|---|
| 4402 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
|
|---|
| 4403 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
|
|---|
| 4404 | 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
|
|---|
| 4405 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4406 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb14c00000 'C:\Windows\system32\dsound.dll'
|
|---|
| 4407 | 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
|
|---|
| 4408 | 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb15a80000 LB 0x00131000 C:\Windows\System32\Windows.StateRepositoryPS.dll [flags=0x0]
|
|---|
| 4409 | 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb11000000 LB 0x00189000 C:\Windows\System32\Windows.Globalization.dll [flags=0x0]
|
|---|
| 4410 | 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb130c0000 LB 0x00029000 C:\Windows\System32\bcp47mrm.dll [flags=0x0]
|
|---|
| 4411 | 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb1dd70000 LB 0x0002a000 C:\Windows\SYSTEM32\globinputhost.dll [flags=0x0]
|
|---|
| 4412 | 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb13380000 LB 0x00050000 C:\Windows\System32\Bcp47Langs.dll [flags=0x0]
|
|---|
| 4413 | 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffaf10b0000 LB 0x0009c000 C:\Windows\System32\PortableDeviceApi.dll [flags=0x0]
|
|---|
| 4414 | 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffaf47e0000 LB 0x000bd000 C:\Windows\system32\Windows.Storage.Search.dll [flags=0x0]
|
|---|
| 4415 | 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffaef850000 LB 0x00025000 C:\Windows\System32\EhStorAPI.dll [flags=0x0]
|
|---|
| 4416 | 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb1cbf0000 LB 0x00013000 C:\Windows\System32\WTSAPI32.dll [flags=0x0]
|
|---|
| 4417 | 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffaf56d0000 LB 0x00063000 C:\Windows\System32\PlayToDevice.dll [flags=0x0]
|
|---|