| 1 |
|
|---|
| 2 | 4e58.30b4: 00007fff223bd782 / 0x009d782: d1 != 2c
|
|---|
| 3 | 4e58.30b4: 00007fff223bd783 / 0x009d783: b8 != fe
|
|---|
| 4 | 4e58.30b4: 00007fff223bd784 / 0x009d784: 50 != bf
|
|---|
| 5 | 4e58.30b4: 00007fff223bd785 / 0x009d785: 00 != cc
|
|---|
| 6 | 4e58.30b4: 00007fff223bd786 / 0x009d786: 00 != cc
|
|---|
| 7 | 4e58.30b4: 00007fff223bd787 / 0x009d787: 00 != cc
|
|---|
| 8 | 4e58.30b4: 00007fff223bd7c0 / 0x009d7c0: 4c != e9
|
|---|
| 9 | 4e58.30b4: 00007fff223bd7c1 / 0x009d7c1: 8b != b3
|
|---|
| 10 | 4e58.30b4: 00007fff223bd7c2 / 0x009d7c2: d1 != 2c
|
|---|
| 11 | 4e58.30b4: 00007fff223bd7c3 / 0x009d7c3: b8 != fe
|
|---|
| 12 | 4e58.30b4: 00007fff223bd7c4 / 0x009d7c4: 52 != bf
|
|---|
| 13 | 4e58.30b4: 00007fff223bd7c5 / 0x009d7c5: 00 != cc
|
|---|
| 14 | 4e58.30b4: 00007fff223bd7c6 / 0x009d7c6: 00 != cc
|
|---|
| 15 | 4e58.30b4: 00007fff223bd7c7 / 0x009d7c7: 00 != cc
|
|---|
| 16 | 4e58.30b4: Restored 0x2000 bytes of original file content at 00007fff223bc04e
|
|---|
| 17 | 4e58.30b4: ntdll.dll: Differences in section #1 (.text) between file and memory:
|
|---|
| 18 | 4e58.30b4: 00007fff223be510 / 0x009e510: 4c != e9
|
|---|
| 19 | 4e58.30b4: 00007fff223be511 / 0x009e511: 8b != 23
|
|---|
| 20 | 4e58.30b4: 00007fff223be512 / 0x009e512: d1 != 23
|
|---|
| 21 | 4e58.30b4: 00007fff223be513 / 0x009e513: b8 != fe
|
|---|
| 22 | 4e58.30b4: 00007fff223be514 / 0x009e514: bd != bf
|
|---|
| 23 | 4e58.30b4: 00007fff223be515 / 0x009e515: 00 != cc
|
|---|
| 24 | 4e58.30b4: 00007fff223be516 / 0x009e516: 00 != cc
|
|---|
| 25 | 4e58.30b4: 00007fff223be517 / 0x009e517: 00 != cc
|
|---|
| 26 | 4e58.30b4: 00007fff223be5f0 / 0x009e5f0: 4c != e9
|
|---|
| 27 | 4e58.30b4: 00007fff223be5f1 / 0x009e5f1: 8b != 03
|
|---|
| 28 | 4e58.30b4: 00007fff223be5f2 / 0x009e5f2: d1 != 23
|
|---|
| 29 | 4e58.30b4: 00007fff223be5f3 / 0x009e5f3: b8 != fe
|
|---|
| 30 | 4e58.30b4: 00007fff223be5f4 / 0x009e5f4: c4 != bf
|
|---|
| 31 | 4e58.30b4: 00007fff223be5f5 / 0x009e5f5: 00 != cc
|
|---|
| 32 | 4e58.30b4: 00007fff223be5f6 / 0x009e5f6: 00 != cc
|
|---|
| 33 | 4e58.30b4: 00007fff223be5f7 / 0x009e5f7: 00 != cc
|
|---|
| 34 | 4e58.30b4: 00007fff223bed70 / 0x009ed70: 4c != e9
|
|---|
| 35 | 4e58.30b4: 00007fff223bed71 / 0x009ed71: 8b != a3
|
|---|
| 36 | 4e58.30b4: 00007fff223bed72 / 0x009ed72: d1 != 16
|
|---|
| 37 | 4e58.30b4: 00007fff223bed73 / 0x009ed73: b8 != fe
|
|---|
| 38 | 4e58.30b4: 00007fff223bed74 / 0x009ed74: 00 != bf
|
|---|
| 39 | 4e58.30b4: 00007fff223bed75 / 0x009ed75: 01 != cc
|
|---|
| 40 | 4e58.30b4: 00007fff223bed76 / 0x009ed76: 00 != cc
|
|---|
| 41 | 4e58.30b4: 00007fff223bed77 / 0x009ed77: 00 != cc
|
|---|
| 42 | 4e58.30b4: 00007fff223bef30 / 0x009ef30: 4c != e9
|
|---|
| 43 | 4e58.30b4: 00007fff223bef31 / 0x009ef31: 8b != e3
|
|---|
| 44 | 4e58.30b4: 00007fff223bef32 / 0x009ef32: d1 != 1a
|
|---|
| 45 | 4e58.30b4: 00007fff223bef33 / 0x009ef33: b8 != fe
|
|---|
| 46 | 4e58.30b4: 00007fff223bef34 / 0x009ef34: 0e != bf
|
|---|
| 47 | 4e58.30b4: 00007fff223bef35 / 0x009ef35: 01 != cc
|
|---|
| 48 | 4e58.30b4: 00007fff223bef36 / 0x009ef36: 00 != cc
|
|---|
| 49 | 4e58.30b4: 00007fff223bef37 / 0x009ef37: 00 != cc
|
|---|
| 50 | 4e58.30b4: 00007fff223bf8d0 / 0x009f8d0: 4c != e9
|
|---|
| 51 | 4e58.30b4: 00007fff223bf8d1 / 0x009f8d1: 8b != 83
|
|---|
| 52 | 4e58.30b4: 00007fff223bf8d2 / 0x009f8d2: d1 != 0d
|
|---|
| 53 | 4e58.30b4: 00007fff223bf8d3 / 0x009f8d3: b8 != fe
|
|---|
| 54 | 4e58.30b4: 00007fff223bf8d4 / 0x009f8d4: 5b != bf
|
|---|
| 55 | 4e58.30b4: 00007fff223bf8d5 / 0x009f8d5: 01 != cc
|
|---|
| 56 | 4e58.30b4: 00007fff223bf8d6 / 0x009f8d6: 00 != cc
|
|---|
| 57 | 4e58.30b4: 00007fff223bf8d7 / 0x009f8d7: 00 != cc
|
|---|
| 58 | 4e58.30b4: 00007fff223bf950 / 0x009f950: 4c != e9
|
|---|
| 59 | 4e58.30b4: 00007fff223bf951 / 0x009f951: 8b != 83
|
|---|
| 60 | 4e58.30b4: 00007fff223bf952 / 0x009f952: d1 != 0e
|
|---|
| 61 | 4e58.30b4: 00007fff223bf953 / 0x009f953: b8 != fe
|
|---|
| 62 | 4e58.30b4: 00007fff223bf954 / 0x009f954: 5f != bf
|
|---|
| 63 | 4e58.30b4: 00007fff223bf955 / 0x009f955: 01 != cc
|
|---|
| 64 | 4e58.30b4: 00007fff223bf956 / 0x009f956: 00 != cc
|
|---|
| 65 | 4e58.30b4: 00007fff223bf957 / 0x009f957: 00 != cc
|
|---|
| 66 | 4e58.30b4: 00007fff223bfe10 / 0x009fe10: 4c != e9
|
|---|
| 67 | 4e58.30b4: 00007fff223bfe11 / 0x009fe11: 8b != 23
|
|---|
| 68 | 4e58.30b4: 00007fff223bfe12 / 0x009fe12: d1 != 07
|
|---|
| 69 | 4e58.30b4: 00007fff223bfe13 / 0x009fe13: b8 != fe
|
|---|
| 70 | 4e58.30b4: 00007fff223bfe14 / 0x009fe14: 85 != bf
|
|---|
| 71 | 4e58.30b4: 00007fff223bfe15 / 0x009fe15: 01 != cc
|
|---|
| 72 | 4e58.30b4: 00007fff223bfe16 / 0x009fe16: 00 != cc
|
|---|
| 73 | 4e58.30b4: 00007fff223bfe17 / 0x009fe17: 00 != cc
|
|---|
| 74 | 4e58.30b4: Restored 0x2000 bytes of original file content at 00007fff223be04e
|
|---|
| 75 | 4e58.30b4: kernel32.dll: Differences in section #1 (.text) between file and memory:
|
|---|
| 76 | 4e58.30b4: 00007fff21dd6d00 / 0x0036d00: 48 != e9
|
|---|
| 77 | 4e58.30b4: 00007fff21dd6d01 / 0x0036d01: 83 != 73
|
|---|
| 78 | 4e58.30b4: 00007fff21dd6d02 / 0x0036d02: ec != 9d
|
|---|
| 79 | 4e58.30b4: 00007fff21dd6d03 / 0x0036d03: 28 != 5c
|
|---|
| 80 | 4e58.30b4: 00007fff21dd6d04 / 0x0036d04: ff != c0
|
|---|
| 81 | 4e58.30b4: 00007fff21dd6d05 / 0x0036d05: 15 != cc
|
|---|
| 82 | 4e58.30b4: 00007fff21dd6d06 / 0x0036d06: ee != cc
|
|---|
| 83 | 4e58.30b4: 00007fff21dd6d07 / 0x0036d07: 25 != cc
|
|---|
| 84 | 4e58.30b4: 00007fff21dd6d08 / 0x0036d08: 04 != cc
|
|---|
| 85 | 4e58.30b4: 00007fff21dd6d09 / 0x0036d09: 00 != cc
|
|---|
| 86 | 4e58.30b4: Restored 0x2000 bytes of original file content at 00007fff21dd5000
|
|---|
| 87 | 4e58.30b4: kernelbase.dll: Differences in section #1 (.text) between file and memory:
|
|---|
| 88 | 4e58.30b4: 00007fff1fe866f0 / 0x00566f0: 48 != e9
|
|---|
| 89 | 4e58.30b4: 00007fff1fe866f1 / 0x00566f1: 89 != 43
|
|---|
| 90 | 4e58.30b4: 00007fff1fe866f2 / 0x00566f2: 5c != a4
|
|---|
| 91 | 4e58.30b4: 00007fff1fe866f3 / 0x00566f3: 24 != 51
|
|---|
| 92 | 4e58.30b4: 00007fff1fe866f4 / 0x00566f4: 08 != c2
|
|---|
| 93 | 4e58.30b4: Restored 0x2000 bytes of original file content at 00007fff1fe85000
|
|---|
| 94 | 4e58.30b4: kernelbase.dll: Differences in section #1 (.text) between file and memory:
|
|---|
| 95 | 4e58.30b4: 00007fff1fe87ea0 / 0x0057ea0: 40 != e9
|
|---|
| 96 | 4e58.30b4: 00007fff1fe87ea2 / 0x0057ea2: 56 != 8d
|
|---|
| 97 | 4e58.30b4: 00007fff1fe87ea3 / 0x0057ea3: 57 != 51
|
|---|
| 98 | 4e58.30b4: 00007fff1fe87ea4 / 0x0057ea4: 41 != c2
|
|---|
| 99 | 4e58.30b4: 00007fff1fe87ea5 / 0x0057ea5: 54 != cc
|
|---|
| 100 | 4e58.30b4: Restored 0x2000 bytes of original file content at 00007fff1fe87000
|
|---|
| 101 | 4e58.30b4: kernelbase.dll: Differences in section #1 (.text) between file and memory:
|
|---|
| 102 | 4e58.30b4: 00007fff1feac5b0 / 0x007c5b0: 48 != e9
|
|---|
| 103 | 4e58.30b4: 00007fff1feac5b1 / 0x007c5b1: 8b != e3
|
|---|
| 104 | 4e58.30b4: 00007fff1feac5b2 / 0x007c5b2: c4 != 45
|
|---|
| 105 | 4e58.30b4: 00007fff1feac5b3 / 0x007c5b3: 48 != 4f
|
|---|
| 106 | 4e58.30b4: 00007fff1feac5b4 / 0x007c5b4: 89 != c2
|
|---|
| 107 | 4e58.30b4: 00007fff1feac5b5 / 0x007c5b5: 58 != cc
|
|---|
| 108 | 4e58.30b4: 00007fff1feac5b6 / 0x007c5b6: 08 != cc
|
|---|
| 109 | 4e58.30b4: Restored 0x2000 bytes of original file content at 00007fff1feab000
|
|---|
| 110 | 4e58.30b4: kernelbase.dll: Differences in section #1 (.text) between file and memory:
|
|---|
| 111 | 4e58.30b4: 00007fff1ff30f90 / 0x0100f90: 48 != e9
|
|---|
| 112 | 4e58.30b4: 00007fff1ff30f91 / 0x0100f91: 89 != 43
|
|---|
| 113 | 4e58.30b4: 00007fff1ff30f92 / 0x0100f92: 5c != fb
|
|---|
| 114 | 4e58.30b4: 00007fff1ff30f93 / 0x0100f93: 24 != 46
|
|---|
| 115 | 4e58.30b4: 00007fff1ff30f94 / 0x0100f94: 10 != c2
|
|---|
| 116 | 4e58.30b4: Restored 0x2000 bytes of original file content at 00007fff1ff2f000
|
|---|
| 117 | 4e58.30b4: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=9
|
|---|
| 118 | 4e58.30b4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 119 | 4e58.30b4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 120 | 4e58.30b4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 121 | 4e58.30b4: supR3HardNtEnableThreadCreationEx:
|
|---|
| 122 | 4e58.30b4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff22392040 pvNtTerminateThread=00007fff223bd7e0
|
|---|
| 123 | 4e58.30b4: supR3HardenedWinDoReSpawn(1): New child 4c54.2d10 [kernel32].
|
|---|
| 124 | 4e58.30b4: supR3HardNtChildGatherData: PebBaseAddress=0000000000db2000 cbPeb=0x388
|
|---|
| 125 | 4e58.30b4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff22320000 uNtDllChildAddr=00007fff22320000
|
|---|
| 126 | 4e58.30b4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff22392040
|
|---|
| 127 | 4e58.30b4: supR3HardenedWinSetupChildInit: Initial context:
|
|---|
| 128 | rax=0000000000000000 rbx=0000000000000000 rcx=00007ff64ab47900 rdx=0000000000db2000
|
|---|
| 129 | rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
|
|---|
| 130 | r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
|
|---|
| 131 | r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
|
|---|
| 132 | rip=00007fff2238d700 rsp=0000000000f1fe08 rbp=0000000000000000 ctxflags=0010001b
|
|---|
| 133 | cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
|
|---|
| 134 | P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
|
|---|
| 135 | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
|
|---|
| 136 | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
|
|---|
| 137 | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
|
|---|
| 138 | 4e58.30b4: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 139 | 4e58.30b4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 140 | 4e58.30b4: supR3HardNtChildPurify: Startup delay kludge #1/0: 522 ms, 29 sleeps
|
|---|
| 141 | 4e58.30b4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 142 | 4e58.30b4: *0000000000000000-0000000000bdffff 0x0001/0x0000 0x0000000
|
|---|
| 143 | 4e58.30b4: *0000000000be0000-0000000000bfffff 0x0004/0x0004 0x0020000
|
|---|
| 144 | 4e58.30b4: *0000000000c00000-0000000000db1fff 0x0000/0x0004 0x0020000
|
|---|
| 145 | 4e58.30b4: 0000000000db2000-0000000000db4fff 0x0004/0x0004 0x0020000
|
|---|
| 146 | 4e58.30b4: 0000000000db5000-0000000000dfffff 0x0000/0x0004 0x0020000
|
|---|
| 147 | 4e58.30b4: *0000000000e00000-0000000000e1afff 0x0002/0x0002 0x0040000
|
|---|
| 148 | 4e58.30b4: 0000000000e1b000-0000000000e1ffff 0x0001/0x0000 0x0000000
|
|---|
| 149 | 4e58.30b4: *0000000000e20000-0000000000f1afff 0x0000/0x0004 0x0020000
|
|---|
| 150 | 4e58.30b4: 0000000000f1b000-0000000000f1dfff 0x0104/0x0004 0x0020000
|
|---|
| 151 | 4e58.30b4: 0000000000f1e000-0000000000f1ffff 0x0004/0x0004 0x0020000
|
|---|
| 152 | 4e58.30b4: *0000000000f20000-0000000000f23fff 0x0002/0x0002 0x0040000
|
|---|
| 153 | 4e58.30b4: 0000000000f24000-0000000000f2ffff 0x0001/0x0000 0x0000000
|
|---|
| 154 | 4e58.30b4: *0000000000f30000-0000000000f31fff 0x0004/0x0004 0x0020000
|
|---|
| 155 | 4e58.30b4: 0000000000f32000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 156 | 4e58.30b4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 157 | 4e58.30b4: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
|
|---|
| 158 | 4e58.30b4: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
|
|---|
| 159 | 4e58.30b4: 000000007fff0000-00007ff582beffff 0x0001/0x0000 0x0000000
|
|---|
| 160 | 4e58.30b4: *00007ff582bf0000-00007ff582bf0fff 0x0002/0x0002 0x0040000
|
|---|
| 161 | 4e58.30b4: 00007ff582bf1000-00007ff582bfffff 0x0001/0x0000 0x0000000
|
|---|
| 162 | 4e58.30b4: *00007ff582c00000-00007ff582c22fff 0x0002/0x0002 0x0040000
|
|---|
| 163 | 4e58.30b4: 00007ff582c23000-00007ff64ab3ffff 0x0001/0x0000 0x0000000
|
|---|
| 164 | 4e58.30b4: *00007ff64ab40000-00007ff64ab40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 165 | 4e58.30b4: 00007ff64ab41000-00007ff64abb7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 166 | 4e58.30b4: 00007ff64abb8000-00007ff64abb8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 167 | 4e58.30b4: 00007ff64abb9000-00007ff64ac01fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 168 | 4e58.30b4: 00007ff64ac02000-00007ff64ac02fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 169 | 4e58.30b4: 00007ff64ac03000-00007ff64ac03fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 170 | 4e58.30b4: 00007ff64ac04000-00007ff64ac08fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 171 | 4e58.30b4: 00007ff64ac09000-00007ff64ac09fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 172 | 4e58.30b4: 00007ff64ac0a000-00007ff64ac0afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 173 | 4e58.30b4: 00007ff64ac0b000-00007ff64ac0efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 174 | 4e58.30b4: 00007ff64ac0f000-00007ff64ac57fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 175 | 4e58.30b4: 00007ff64ac58000-00007fff2231ffff 0x0001/0x0000 0x0000000
|
|---|
| 176 | 4e58.30b4: *00007fff22320000-00007fff22320fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 177 | 4e58.30b4: 00007fff22321000-00007fff22437fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 178 | 4e58.30b4: 00007fff22438000-00007fff2247efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 179 | 4e58.30b4: 00007fff2247f000-00007fff2248afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 180 | 4e58.30b4: 00007fff2248b000-00007fff22499fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 181 | 4e58.30b4: 00007fff2249a000-00007fff2249afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 182 | 4e58.30b4: 00007fff2249b000-00007fff2249dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 183 | 4e58.30b4: 00007fff2249e000-00007fff2250ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 184 | 4e58.30b4: 00007fff22510000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 185 | 4e58.30b4: supR3HardNtChildPurify: Done after 522 ms and 0 fixes (loop #0).
|
|---|
| 186 | 4c54.2d10: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00
|
|---|
| 187 | 4c54.2d10: supR3HardenedVmProcessInit: uNtDllAddr=00007fff22320000 g_uNtVerCombined=0xa047bb00 (stack ~0000000000f1f898)
|
|---|
| 188 | 4c54.2d10: ntdll.dll: timestamp 0x443b1261 (rc=VINF_SUCCESS)
|
|---|
| 189 | 4c54.2d10: New simple heap: #1 0000000001040000 LB 0x400000 (for 2031616 allocation)
|
|---|
| 190 | 4c54.2d10: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
|
|---|
| 191 | 4e58.30b4: supR3HardNtEnableThreadCreationEx:
|
|---|
| 192 | 4c54.2d10: System32: \Device\HarddiskVolume4\Windows\System32
|
|---|
| 193 | 4c54.2d10: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
|
|---|
| 194 | 4c54.2d10: KnownDllPath: C:\WINDOWS\System32
|
|---|
| 195 | 4c54.2d10: supR3HardenedVmProcessInit: Opening vboxdrv stub...
|
|---|
| 196 | 4c54.2d10: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
|
|---|
| 197 | 4c54.2d10: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
|
|---|
| 198 | 4c54.2d10: Registered Dll notification callback with NTDLL.
|
|---|
| 199 | 4c54.2d10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
|
|---|
| 200 | 4c54.2d10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
|
|---|
| 201 | 4c54.2d10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 202 | 4c54.2d10: supR3HardenedDllNotificationCallback: load 00007fff1fe30000 LB 0x002a5000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
|
|---|
| 203 | 4c54.2d10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
|
|---|
| 204 | 4c54.2d10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
|
|---|
| 205 | 4c54.2d10: supR3HardenedDllNotificationCallback: load 00007fff21da0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
|
|---|
| 206 | 4c54.2d10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 207 | 4c54.2d10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21da0000 'C:\WINDOWS\System32\KERNEL32.DLL'
|
|---|
| 208 | 4c54.2d10: supR3HardenedDllNotificationCallback: load 00007ff64ab40000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
|
|---|
| 209 | 4c54.2d10: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 210 | 4c54.2d10: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 211 | 4c54.2d10: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 212 | 4c54.2d10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 213 | 4c54.2d10: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff22392040 pvNtTerminateThread=00007fff223bd7e0
|
|---|
| 214 | 4e58.30b4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 81 ms.
|
|---|
| 215 | 4c54.2d10: \SystemRoot\System32\ntdll.dll:
|
|---|
| 216 | 4c54.2d10: CreationTime: 2021-03-26T10:05:55.924577700Z
|
|---|
| 217 | 4c54.2d10: LastWriteTime: 2021-03-26T10:05:55.965582200Z
|
|---|
| 218 | 4c54.2d10: ChangeTime: 2021-03-27T05:40:50.307825500Z
|
|---|
| 219 | 4c54.2d10: FileAttributes: 0x20
|
|---|
| 220 | 4c54.2d10: Size: 0x1e8050
|
|---|
| 221 | 4c54.2d10: NT Headers: 0xd8
|
|---|
| 222 | 4c54.2d10: Timestamp: 0x443b1261
|
|---|
| 223 | 4c54.2d10: Machine: 0x8664 - amd64
|
|---|
| 224 | 4c54.2d10: Timestamp: 0x443b1261
|
|---|
| 225 | 4c54.2d10: Image Version: 10.0
|
|---|
| 226 | 4c54.2d10: SizeOfImage: 0x1f0000 (2031616)
|
|---|
| 227 | 4c54.2d10: Resource Dir: 0x17f000 LB 0x6f310
|
|---|
| 228 | 4c54.2d10: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 229 | 4c54.2d10: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 230 | 4c54.2d10: ProductName: Microsoft® Windows® Operating System
|
|---|
| 231 | 4c54.2d10: ProductVersion: 10.0.18362.1411
|
|---|
| 232 | 4c54.2d10: FileVersion: 10.0.18362.1411 (WinBuild.160101.0800)
|
|---|
| 233 | 4c54.2d10: FileDescription: NT Layer DLL
|
|---|
| 234 | 4c54.2d10: \SystemRoot\System32\kernel32.dll:
|
|---|
| 235 | 4c54.2d10: CreationTime: 2021-02-26T10:09:36.922809700Z
|
|---|
| 236 | 4c54.2d10: LastWriteTime: 2021-02-26T10:09:36.938430200Z
|
|---|
| 237 | 4c54.2d10: ChangeTime: 2021-03-26T10:06:56.117722000Z
|
|---|
| 238 | 4c54.2d10: FileAttributes: 0x20
|
|---|
| 239 | 4c54.2d10: Size: 0xb04b0
|
|---|
| 240 | 4c54.2d10: NT Headers: 0xf8
|
|---|
| 241 | 4c54.2d10: Timestamp: 0x33adb7d2
|
|---|
| 242 | 4c54.2d10: Machine: 0x8664 - amd64
|
|---|
| 243 | 4c54.2d10: Timestamp: 0x33adb7d2
|
|---|
| 244 | 4c54.2d10: Image Version: 10.0
|
|---|
| 245 | 4c54.2d10: SizeOfImage: 0xb2000 (729088)
|
|---|
| 246 | 4c54.2d10: Resource Dir: 0xb0000 LB 0x520
|
|---|
| 247 | 4c54.2d10: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 248 | 4c54.2d10: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 249 | 4c54.2d10: ProductName: Microsoft® Windows® Operating System
|
|---|
| 250 | 4c54.2d10: ProductVersion: 10.0.18362.1350
|
|---|
| 251 | 4c54.2d10: FileVersion: 10.0.18362.1350 (WinBuild.160101.0800)
|
|---|
| 252 | 4c54.2d10: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 253 | 4c54.2d10: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 254 | 4c54.2d10: CreationTime: 2021-03-26T10:05:56.470737800Z
|
|---|
| 255 | 4c54.2d10: LastWriteTime: 2021-03-26T10:05:56.533727500Z
|
|---|
| 256 | 4c54.2d10: ChangeTime: 2021-03-27T05:40:49.104658500Z
|
|---|
| 257 | 4c54.2d10: FileAttributes: 0x20
|
|---|
| 258 | 4c54.2d10: Size: 0x2a5c80
|
|---|
| 259 | 4c54.2d10: NT Headers: 0x100
|
|---|
| 260 | 4c54.2d10: Timestamp: 0xeb8644a5
|
|---|
| 261 | 4c54.2d10: Machine: 0x8664 - amd64
|
|---|
| 262 | 4c54.2d10: Timestamp: 0xeb8644a5
|
|---|
| 263 | 4c54.2d10: Image Version: 10.0
|
|---|
| 264 | 4c54.2d10: SizeOfImage: 0x2a5000 (2772992)
|
|---|
| 265 | 4c54.2d10: Resource Dir: 0x27f000 LB 0x548
|
|---|
| 266 | 4c54.2d10: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 267 | 4c54.2d10: [Raw version resource data: 0x27f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 268 | 4c54.2d10: ProductName: Microsoft® Windows® Operating System
|
|---|
| 269 | 4c54.2d10: ProductVersion: 10.0.18362.1411
|
|---|
| 270 | 4c54.2d10: FileVersion: 10.0.18362.1411 (WinBuild.160101.0800)
|
|---|
| 271 | 4c54.2d10: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 272 | 4c54.2d10: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 273 | 4c54.2d10: CreationTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 274 | 4c54.2d10: LastWriteTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 275 | 4c54.2d10: ChangeTime: 2021-03-26T10:06:56.074724000Z
|
|---|
| 276 | 4c54.2d10: FileAttributes: 0x20
|
|---|
| 277 | 4c54.2d10: Size: 0x1d028
|
|---|
| 278 | 4c54.2d10: NT Headers: 0xc8
|
|---|
| 279 | 4c54.2d10: Timestamp: 0xd6ced080
|
|---|
| 280 | 4c54.2d10: Machine: 0x8664 - amd64
|
|---|
| 281 | 4c54.2d10: Timestamp: 0xd6ced080
|
|---|
| 282 | 4c54.2d10: Image Version: 10.0
|
|---|
| 283 | 4c54.2d10: SizeOfImage: 0x1e000 (122880)
|
|---|
| 284 | 4c54.2d10: Resource Dir: 0x1d000 LB 0x408
|
|---|
| 285 | 4c54.2d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 286 | 4c54.2d10: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 287 | 4c54.2d10: ProductName: Microsoft® Windows® Operating System
|
|---|
| 288 | 4c54.2d10: ProductVersion: 10.0.18362.1
|
|---|
| 289 | 4c54.2d10: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
|
|---|
| 290 | 4c54.2d10: FileDescription: ApiSet Schema DLL
|
|---|
| 291 | 4c54.2d10: NtOpenDirectoryObject failed on \Driver: 0xc0000022
|
|---|
| 292 | 4c54.2d10: supR3HardenedWinFindAdversaries: 0x1000
|
|---|
| 293 | 4c54.2d10: \SystemRoot\System32\drivers\vsdatant.sys:
|
|---|
| 294 | 4c54.2d10: CreationTime: 2020-03-12T13:29:04.000000000Z
|
|---|
| 295 | 4c54.2d10: LastWriteTime: 2020-12-03T07:38:34.000000000Z
|
|---|
| 296 | 4c54.2d10: ChangeTime: 2021-02-25T07:42:10.584333400Z
|
|---|
| 297 | 4c54.2d10: FileAttributes: 0x20
|
|---|
| 298 | 4c54.2d10: Size: 0x9b780
|
|---|
| 299 | 4c54.2d10: NT Headers: 0x100
|
|---|
| 300 | 4c54.2d10: Timestamp: 0x5fc7c4b8
|
|---|
| 301 | 4c54.2d10: Machine: 0x8664 - amd64
|
|---|
| 302 | 4c54.2d10: Timestamp: 0x5fc7c4b8
|
|---|
| 303 | 4c54.2d10: Image Version: 10.0
|
|---|
| 304 | 4c54.2d10: SizeOfImage: 0xc0000 (786432)
|
|---|
| 305 | 4c54.2d10: Resource Dir: 0xbe000 LB 0x3d0
|
|---|
| 306 | 4c54.2d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 307 | 4c54.2d10: [Raw version resource data: 0xbe060 LB 0x36c, codepage 0x0 (reserved 0x0)]
|
|---|
| 308 | 4c54.2d10: ProductName: End Point Security
|
|---|
| 309 | 4c54.2d10: ProductVersion: R80
|
|---|
| 310 | 4c54.2d10: FileVersion: 926004505
|
|---|
| 311 | 4c54.2d10: FileDescription: ZoneAlarm Firewalling Driver
|
|---|
| 312 | 4c54.2d10: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
|
|---|
| 313 | 4c54.2d10: Calling main()
|
|---|
| 314 | 4c54.2d10: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
|
|---|
| 315 | 4c54.2d10: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
|
|---|
| 316 | 4c54.2d10: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 317 | 4c54.2d10: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 318 | 4c54.2d10: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 319 | 4c54.2d10: SUPR3HardenedMain: Respawn #2
|
|---|
| 320 | 4c54.2d10: supR3HardNtEnableThreadCreationEx:
|
|---|
| 321 | 4c54.2d10: supR3HardenedDllNotificationCallback: load 00007fff20570000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
|
|---|
| 322 | 4c54.2d10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
|
|---|
| 323 | 4c54.2d10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
|
|---|
| 324 | 4c54.2d10: supR3HardenedDllNotificationCallback: load 00007fff20bb0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
|
|---|
| 325 | 4c54.2d10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
|
|---|
| 326 | 4c54.2d10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
|
|---|
| 327 | 4c54.2d10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
|
|---|
| 328 | 4c54.2d10: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
|
|---|
| 329 | 4c54.2d10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
|
|---|
| 330 | 4c54.2d10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 331 | 4c54.2d10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 332 | 4c54.2d10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 333 | 4c54.2d10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 334 | 4c54.2d10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 335 | 4c54.2d10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff22320000 'C:\WINDOWS\System32\ntdll.dll'
|
|---|
| 336 | 4c54.2d10: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff22392040 pvNtTerminateThread=00007fff223bd7e0
|
|---|
| 337 | 4c54.2d10: supR3HardenedWinDoReSpawn(2): New child 14b8.3bc [kernel32].
|
|---|
| 338 | 4c54.2d10: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
|
|---|
| 339 | 4c54.2d10: supR3HardNtChildGatherData: PebBaseAddress=0000000000ed6000 cbPeb=0x388
|
|---|
| 340 | 4c54.2d10: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff22320000 uNtDllChildAddr=00007fff22320000
|
|---|
| 341 | 4c54.2d10: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff22392040
|
|---|
| 342 | 4c54.2d10: supR3HardenedWinSetupChildInit: Initial context:
|
|---|
| 343 | rax=0000000000000000 rbx=0000000000000000 rcx=00007ff64ab47900 rdx=0000000000ed6000
|
|---|
| 344 | rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
|
|---|
| 345 | r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
|
|---|
| 346 | r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
|
|---|
| 347 | rip=00007fff2238d700 rsp=0000000000d7fbb8 rbp=0000000000000000 ctxflags=0010001b
|
|---|
| 348 | cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
|
|---|
| 349 | P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
|
|---|
| 350 | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
|
|---|
| 351 | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
|
|---|
| 352 | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
|
|---|
| 353 | 4c54.2d10: kernel32.dll: timestamp 0x33adb7d2 (rc=VINF_SUCCESS)
|
|---|
| 354 | 4c54.2d10: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 355 | 4c54.2d10: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 356 | 4c54.2d10: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 29 sleeps
|
|---|
| 357 | 4c54.2d10: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 358 | 4c54.2d10: *0000000000000000-0000000000c3ffff 0x0001/0x0000 0x0000000
|
|---|
| 359 | 4c54.2d10: *0000000000c40000-0000000000c5ffff 0x0004/0x0004 0x0020000
|
|---|
| 360 | 4c54.2d10: *0000000000c60000-0000000000c7afff 0x0002/0x0002 0x0040000
|
|---|
| 361 | 4c54.2d10: 0000000000c7b000-0000000000c7ffff 0x0001/0x0000 0x0000000
|
|---|
| 362 | 4c54.2d10: *0000000000c80000-0000000000d7afff 0x0000/0x0004 0x0020000
|
|---|
| 363 | 4c54.2d10: 0000000000d7b000-0000000000d7dfff 0x0104/0x0004 0x0020000
|
|---|
| 364 | 4c54.2d10: 0000000000d7e000-0000000000d7ffff 0x0004/0x0004 0x0020000
|
|---|
| 365 | 4c54.2d10: *0000000000d80000-0000000000d83fff 0x0002/0x0002 0x0040000
|
|---|
| 366 | 4c54.2d10: 0000000000d84000-0000000000d8ffff 0x0001/0x0000 0x0000000
|
|---|
| 367 | 4c54.2d10: *0000000000d90000-0000000000d91fff 0x0004/0x0004 0x0020000
|
|---|
| 368 | 4c54.2d10: 0000000000d92000-0000000000dfffff 0x0001/0x0000 0x0000000
|
|---|
| 369 | 4c54.2d10: *0000000000e00000-0000000000ed5fff 0x0000/0x0004 0x0020000
|
|---|
| 370 | 4c54.2d10: 0000000000ed6000-0000000000ed8fff 0x0004/0x0004 0x0020000
|
|---|
| 371 | 4c54.2d10: 0000000000ed9000-0000000000ffffff 0x0000/0x0004 0x0020000
|
|---|
| 372 | 4c54.2d10: 0000000001000000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 373 | 4c54.2d10: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 374 | 4c54.2d10: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
|
|---|
| 375 | 4c54.2d10: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
|
|---|
| 376 | 4c54.2d10: 000000007fff0000-00007ff50fa2ffff 0x0001/0x0000 0x0000000
|
|---|
| 377 | 4c54.2d10: *00007ff50fa30000-00007ff50fa30fff 0x0002/0x0002 0x0040000
|
|---|
| 378 | 4c54.2d10: 00007ff50fa31000-00007ff50fa3ffff 0x0001/0x0000 0x0000000
|
|---|
| 379 | 4c54.2d10: *00007ff50fa40000-00007ff50fa62fff 0x0002/0x0002 0x0040000
|
|---|
| 380 | 4c54.2d10: 00007ff50fa63000-00007ff64ab3ffff 0x0001/0x0000 0x0000000
|
|---|
| 381 | 4c54.2d10: *00007ff64ab40000-00007ff64ab40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 382 | 4c54.2d10: 00007ff64ab41000-00007ff64abb7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 383 | 4c54.2d10: 00007ff64abb8000-00007ff64abb8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 384 | 4c54.2d10: 00007ff64abb9000-00007ff64ac01fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 385 | 4c54.2d10: 00007ff64ac02000-00007ff64ac02fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 386 | 4c54.2d10: 00007ff64ac03000-00007ff64ac03fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 387 | 4c54.2d10: 00007ff64ac04000-00007ff64ac08fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 388 | 4c54.2d10: 00007ff64ac09000-00007ff64ac09fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 389 | 4c54.2d10: 00007ff64ac0a000-00007ff64ac0afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 390 | 4c54.2d10: 00007ff64ac0b000-00007ff64ac0efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 391 | 4c54.2d10: 00007ff64ac0f000-00007ff64ac57fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 392 | 4c54.2d10: 00007ff64ac58000-00007fff2231ffff 0x0001/0x0000 0x0000000
|
|---|
| 393 | 4c54.2d10: *00007fff22320000-00007fff22320fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 394 | 4c54.2d10: 00007fff22321000-00007fff22437fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 395 | 4c54.2d10: 00007fff22438000-00007fff2247efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 396 | 4c54.2d10: 00007fff2247f000-00007fff2248afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 397 | 4c54.2d10: 00007fff2248b000-00007fff22499fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 398 | 4c54.2d10: 00007fff2249a000-00007fff2249afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 399 | 4c54.2d10: 00007fff2249b000-00007fff2249dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 400 | 4c54.2d10: 00007fff2249e000-00007fff2250ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 401 | 4c54.2d10: 00007fff22510000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 402 | 4c54.2d10: VirtualBoxVM.exe: timestamp 0x5ff72a09 (rc=VINF_SUCCESS)
|
|---|
| 403 | 4c54.2d10: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 404 | 4c54.2d10: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 405 | 4c54.2d10: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
|
|---|
| 406 | 4c54.2d10: supR3HardNtChildPurify: Done after 544 ms and 0 fixes (loop #0).
|
|---|
| 407 | 14b8.3bc: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00
|
|---|
| 408 | 14b8.3bc: supR3HardenedVmProcessInit: uNtDllAddr=00007fff22320000 g_uNtVerCombined=0xa047bb00 (stack ~0000000000d7f648)
|
|---|
| 409 | 4c54.2d10: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001040000 LB 0x400000)
|
|---|
| 410 | 4c54.2d10: supR3HardNtEnableThreadCreationEx:
|
|---|
| 411 | 14b8.3bc: ntdll.dll: timestamp 0x443b1261 (rc=VINF_SUCCESS)
|
|---|
| 412 | 14b8.3bc: New simple heap: #1 0000000001100000 LB 0x400000 (for 2031616 allocation)
|
|---|
| 413 | 14b8.3bc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
|
|---|
| 414 | 14b8.3bc: System32: \Device\HarddiskVolume4\Windows\System32
|
|---|
| 415 | 14b8.3bc: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
|
|---|
| 416 | 14b8.3bc: KnownDllPath: C:\WINDOWS\System32
|
|---|
| 417 | 14b8.3bc: supR3HardenedVmProcessInit: Opening vboxdrv...
|
|---|
| 418 | 14b8.3bc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
|
|---|
| 419 | 14b8.3bc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
|
|---|
| 420 | 14b8.3bc: Registered Dll notification callback with NTDLL.
|
|---|
| 421 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
|
|---|
| 422 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
|
|---|
| 423 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 424 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1fe30000 LB 0x002a5000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
|
|---|
| 425 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
|
|---|
| 426 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
|
|---|
| 427 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff21da0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
|
|---|
| 428 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 429 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21da0000 'C:\WINDOWS\System32\KERNEL32.DLL'
|
|---|
| 430 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007ff64ab40000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
|
|---|
| 431 | 14b8.3bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 432 | 14b8.3bc: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 433 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 434 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 435 | 14b8.3bc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff22392040 pvNtTerminateThread=00007fff223bd7e0
|
|---|
| 436 | 4c54.2d10: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 85 ms.
|
|---|
| 437 | 14b8.3bc: \SystemRoot\System32\ntdll.dll:
|
|---|
| 438 | 14b8.3bc: CreationTime: 2021-03-26T10:05:55.924577700Z
|
|---|
| 439 | 14b8.3bc: LastWriteTime: 2021-03-26T10:05:55.965582200Z
|
|---|
| 440 | 14b8.3bc: ChangeTime: 2021-03-27T05:40:50.307825500Z
|
|---|
| 441 | 14b8.3bc: FileAttributes: 0x20
|
|---|
| 442 | 14b8.3bc: Size: 0x1e8050
|
|---|
| 443 | 14b8.3bc: NT Headers: 0xd8
|
|---|
| 444 | 14b8.3bc: Timestamp: 0x443b1261
|
|---|
| 445 | 14b8.3bc: Machine: 0x8664 - amd64
|
|---|
| 446 | 14b8.3bc: Timestamp: 0x443b1261
|
|---|
| 447 | 14b8.3bc: Image Version: 10.0
|
|---|
| 448 | 14b8.3bc: SizeOfImage: 0x1f0000 (2031616)
|
|---|
| 449 | 14b8.3bc: Resource Dir: 0x17f000 LB 0x6f310
|
|---|
| 450 | 14b8.3bc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 451 | 14b8.3bc: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 452 | 14b8.3bc: ProductName: Microsoft® Windows® Operating System
|
|---|
| 453 | 14b8.3bc: ProductVersion: 10.0.18362.1411
|
|---|
| 454 | 14b8.3bc: FileVersion: 10.0.18362.1411 (WinBuild.160101.0800)
|
|---|
| 455 | 14b8.3bc: FileDescription: NT Layer DLL
|
|---|
| 456 | 14b8.3bc: \SystemRoot\System32\kernel32.dll:
|
|---|
| 457 | 14b8.3bc: CreationTime: 2021-02-26T10:09:36.922809700Z
|
|---|
| 458 | 14b8.3bc: LastWriteTime: 2021-02-26T10:09:36.938430200Z
|
|---|
| 459 | 14b8.3bc: ChangeTime: 2021-03-26T10:06:56.117722000Z
|
|---|
| 460 | 14b8.3bc: FileAttributes: 0x20
|
|---|
| 461 | 14b8.3bc: Size: 0xb04b0
|
|---|
| 462 | 14b8.3bc: NT Headers: 0xf8
|
|---|
| 463 | 14b8.3bc: Timestamp: 0x33adb7d2
|
|---|
| 464 | 14b8.3bc: Machine: 0x8664 - amd64
|
|---|
| 465 | 14b8.3bc: Timestamp: 0x33adb7d2
|
|---|
| 466 | 14b8.3bc: Image Version: 10.0
|
|---|
| 467 | 14b8.3bc: SizeOfImage: 0xb2000 (729088)
|
|---|
| 468 | 14b8.3bc: Resource Dir: 0xb0000 LB 0x520
|
|---|
| 469 | 14b8.3bc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 470 | 14b8.3bc: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 471 | 14b8.3bc: ProductName: Microsoft® Windows® Operating System
|
|---|
| 472 | 14b8.3bc: ProductVersion: 10.0.18362.1350
|
|---|
| 473 | 14b8.3bc: FileVersion: 10.0.18362.1350 (WinBuild.160101.0800)
|
|---|
| 474 | 14b8.3bc: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 475 | 14b8.3bc: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 476 | 14b8.3bc: CreationTime: 2021-03-26T10:05:56.470737800Z
|
|---|
| 477 | 14b8.3bc: LastWriteTime: 2021-03-26T10:05:56.533727500Z
|
|---|
| 478 | 14b8.3bc: ChangeTime: 2021-03-27T05:40:49.104658500Z
|
|---|
| 479 | 14b8.3bc: FileAttributes: 0x20
|
|---|
| 480 | 14b8.3bc: Size: 0x2a5c80
|
|---|
| 481 | 14b8.3bc: NT Headers: 0x100
|
|---|
| 482 | 14b8.3bc: Timestamp: 0xeb8644a5
|
|---|
| 483 | 14b8.3bc: Machine: 0x8664 - amd64
|
|---|
| 484 | 14b8.3bc: Timestamp: 0xeb8644a5
|
|---|
| 485 | 14b8.3bc: Image Version: 10.0
|
|---|
| 486 | 14b8.3bc: SizeOfImage: 0x2a5000 (2772992)
|
|---|
| 487 | 14b8.3bc: Resource Dir: 0x27f000 LB 0x548
|
|---|
| 488 | 14b8.3bc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 489 | 14b8.3bc: [Raw version resource data: 0x27f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 490 | 14b8.3bc: ProductName: Microsoft® Windows® Operating System
|
|---|
| 491 | 14b8.3bc: ProductVersion: 10.0.18362.1411
|
|---|
| 492 | 14b8.3bc: FileVersion: 10.0.18362.1411 (WinBuild.160101.0800)
|
|---|
| 493 | 14b8.3bc: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 494 | 14b8.3bc: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 495 | 14b8.3bc: CreationTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 496 | 14b8.3bc: LastWriteTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 497 | 14b8.3bc: ChangeTime: 2021-03-26T10:06:56.074724000Z
|
|---|
| 498 | 14b8.3bc: FileAttributes: 0x20
|
|---|
| 499 | 14b8.3bc: Size: 0x1d028
|
|---|
| 500 | 14b8.3bc: NT Headers: 0xc8
|
|---|
| 501 | 14b8.3bc: Timestamp: 0xd6ced080
|
|---|
| 502 | 14b8.3bc: Machine: 0x8664 - amd64
|
|---|
| 503 | 14b8.3bc: Timestamp: 0xd6ced080
|
|---|
| 504 | 14b8.3bc: Image Version: 10.0
|
|---|
| 505 | 14b8.3bc: SizeOfImage: 0x1e000 (122880)
|
|---|
| 506 | 14b8.3bc: Resource Dir: 0x1d000 LB 0x408
|
|---|
| 507 | 14b8.3bc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 508 | 14b8.3bc: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 509 | 14b8.3bc: ProductName: Microsoft® Windows® Operating System
|
|---|
| 510 | 14b8.3bc: ProductVersion: 10.0.18362.1
|
|---|
| 511 | 14b8.3bc: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
|
|---|
| 512 | 14b8.3bc: FileDescription: ApiSet Schema DLL
|
|---|
| 513 | 14b8.3bc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
|
|---|
| 514 | 14b8.3bc: supR3HardenedWinFindAdversaries: 0x1000
|
|---|
| 515 | 14b8.3bc: \SystemRoot\System32\drivers\vsdatant.sys:
|
|---|
| 516 | 14b8.3bc: CreationTime: 2020-03-12T13:29:04.000000000Z
|
|---|
| 517 | 14b8.3bc: LastWriteTime: 2020-12-03T07:38:34.000000000Z
|
|---|
| 518 | 14b8.3bc: ChangeTime: 2021-02-25T07:42:10.584333400Z
|
|---|
| 519 | 14b8.3bc: FileAttributes: 0x20
|
|---|
| 520 | 14b8.3bc: Size: 0x9b780
|
|---|
| 521 | 14b8.3bc: NT Headers: 0x100
|
|---|
| 522 | 14b8.3bc: Timestamp: 0x5fc7c4b8
|
|---|
| 523 | 14b8.3bc: Machine: 0x8664 - amd64
|
|---|
| 524 | 14b8.3bc: Timestamp: 0x5fc7c4b8
|
|---|
| 525 | 14b8.3bc: Image Version: 10.0
|
|---|
| 526 | 14b8.3bc: SizeOfImage: 0xc0000 (786432)
|
|---|
| 527 | 14b8.3bc: Resource Dir: 0xbe000 LB 0x3d0
|
|---|
| 528 | 14b8.3bc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 529 | 14b8.3bc: [Raw version resource data: 0xbe060 LB 0x36c, codepage 0x0 (reserved 0x0)]
|
|---|
| 530 | 14b8.3bc: ProductName: End Point Security
|
|---|
| 531 | 14b8.3bc: ProductVersion: R80
|
|---|
| 532 | 14b8.3bc: FileVersion: 926004505
|
|---|
| 533 | 14b8.3bc: FileDescription: ZoneAlarm Firewalling Driver
|
|---|
| 534 | 14b8.3bc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
|
|---|
| 535 | 14b8.3bc: Calling main()
|
|---|
| 536 | 14b8.3bc: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
|
|---|
| 537 | 14b8.3bc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
|
|---|
| 538 | 14b8.3bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 539 | 14b8.3bc: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 540 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 541 | 14b8.3bc: SUPR3HardenedMain: Final process, opening VBoxDrv...
|
|---|
| 542 | 14b8.3bc: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001100000 LB 0x400000)
|
|---|
| 543 | 14b8.3bc: supR3HardNtEnableThreadCreationEx:
|
|---|
| 544 | 14b8.3bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
|
|---|
| 545 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
|
|---|
| 546 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
|
|---|
| 547 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 548 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 549 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1ae80000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
|
|---|
| 550 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 551 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 552 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 553 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1ae80000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 554 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 555 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 556 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1ae80000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 557 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1ae80000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 558 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 559 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
|
|---|
| 560 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
|
|---|
| 561 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
|
|---|
| 562 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
|
|---|
| 563 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
|
|---|
| 564 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 565 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 566 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
|
|---|
| 567 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
|
|---|
| 568 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
|
|---|
| 569 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 570 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'.
|
|---|
| 571 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
|
|---|
| 572 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
|
|---|
| 573 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
|
|---|
| 574 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
|
|---|
| 575 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
|
|---|
| 576 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
|
|---|
| 577 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 578 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 579 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
|
|---|
| 580 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
|
|---|
| 581 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
|
|---|
| 582 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
|
|---|
| 583 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
|
|---|
| 584 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 585 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff21a20000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
|
|---|
| 586 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 587 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1f250000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
|
|---|
| 588 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
|
|---|
| 589 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1fd30000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
|
|---|
| 590 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
|
|---|
| 591 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
|
|---|
| 592 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1f3c0000 LB 0x00151000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
|
|---|
| 593 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 594 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff20570000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
|
|---|
| 595 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 596 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1f520000 LB 0x0005c000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
|
|---|
| 597 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 598 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 599 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 600 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 601 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 602 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 603 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 604 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 605 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 606 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 607 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 608 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 609 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 610 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
|
|---|
| 611 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 612 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-localization-l1-2-1'
|
|---|
| 613 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f520000 'C:\WINDOWS\system32\Wintrust.dll'
|
|---|
| 614 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
|
|---|
| 615 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
|
|---|
| 616 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 617 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff201e0000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
|
|---|
| 618 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 619 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff201e0000 'C:\WINDOWS\system32\bcrypt.dll'
|
|---|
| 620 | 14b8.3bc: bcrypt.dll loaded at 00007fff201e0000, BCryptOpenAlgorithmProvider at 00007fff201e4c70, preloading providers:
|
|---|
| 621 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
|
|---|
| 622 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
|
|---|
| 623 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 624 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1f290000 LB 0x00081000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
|
|---|
| 625 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
|
|---|
| 626 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f290000 'C:\WINDOWS\system32\bcryptprimitives.dll'
|
|---|
| 627 | 14b8.3bc: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000169db80)
|
|---|
| 628 | 14b8.3bc: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000016a0de0)
|
|---|
| 629 | 14b8.3bc: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000016a10e0)
|
|---|
| 630 | 14b8.3bc: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000016a13e0)
|
|---|
| 631 | 14b8.3bc: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000016a16e0)
|
|---|
| 632 | 14b8.3bc: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000016a19e0)
|
|---|
| 633 | 14b8.3bc: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000016a1ce0)
|
|---|
| 634 | 14b8.3bc: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000016a1fe0)
|
|---|
| 635 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff20210000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0]
|
|---|
| 636 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
|
|---|
| 637 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
|
|---|
| 638 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
|
|---|
| 639 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
|
|---|
| 640 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
|
|---|
| 641 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 642 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 643 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 644 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 645 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 646 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1e2b0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
|
|---|
| 647 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 648 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 649 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
|
|---|
| 650 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
|
|---|
| 651 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
|
|---|
| 652 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1e8a0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
|
|---|
| 653 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
|
|---|
| 654 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 655 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
|
|---|
| 656 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
|
|---|
| 657 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
|
|---|
| 658 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 659 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21da0000 'C:\WINDOWS\System32\kernel32.dll'
|
|---|
| 660 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 661 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 662 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f520000 'C:\WINDOWS\System32\WINTRUST.DLL'
|
|---|
| 663 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 664 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 665 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\CRYPT32.dll'
|
|---|
| 666 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff20b30000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
|
|---|
| 667 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
|
|---|
| 668 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
|
|---|
| 669 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
|
|---|
| 670 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 671 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 672 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 673 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 674 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 675 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 676 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff20bb0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
|
|---|
| 677 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
|
|---|
| 678 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
|
|---|
| 679 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
|
|---|
| 680 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 681 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
|
|---|
| 682 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
|
|---|
| 683 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
|
|---|
| 684 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1db70000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
|
|---|
| 685 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
|
|---|
| 686 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1f230000 LB 0x0001e000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
|
|---|
| 687 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
|
|---|
| 688 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
|
|---|
| 689 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 690 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
|
|---|
| 691 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
|
|---|
| 692 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
|
|---|
| 693 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
|
|---|
| 694 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 695 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 696 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 697 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 698 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 699 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 700 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 701 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 702 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 703 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 704 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 705 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 706 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 707 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 708 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 709 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 710 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007ffef27c0000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
|
|---|
| 711 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 712 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 713 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 714 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef27c0000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 715 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 716 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 717 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef27c0000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 718 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 719 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 720 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef27c0000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 721 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 722 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 723 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef27c0000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 724 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 725 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 726 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef27c0000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 727 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 728 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 729 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef27c0000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 730 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 731 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef27c0000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 732 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 733 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef27c0000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 734 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 735 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef27c0000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 736 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 737 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef27c0000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 738 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 739 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef27c0000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 740 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef27c0000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 741 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 742 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef27c0000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 743 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 744 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 745 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff20570000 'C:\WINDOWS\System32\rpcrt4.dll'
|
|---|
| 746 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff20770000 LB 0x000a3000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
|
|---|
| 747 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 748 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
|
|---|
| 749 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
|
|---|
| 750 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
|
|---|
| 751 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
|
|---|
| 752 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 753 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 754 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 755 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 756 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
|
|---|
| 757 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
|
|---|
| 758 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
|
|---|
| 759 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 760 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 761 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 762 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 763 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 764 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 765 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 766 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 767 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
|
|---|
| 768 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000016ab960
|
|---|
| 769 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 770 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79A6564454A63C725F9D1681D29B70D885092AA5
|
|---|
| 771 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 772 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 773 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 774 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 775 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 776 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 777 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.1441.cat'; file='\SystemRoot\System32\ntdll.dll'
|
|---|
| 778 | 14b8.3bc: g_pfnWinVerifyTrust=00007fff1f521d30
|
|---|
| 779 | 14b8.3bc: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
|
|---|
| 780 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 781 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 782 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 783 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 784 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 785 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 786 | 14b8.3bc: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
|
|---|
| 787 | 14b8.3bc: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
|
|---|
| 788 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 789 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 790 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 791 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
|
|---|
| 792 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 793 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 794 | 14b8.3bc: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
|
|---|
| 795 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 796 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 797 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 798 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 799 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
|
|---|
| 800 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a8 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
|
|---|
| 801 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 802 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 803 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
|
|---|
| 804 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 805 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 806 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 807 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.1441.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
|
|---|
| 808 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 809 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
|
|---|
| 810 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 811 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 812 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 813 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
|
|---|
| 814 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 815 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 816 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 817 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
|
|---|
| 818 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 819 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 820 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 821 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
|
|---|
| 822 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 823 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 824 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 825 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
|
|---|
| 826 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 827 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 828 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 829 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
|
|---|
| 830 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 831 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 832 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
|
|---|
| 833 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 834 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 835 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
|
|---|
| 836 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
|
|---|
| 837 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 838 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 839 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 840 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
|
|---|
| 841 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 842 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 843 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
|
|---|
| 844 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 845 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 846 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
|
|---|
| 847 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 848 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 849 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
|
|---|
| 850 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 851 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 852 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
|
|---|
| 853 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 854 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 855 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
|
|---|
| 856 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 857 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 858 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
|
|---|
| 859 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 860 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
|
|---|
| 861 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 862 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
|
|---|
| 863 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 864 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 865 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
|
|---|
| 866 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 867 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 868 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
|
|---|
| 869 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\system32\crypt32.dll'
|
|---|
| 870 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xd10babf5477e30ac CN=NBW06019.eurofunk.com
|
|---|
| 871 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
|
|---|
| 872 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
|
|---|
| 873 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
|
|---|
| 874 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
|
|---|
| 875 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
|
|---|
| 876 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
|
|---|
| 877 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x68b88d6a298bd700 CN=T1AEF-ROOTCA
|
|---|
| 878 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
|
|---|
| 879 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
|
|---|
| 880 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
|
|---|
| 881 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
|
|---|
| 882 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
|
|---|
| 883 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
|
|---|
| 884 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
|
|---|
| 885 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
|
|---|
| 886 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
|
|---|
| 887 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
|
|---|
| 888 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
|
|---|
| 889 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
|
|---|
| 890 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
|
|---|
| 891 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
|
|---|
| 892 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
|
|---|
| 893 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
|
|---|
| 894 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
|
|---|
| 895 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
|
|---|
| 896 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
|
|---|
| 897 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
|
|---|
| 898 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
|
|---|
| 899 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
|
|---|
| 900 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
|
|---|
| 901 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
|
|---|
| 902 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
|
|---|
| 903 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
|
|---|
| 904 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
|
|---|
| 905 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
|
|---|
| 906 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
|
|---|
| 907 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
|
|---|
| 908 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
|
|---|
| 909 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
|
|---|
| 910 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
|
|---|
| 911 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
|
|---|
| 912 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
|
|---|
| 913 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
|
|---|
| 914 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
|
|---|
| 915 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
|
|---|
| 916 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
|
|---|
| 917 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
|
|---|
| 918 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
|
|---|
| 919 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
|
|---|
| 920 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x3b2a6f973b859500 CN=Atos TrustedRoot 2011, O=Atos, C=DE
|
|---|
| 921 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
|
|---|
| 922 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
|
|---|
| 923 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
|
|---|
| 924 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
|
|---|
| 925 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
|
|---|
| 926 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
|
|---|
| 927 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
|
|---|
| 928 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xf9da14c6e464a000 C=AT, ST=Tirol, L=Telfs, O=Consens Zeiterfassung, OU=Consens Zeiterfassung, CN=CONSENS
|
|---|
| 929 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x9a00e81eeca7c100 DC=com, DC=eurofunk, CN=eurofunk Kappacher CA
|
|---|
| 930 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x113ab3eb3b0bdc00 CN=EF-DEV-ROOTCA01
|
|---|
| 931 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0xcdd31f8cf2afd700 CN=WSUS Publishers Self-signed
|
|---|
| 932 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x9a00e81eeca7c100 DC=com, DC=eurofunk, CN=eurofunk Kappacher CA
|
|---|
| 933 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x9a00e81eeca7c100 DC=com, DC=eurofunk, CN=eurofunk Kappacher CA
|
|---|
| 934 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x3c38c1f784c4f100 CN=EUROFUNKRCA
|
|---|
| 935 | 14b8.3bc: supR3HardenedWinIsDesiredRootCA: Adding 0x9a00e81eeca7c100 DC=com, DC=eurofunk, CN=eurofunk Kappacher CA
|
|---|
| 936 | 14b8.3bc: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=66
|
|---|
| 937 | 14b8.3bc: SUPR3HardenedMain: Load Runtime...
|
|---|
| 938 | 14b8.3bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
|
|---|
| 939 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 940 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 941 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 942 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 943 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 944 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
|
|---|
| 945 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 946 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 947 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 948 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 949 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 950 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
|
|---|
| 951 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
|
|---|
| 952 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
|
|---|
| 953 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 954 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 955 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
|
|---|
| 956 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 957 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 958 | 14b8.3bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
|
|---|
| 959 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 960 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 961 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
|
|---|
| 962 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 963 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 964 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
|
|---|
| 965 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 966 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 967 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 968 | 14b8.3bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
|
|---|
| 969 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 970 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 971 | 14b8.3bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
|
|---|
| 972 | 14b8.3bc: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 973 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
|
|---|
| 974 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 975 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 976 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
|
|---|
| 977 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
|
|---|
| 978 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 979 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
|
|---|
| 980 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 981 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00000000651e0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
|
|---|
| 982 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
|
|---|
| 983 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 0000000064660000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
|
|---|
| 984 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 985 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff208f0000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
|
|---|
| 986 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
|
|---|
| 987 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007ffeb6fb0000 LB 0x005e1000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
|
|---|
| 988 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 989 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 990 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 991 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 992 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 993 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 994 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 995 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 996 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 997 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 998 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 999 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1000 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1001 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1002 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1003 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1004 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1005 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1006 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1007 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1008 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1009 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1010 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1011 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1012 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1013 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1014 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1015 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1016 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1017 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1018 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1019 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1020 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1021 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1022 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1023 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1024 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1025 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1026 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1027 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1028 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1029 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1030 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1031 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1032 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1033 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1034 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1035 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1036 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1037 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1038 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1039 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1040 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1041 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1042 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1043 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1044 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1045 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1046 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1047 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1048 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1049 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1050 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1051 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1052 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1053 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1054 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1055 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1056 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1057 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1058 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1059 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1060 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1061 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1062 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1063 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1064 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1065 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1066 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1067 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1068 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1069 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1070 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1071 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1072 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1073 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1074 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1075 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1076 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1077 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1078 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1079 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1080 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1081 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1082 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1083 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1084 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1085 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1086 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1087 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1088 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1089 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1090 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1091 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1092 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1093 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1094 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1095 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1096 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1097 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1098 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1099 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1100 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1101 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1102 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1103 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1104 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1105 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1106 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1107 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1108 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1109 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1110 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1111 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1112 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1113 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1114 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1115 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1116 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1117 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1118 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1119 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1120 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1121 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1122 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1123 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1124 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1125 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1126 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1127 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1128 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1129 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1130 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1131 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1132 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1133 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1134 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1135 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1136 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1137 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1138 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1139 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1140 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1141 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1142 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1143 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1144 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1145 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1146 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1147 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1148 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1149 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1150 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1151 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1152 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1153 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1154 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1155 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1156 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1157 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1158 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1159 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1160 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1161 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1162 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1163 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1164 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1165 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1166 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1167 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
|
|---|
| 1168 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
|
|---|
| 1169 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1170 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f520000 'C:\WINDOWS\system32\Wintrust.dll'
|
|---|
| 1171 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
|
|---|
| 1172 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1173 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1174 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1175 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1176 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1177 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\system32\crypt32.dll'
|
|---|
| 1178 | 14b8.3bc: SUPR3HardenedMain: Load TrustedMain...
|
|---|
| 1179 | 14b8.3bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
|
|---|
| 1180 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1181 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
|
|---|
| 1182 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
|
|---|
| 1183 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 1184 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
|
|---|
| 1185 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
|
|---|
| 1186 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
|
|---|
| 1187 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
|
|---|
| 1188 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
|
|---|
| 1189 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
|
|---|
| 1190 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
|
|---|
| 1191 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
|
|---|
| 1192 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
|
|---|
| 1193 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
|
|---|
| 1194 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
|
|---|
| 1195 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
|
|---|
| 1196 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 1197 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1198 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1199 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1200 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
|
|---|
| 1201 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
|
|---|
| 1202 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
|
|---|
| 1203 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
|
|---|
| 1204 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1205 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1206 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1207 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1208 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
|
|---|
| 1209 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
|
|---|
| 1210 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1211 | 14b8.3bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
|
|---|
| 1212 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1213 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
|
|---|
| 1214 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
|
|---|
| 1215 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1216 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1217 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
|
|---|
| 1218 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1219 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
|
|---|
| 1220 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1221 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1222 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 1223 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
|
|---|
| 1224 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
|
|---|
| 1225 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
|
|---|
| 1226 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
|
|---|
| 1227 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1228 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1229 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1230 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1231 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1232 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1233 | 14b8.3bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
|
|---|
| 1234 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 1235 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'bcryptprimitives.dll'.
|
|---|
| 1236 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
|
|---|
| 1237 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
|
|---|
| 1238 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 1239 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1240 | 14b8.3bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
|
|---|
| 1241 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
|
|---|
| 1242 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
|
|---|
| 1243 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
|
|---|
| 1244 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1245 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
|
|---|
| 1246 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1247 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1248 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1249 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1250 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
|
|---|
| 1251 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
|
|---|
| 1252 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'.
|
|---|
| 1253 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
|
|---|
| 1254 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
|
|---|
| 1255 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
|
|---|
| 1256 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1257 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1258 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1259 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1260 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
|
|---|
| 1261 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1262 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1263 | 14b8.3bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
|
|---|
| 1264 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
|
|---|
| 1265 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
|
|---|
| 1266 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
|
|---|
| 1267 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
|
|---|
| 1268 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1269 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1270 | 14b8.3bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
|
|---|
| 1271 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
|
|---|
| 1272 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
|
|---|
| 1273 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
|
|---|
| 1274 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1275 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1276 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1277 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1278 | 14b8.3bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
|
|---|
| 1279 | 14b8.3bc: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
|
|---|
| 1280 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
|
|---|
| 1281 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
|
|---|
| 1282 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1283 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1284 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1285 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1286 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1287 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
|
|---|
| 1288 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1289 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1290 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
|
|---|
| 1291 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
|
|---|
| 1292 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) WinVerifyTrust
|
|---|
| 1293 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
|
|---|
| 1294 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1295 | 14b8.3bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
|
|---|
| 1296 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1297 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1298 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1299 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1300 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1301 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
|
|---|
| 1302 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1303 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
|
|---|
| 1304 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
|
|---|
| 1305 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
|
|---|
| 1306 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
|
|---|
| 1307 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
|
|---|
| 1308 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1309 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1310 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1311 | 14b8.3bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
|
|---|
| 1312 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1313 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1314 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1315 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1316 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1317 | 14b8.3bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
|
|---|
| 1318 | 14b8.3bc: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
|
|---|
| 1319 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1320 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
|
|---|
| 1321 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
|
|---|
| 1322 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 1323 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 1324 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
|
|---|
| 1325 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
|
|---|
| 1326 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
|
|---|
| 1327 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
|
|---|
| 1328 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1329 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1330 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1331 | 14b8.3bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
|
|---|
| 1332 | 14b8.3bc: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
|
|---|
| 1333 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
|
|---|
| 1334 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
|
|---|
| 1335 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
|
|---|
| 1336 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1337 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
|
|---|
| 1338 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1339 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1340 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
|
|---|
| 1341 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1342 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1343 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1344 | 14b8.3bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
|
|---|
| 1345 | 14b8.3bc: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 1346 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 1347 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1348 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
|
|---|
| 1349 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
|
|---|
| 1350 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
|
|---|
| 1351 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1352 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1353 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
|
|---|
| 1354 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
|
|---|
| 1355 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1356 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1357 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1358 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1359 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1360 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1361 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1362 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1363 | 14b8.3bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
|
|---|
| 1364 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'.
|
|---|
| 1365 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'.
|
|---|
| 1366 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
|
|---|
| 1367 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
|
|---|
| 1368 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1369 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1370 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1371 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1372 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1373 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1374 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1375 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1376 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1377 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1378 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1379 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1380 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1381 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1382 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1383 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1384 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1385 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1386 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1387 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1388 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1389 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1390 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1391 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1392 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1393 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1394 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1395 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1396 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1397 | 14b8.3bc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
|
|---|
| 1398 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1399 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
|
|---|
| 1400 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1401 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
|
|---|
| 1402 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
|
|---|
| 1403 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
|
|---|
| 1404 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
|
|---|
| 1405 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1406 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1407 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
|
|---|
| 1408 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1409 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1410 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1411 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1412 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1413 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1414 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
|
|---|
| 1415 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1416 | 14b8.3bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
|
|---|
| 1417 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
|
|---|
| 1418 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
|
|---|
| 1419 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 1420 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1421 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
|
|---|
| 1422 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1423 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1424 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
|
|---|
| 1425 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1426 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1427 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
|
|---|
| 1428 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1429 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1430 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
|
|---|
| 1431 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1432 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1433 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1434 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
|
|---|
| 1435 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1436 | 14b8.3bc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
|
|---|
| 1437 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1438 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 1439 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
|
|---|
| 1440 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
|
|---|
| 1441 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
|
|---|
| 1442 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1443 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1444 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1445 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1446 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1447 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1448 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1449 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1450 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
|
|---|
| 1451 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1452 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1453 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
|
|---|
| 1454 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1455 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1456 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1457 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1458 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1459 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1460 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1461 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1462 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
|
|---|
| 1463 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1464 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1465 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1466 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1467 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1468 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
|
|---|
| 1469 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1470 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 1471 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1472 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
|
|---|
| 1473 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
|
|---|
| 1474 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
|
|---|
| 1475 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1476 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1477 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
|
|---|
| 1478 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1479 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1480 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
|
|---|
| 1481 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1482 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1483 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1484 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1485 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1486 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1487 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1488 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1489 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
|
|---|
| 1490 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1491 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1492 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1493 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1494 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1495 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1496 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1497 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1498 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1499 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1500 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1501 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1502 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1503 | 14b8.3bc: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
|
|---|
| 1504 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1505 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1506 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
|
|---|
| 1507 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1508 | 14b8.3bc: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
|
|---|
| 1509 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1510 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1511 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1512 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1513 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1514 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1515 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 1516 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1517 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
|
|---|
| 1518 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1519 | 14b8.3bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
|
|---|
| 1520 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1521 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
|
|---|
| 1522 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
|
|---|
| 1523 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
|
|---|
| 1524 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
|
|---|
| 1525 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
|
|---|
| 1526 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 1527 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
|
|---|
| 1528 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
|
|---|
| 1529 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
|
|---|
| 1530 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
|
|---|
| 1531 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
|
|---|
| 1532 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
|
|---|
| 1533 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1534 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1535 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
|
|---|
| 1536 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
|
|---|
| 1537 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 1538 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 1539 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0837440FAE05EB650168FFA2D15E73182F6A3A26
|
|---|
| 1540 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1541 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1542 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1543 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1544 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
|
|---|
| 1545 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1546 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1547 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
|
|---|
| 1548 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1549 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1550 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
|
|---|
| 1551 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1552 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1553 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1554 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1555 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1556 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1557 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1558 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1559 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1560 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1561 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1562 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1563 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1564 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1565 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 1566 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1567 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1568 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1569 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.1377.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
|
|---|
| 1570 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1571 | 14b8.3bc: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
|
|---|
| 1572 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
|
|---|
| 1573 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
|
|---|
| 1574 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
|
|---|
| 1575 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
|
|---|
| 1576 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1577 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1578 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
|
|---|
| 1579 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1580 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
|
|---|
| 1581 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
|
|---|
| 1582 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
|
|---|
| 1583 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
|
|---|
| 1584 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 1585 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
|
|---|
| 1586 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DXCore.dll)
|
|---|
| 1587 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DXCore.dll
|
|---|
| 1588 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1f580000 LB 0x00021000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
|
|---|
| 1589 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
|
|---|
| 1590 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1f320000 LB 0x0009e000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
|
|---|
| 1591 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
|
|---|
| 1592 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff20230000 LB 0x00198000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
|
|---|
| 1593 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 1594 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
|
|---|
| 1595 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
|
|---|
| 1596 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
|
|---|
| 1597 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
|
|---|
| 1598 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
|
|---|
| 1599 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff20a40000 LB 0x00026000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
|
|---|
| 1600 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
|
|---|
| 1601 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff203d0000 LB 0x00194000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
|
|---|
| 1602 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [avoiding WinVerifyTrust]
|
|---|
| 1603 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff20f40000 LB 0x00336000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
|
|---|
| 1604 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
|
|---|
| 1605 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff200e0000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
|
|---|
| 1606 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
|
|---|
| 1607 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
|
|---|
| 1608 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1dcd0000 LB 0x00020000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0]
|
|---|
| 1609 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
|
|---|
| 1610 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007ffee4250000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
|
|---|
| 1611 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
|
|---|
| 1612 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007ffee3210000 LB 0x00156000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
|
|---|
| 1613 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
|
|---|
| 1614 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff20a80000 LB 0x000a7000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
|
|---|
| 1615 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1616 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
|
|---|
| 1617 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
|
|---|
| 1618 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
|
|---|
| 1619 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
|
|---|
| 1620 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1f1d0000 LB 0x00010000 C:\WINDOWS\System32\UMPDC.dll [fFlags=0x0]
|
|---|
| 1621 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\umpdc.dll)
|
|---|
| 1622 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\umpdc.dll
|
|---|
| 1623 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1f1e0000 LB 0x0004a000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
|
|---|
| 1624 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
|
|---|
| 1625 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'.
|
|---|
| 1626 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
|
|---|
| 1627 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
|
|---|
| 1628 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff20710000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
|
|---|
| 1629 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
|
|---|
| 1630 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
|
|---|
| 1631 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
|
|---|
| 1632 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
|
|---|
| 1633 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
|
|---|
| 1634 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1f270000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
|
|---|
| 1635 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
|
|---|
| 1636 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
|
|---|
| 1637 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
|
|---|
| 1638 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
|
|---|
| 1639 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1f5b0000 LB 0x0077b000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
|
|---|
| 1640 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
|
|---|
| 1641 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
|
|---|
| 1642 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
|
|---|
| 1643 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
|
|---|
| 1644 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
|
|---|
| 1645 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
|
|---|
| 1646 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff21330000 LB 0x006e8000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
|
|---|
| 1647 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
|
|---|
| 1648 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff21ac0000 LB 0x00157000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
|
|---|
| 1649 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
|
|---|
| 1650 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007ffeeefe0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
|
|---|
| 1651 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
|
|---|
| 1652 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 0000000064c70000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
|
|---|
| 1653 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1654 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007ffebc310000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
|
|---|
| 1655 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1656 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 0000000064700000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
|
|---|
| 1657 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
|
|---|
| 1658 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff20820000 LB 0x000c5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
|
|---|
| 1659 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
|
|---|
| 1660 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007ffeb75a0000 LB 0x02317000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
|
|---|
| 1661 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
|
|---|
| 1662 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00000000645e0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
|
|---|
| 1663 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1664 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1c660000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
|
|---|
| 1665 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
|
|---|
| 1666 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1c690000 LB 0x00024000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
|
|---|
| 1667 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
|
|---|
| 1668 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007ffebbb20000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
|
|---|
| 1669 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
|
|---|
| 1670 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
|
|---|
| 1671 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 1672 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
|
|---|
| 1673 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 1674 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
|
|---|
| 1675 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 1676 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
|
|---|
| 1677 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 1678 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
|
|---|
| 1679 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 1680 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
|
|---|
| 1681 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 1682 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
|
|---|
| 1683 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 1684 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
|
|---|
| 1685 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 1686 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
|
|---|
| 1687 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 1688 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
|
|---|
| 1689 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 1690 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
|
|---|
| 1691 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 1692 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
|
|---|
| 1693 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 1694 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 1695 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 1696 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
|
|---|
| 1697 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 1698 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
|
|---|
| 1699 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 1700 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
|
|---|
| 1701 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 1702 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
|
|---|
| 1703 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 1704 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
|
|---|
| 1705 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 1706 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
|
|---|
| 1707 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 1708 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
|
|---|
| 1709 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
|
|---|
| 1710 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1711 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
|
|---|
| 1712 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1713 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1714 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 1715 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1716 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
|
|---|
| 1717 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
|
|---|
| 1718 | 14b8.3bc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
|
|---|
| 1719 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1720 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1721 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
|
|---|
| 1722 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
|
|---|
| 1723 | 14b8.3bc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
|
|---|
| 1724 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1725 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1726 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1727 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1728 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1729 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1730 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
|
|---|
| 1731 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
|
|---|
| 1732 | 14b8.3bc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
|
|---|
| 1733 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1734 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1735 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
|
|---|
| 1736 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
|
|---|
| 1737 | 14b8.3bc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
|
|---|
| 1738 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1739 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1740 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'...
|
|---|
| 1741 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1742 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\umpdc.dll [redoing WinVerifyTrust]
|
|---|
| 1743 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
|
|---|
| 1744 | 14b8.3bc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\umpdc.dll
|
|---|
| 1745 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1746 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1747 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1748 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1749 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
|
|---|
| 1750 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
|
|---|
| 1751 | 14b8.3bc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
|
|---|
| 1752 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1753 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1754 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
|
|---|
| 1755 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1756 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1757 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1758 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1759 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
|
|---|
| 1760 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
|
|---|
| 1761 | 14b8.3bc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
|
|---|
| 1762 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1763 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1764 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
|
|---|
| 1765 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
|
|---|
| 1766 | 14b8.3bc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
|
|---|
| 1767 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1768 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1769 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
|
|---|
| 1770 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
|
|---|
| 1771 | 14b8.3bc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
|
|---|
| 1772 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 1773 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1774 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
|
|---|
| 1775 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
|
|---|
| 1776 | 14b8.3bc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
|
|---|
| 1777 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1778 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1779 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
|
|---|
| 1780 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
|
|---|
| 1781 | 14b8.3bc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
|
|---|
| 1782 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 1783 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1784 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
|
|---|
| 1785 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
|
|---|
| 1786 | 14b8.3bc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
|
|---|
| 1787 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1788 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21da0000 'C:\WINDOWS\System32\kernel32.dll'
|
|---|
| 1789 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
|
|---|
| 1790 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 1791 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
|
|---|
| 1792 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 1793 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
|
|---|
| 1794 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 1795 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
|
|---|
| 1796 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 1797 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
|
|---|
| 1798 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 1799 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
|
|---|
| 1800 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 1801 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
|
|---|
| 1802 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 1803 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
|
|---|
| 1804 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 1805 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
|
|---|
| 1806 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 1807 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
|
|---|
| 1808 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 1809 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
|
|---|
| 1810 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 1811 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
|
|---|
| 1812 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 1813 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 1814 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 1815 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
|
|---|
| 1816 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 1817 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
|
|---|
| 1818 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 1819 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
|
|---|
| 1820 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 1821 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
|
|---|
| 1822 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 1823 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
|
|---|
| 1824 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 1825 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
|
|---|
| 1826 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 1827 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
|
|---|
| 1828 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 1829 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
|
|---|
| 1830 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 1831 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
|
|---|
| 1832 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 1833 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
|
|---|
| 1834 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 1835 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
|
|---|
| 1836 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 1837 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
|
|---|
| 1838 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 1839 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
|
|---|
| 1840 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 1841 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
|
|---|
| 1842 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 1843 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
|
|---|
| 1844 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 1845 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
|
|---|
| 1846 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 1847 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
|
|---|
| 1848 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 1849 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
|
|---|
| 1850 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 1851 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 1852 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 1853 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
|
|---|
| 1854 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 1855 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
|
|---|
| 1856 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 1857 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
|
|---|
| 1858 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 1859 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
|
|---|
| 1860 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 1861 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
|
|---|
| 1862 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 1863 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
|
|---|
| 1864 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 1865 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
|
|---|
| 1866 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1867 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-string-l1-1-0'
|
|---|
| 1868 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
|
|---|
| 1869 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 1870 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
|
|---|
| 1871 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 1872 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
|
|---|
| 1873 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 1874 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
|
|---|
| 1875 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 1876 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
|
|---|
| 1877 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 1878 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
|
|---|
| 1879 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 1880 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
|
|---|
| 1881 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 1882 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
|
|---|
| 1883 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 1884 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
|
|---|
| 1885 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 1886 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
|
|---|
| 1887 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 1888 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
|
|---|
| 1889 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 1890 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
|
|---|
| 1891 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 1892 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 1893 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 1894 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
|
|---|
| 1895 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 1896 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
|
|---|
| 1897 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 1898 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
|
|---|
| 1899 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 1900 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
|
|---|
| 1901 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 1902 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
|
|---|
| 1903 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 1904 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
|
|---|
| 1905 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 1906 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
|
|---|
| 1907 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 1908 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
|
|---|
| 1909 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 1910 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
|
|---|
| 1911 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 1912 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
|
|---|
| 1913 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 1914 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
|
|---|
| 1915 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 1916 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
|
|---|
| 1917 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 1918 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
|
|---|
| 1919 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 1920 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
|
|---|
| 1921 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 1922 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
|
|---|
| 1923 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 1924 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
|
|---|
| 1925 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 1926 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
|
|---|
| 1927 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 1928 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
|
|---|
| 1929 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 1930 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 1931 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 1932 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
|
|---|
| 1933 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 1934 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
|
|---|
| 1935 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 1936 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
|
|---|
| 1937 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 1938 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
|
|---|
| 1939 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 1940 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
|
|---|
| 1941 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 1942 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
|
|---|
| 1943 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 1944 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 1945 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1946 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-datetime-l1-1-1'
|
|---|
| 1947 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
|
|---|
| 1948 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 1949 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
|
|---|
| 1950 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 1951 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
|
|---|
| 1952 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 1953 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
|
|---|
| 1954 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 1955 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
|
|---|
| 1956 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 1957 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
|
|---|
| 1958 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 1959 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
|
|---|
| 1960 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 1961 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
|
|---|
| 1962 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 1963 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
|
|---|
| 1964 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 1965 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
|
|---|
| 1966 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 1967 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
|
|---|
| 1968 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 1969 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
|
|---|
| 1970 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 1971 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 1972 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 1973 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
|
|---|
| 1974 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 1975 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
|
|---|
| 1976 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 1977 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
|
|---|
| 1978 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 1979 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
|
|---|
| 1980 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 1981 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
|
|---|
| 1982 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 1983 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
|
|---|
| 1984 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 1985 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
|
|---|
| 1986 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 1987 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
|
|---|
| 1988 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 1989 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
|
|---|
| 1990 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 1991 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
|
|---|
| 1992 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 1993 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
|
|---|
| 1994 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 1995 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
|
|---|
| 1996 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 1997 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
|
|---|
| 1998 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 1999 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
|
|---|
| 2000 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2001 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
|
|---|
| 2002 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2003 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
|
|---|
| 2004 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2005 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
|
|---|
| 2006 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2007 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
|
|---|
| 2008 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2009 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2010 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2011 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
|
|---|
| 2012 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2013 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
|
|---|
| 2014 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2015 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
|
|---|
| 2016 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2017 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
|
|---|
| 2018 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2019 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
|
|---|
| 2020 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2021 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
|
|---|
| 2022 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2023 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 2024 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2025 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-localization-obsolete-l1-2-0'
|
|---|
| 2026 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
|
|---|
| 2027 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2028 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2029 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2030 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
|
|---|
| 2031 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2032 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
|
|---|
| 2033 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2034 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
|
|---|
| 2035 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2036 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
|
|---|
| 2037 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2038 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2039 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2040 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
|
|---|
| 2041 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2042 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
|
|---|
| 2043 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2044 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
|
|---|
| 2045 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2046 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
|
|---|
| 2047 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2048 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
|
|---|
| 2049 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2050 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2051 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2052 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
|
|---|
| 2053 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2054 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
|
|---|
| 2055 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2056 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
|
|---|
| 2057 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2058 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
|
|---|
| 2059 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2060 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
|
|---|
| 2061 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2062 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
|
|---|
| 2063 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2064 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
|
|---|
| 2065 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2066 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2067 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2068 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
|
|---|
| 2069 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2070 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
|
|---|
| 2071 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2072 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
|
|---|
| 2073 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2074 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
|
|---|
| 2075 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2076 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2077 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2078 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
|
|---|
| 2079 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2080 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
|
|---|
| 2081 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2082 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
|
|---|
| 2083 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2084 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
|
|---|
| 2085 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2086 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
|
|---|
| 2087 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2088 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2089 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2090 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
|
|---|
| 2091 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2092 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
|
|---|
| 2093 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2094 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
|
|---|
| 2095 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2096 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
|
|---|
| 2097 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2098 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
|
|---|
| 2099 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2100 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
|
|---|
| 2101 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2102 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
|
|---|
| 2103 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
|
|---|
| 2104 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
|
|---|
| 2105 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
|
|---|
| 2106 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
|
|---|
| 2107 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2108 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2109 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
|
|---|
| 2110 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
|
|---|
| 2111 | 14b8.3bc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
|
|---|
| 2112 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2113 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2114 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
|
|---|
| 2115 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
|
|---|
| 2116 | 14b8.3bc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
|
|---|
| 2117 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2118 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff21d70000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
|
|---|
| 2119 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
|
|---|
| 2120 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21d70000 'C:\WINDOWS\system32\IMM32.DLL'
|
|---|
| 2121 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
|
|---|
| 2122 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
|
|---|
| 2123 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
|
|---|
| 2124 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2125 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2126 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2127 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
|
|---|
| 2128 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2129 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
|
|---|
| 2130 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2131 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
|
|---|
| 2132 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2133 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
|
|---|
| 2134 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2135 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2136 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2137 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
|
|---|
| 2138 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2139 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
|
|---|
| 2140 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2141 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
|
|---|
| 2142 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2143 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
|
|---|
| 2144 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2145 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
|
|---|
| 2146 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2147 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2148 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2149 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
|
|---|
| 2150 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2151 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
|
|---|
| 2152 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2153 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
|
|---|
| 2154 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2155 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
|
|---|
| 2156 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2157 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
|
|---|
| 2158 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2159 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
|
|---|
| 2160 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2161 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
|
|---|
| 2162 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
|
|---|
| 2163 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
|
|---|
| 2164 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2165 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2166 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2167 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
|
|---|
| 2168 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2169 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
|
|---|
| 2170 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2171 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
|
|---|
| 2172 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2173 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
|
|---|
| 2174 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2175 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2176 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2177 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
|
|---|
| 2178 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2179 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
|
|---|
| 2180 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2181 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
|
|---|
| 2182 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2183 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
|
|---|
| 2184 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2185 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
|
|---|
| 2186 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2187 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2188 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2189 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
|
|---|
| 2190 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2191 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
|
|---|
| 2192 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2193 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
|
|---|
| 2194 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2195 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
|
|---|
| 2196 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2197 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
|
|---|
| 2198 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2199 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
|
|---|
| 2200 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2201 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
|
|---|
| 2202 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2203 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff20770000 'C:\WINDOWS\System32\ADVAPI32.DLL'
|
|---|
| 2204 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
|
|---|
| 2205 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
|
|---|
| 2206 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
|
|---|
| 2207 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2208 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2209 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2210 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
|
|---|
| 2211 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2212 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
|
|---|
| 2213 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2214 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
|
|---|
| 2215 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2216 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
|
|---|
| 2217 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2218 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2219 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2220 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
|
|---|
| 2221 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2222 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
|
|---|
| 2223 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2224 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
|
|---|
| 2225 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2226 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
|
|---|
| 2227 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2228 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
|
|---|
| 2229 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2230 | 14b8.3bc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2231 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2232 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
|
|---|
| 2233 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2234 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
|
|---|
| 2235 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2236 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
|
|---|
| 2237 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2238 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
|
|---|
| 2239 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2240 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
|
|---|
| 2241 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2242 | 14b8.3bc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
|
|---|
| 2243 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2244 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebbb20000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
|
|---|
| 2245 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2246 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2247 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
|
|---|
| 2248 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2249 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2250 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'
|
|---|
| 2251 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2252 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2253 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
|
|---|
| 2254 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2255 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2256 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
|
|---|
| 2257 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2258 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2259 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'
|
|---|
| 2260 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2261 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2262 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'
|
|---|
| 2263 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2264 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2265 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
|
|---|
| 2266 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2267 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2268 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
|
|---|
| 2269 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2270 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2271 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'
|
|---|
| 2272 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2273 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2274 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'
|
|---|
| 2275 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume4\Windows\System32\glu32.dll
|
|---|
| 2276 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 2277 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 2278 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F356C86D0A2DBA0570D09B39D4AF818DFCB17010
|
|---|
| 2279 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2280 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2281 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.1377.cat'; file='\Device\HarddiskVolume4\Windows\System32\glu32.dll'
|
|---|
| 2282 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2283 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll'
|
|---|
| 2284 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2285 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2286 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll'
|
|---|
| 2287 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2288 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2289 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
|
|---|
| 2290 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2291 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
|
|---|
| 2292 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2293 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2294 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll'
|
|---|
| 2295 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2296 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2297 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
|
|---|
| 2298 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2299 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2300 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
|
|---|
| 2301 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2302 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2303 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
|
|---|
| 2304 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2305 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2306 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
|
|---|
| 2307 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
|
|---|
| 2308 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2309 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2310 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2311 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'
|
|---|
| 2312 | 14b8.3bc: SUPR3HardenedMain: Calling TrustedMain (00007ffebbb216c0)...
|
|---|
| 2313 | 14b8.3bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
|
|---|
| 2314 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2315 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 2316 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
|
|---|
| 2317 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 2318 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
|
|---|
| 2319 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
|
|---|
| 2320 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
|
|---|
| 2321 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
|
|---|
| 2322 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
|
|---|
| 2323 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
|
|---|
| 2324 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
|
|---|
| 2325 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
|
|---|
| 2326 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
|
|---|
| 2327 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
|
|---|
| 2328 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2329 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2330 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 2331 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2332 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 2333 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 2334 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2335 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 2336 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2337 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2338 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
|
|---|
| 2339 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 2340 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2341 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
|
|---|
| 2342 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2343 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2344 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
|
|---|
| 2345 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 2346 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2347 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
|
|---|
| 2348 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 2349 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2350 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
|
|---|
| 2351 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2352 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2353 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2354 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2355 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
|
|---|
| 2356 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2357 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2358 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2359 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
|
|---|
| 2360 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007ffec5ad0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
|
|---|
| 2361 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
|
|---|
| 2362 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec5ad0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
|
|---|
| 2363 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006d4 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
|
|---|
| 2364 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 2365 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 2366 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC4075B94E896B3CAA9912F5E86E9C45EF536E1D
|
|---|
| 2367 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2368 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2369 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.18362.1441.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
|
|---|
| 2370 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2371 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2372 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
|
|---|
| 2373 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
|
|---|
| 2374 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
|
|---|
| 2375 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
|
|---|
| 2376 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2377 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2378 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2379 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2380 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2381 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2382 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2383 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
|
|---|
| 2384 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1c8b0000 LB 0x00099000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
|
|---|
| 2385 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
|
|---|
| 2386 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c8b0000 'C:\WINDOWS\system32\uxtheme.dll'
|
|---|
| 2387 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff203d0000 'C:\WINDOWS\system32\user32.dll'
|
|---|
| 2388 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
|
|---|
| 2389 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2390 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21330000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2391 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
|
|---|
| 2392 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2393 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff20a80000 'C:\WINDOWS\system32\SHCore.dll'
|
|---|
| 2394 | 14b8.3bc: \Device\HarddiskVolume4\Windows\System32\wintab32.dll: Owner is administrators group.
|
|---|
| 2395 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2396 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2397 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'wtsapi32.dll'.
|
|---|
| 2398 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mpr.dll'.
|
|---|
| 2399 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 2400 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 2401 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
|
|---|
| 2402 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
|
|---|
| 2403 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
|
|---|
| 2404 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintab32.dll) WinVerifyTrust
|
|---|
| 2405 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintab32.dll
|
|---|
| 2406 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2407 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2408 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
|
|---|
| 2409 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2410 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2411 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
|
|---|
| 2412 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 2413 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2414 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
|
|---|
| 2415 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2416 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2417 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
|
|---|
| 2418 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2419 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2420 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
|
|---|
| 2421 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
|
|---|
| 2422 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2423 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll
|
|---|
| 2424 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
|
|---|
| 2425 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2426 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2427 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2428 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2429 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wtsapi32.dll) WinVerifyTrust
|
|---|
| 2430 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll
|
|---|
| 2431 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2432 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2433 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2434 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintab32.dll
|
|---|
| 2435 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll
|
|---|
| 2436 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1c4e0000 LB 0x00013000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
|
|---|
| 2437 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll
|
|---|
| 2438 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007ffebc0b0000 LB 0x0025e000 C:\WINDOWS\system32\wintab32.dll [fFlags=0x0]
|
|---|
| 2439 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintab32.dll
|
|---|
| 2440 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 2441 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2442 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 2443 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 2444 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2445 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 2446 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 2447 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2448 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 2449 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 2450 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2451 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 2452 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
|
|---|
| 2453 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2454 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-localization-l1-2-1'
|
|---|
| 2455 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
|
|---|
| 2456 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2457 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21da0000 'C:\WINDOWS\System32\kernel32.dll'
|
|---|
| 2458 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
|
|---|
| 2459 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2460 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-string-l1-1-0'
|
|---|
| 2461 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 2462 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2463 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-datetime-l1-1-1'
|
|---|
| 2464 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 2465 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2466 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-localization-obsolete-l1-2-0'
|
|---|
| 2467 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc0b0000 'C:\WINDOWS\system32\wintab32.dll'
|
|---|
| 2468 | 14b8.3bc: Error (rc=0):
|
|---|
| 2469 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\Wacom_Tablet.dll
|
|---|
| 2470 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033
|
|---|
| 2471 | 14b8.3bc: Error (rc=0):
|
|---|
| 2472 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\Pen_Tablet.dll
|
|---|
| 2473 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033
|
|---|
| 2474 | 14b8.3bc: Error (rc=0):
|
|---|
| 2475 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\ISD_Tablet.dll
|
|---|
| 2476 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033
|
|---|
| 2477 | 14b8.3bc: Error (rc=0):
|
|---|
| 2478 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\Wacom_Tablet.dll
|
|---|
| 2479 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033
|
|---|
| 2480 | 14b8.3bc: Error (rc=0):
|
|---|
| 2481 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\Pen_Tablet.dll
|
|---|
| 2482 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033
|
|---|
| 2483 | 14b8.3bc: Error (rc=0):
|
|---|
| 2484 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\ISD_Tablet.dll
|
|---|
| 2485 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033
|
|---|
| 2486 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff203d0000 'C:\WINDOWS\system32\user32.dll'
|
|---|
| 2487 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
|
|---|
| 2488 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2489 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\system32\winmm.dll'
|
|---|
| 2490 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
|
|---|
| 2491 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2492 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\system32\winmm.dll'
|
|---|
| 2493 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
|
|---|
| 2494 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2495 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21330000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2496 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
|
|---|
| 2497 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2498 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c8b0000 'C:\WINDOWS\system32\uxtheme.dll'
|
|---|
| 2499 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
|
|---|
| 2500 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2501 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff20770000 'C:\WINDOWS\system32\advapi32.dll'
|
|---|
| 2502 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2503 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2504 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
|
|---|
| 2505 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'.
|
|---|
| 2506 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
|
|---|
| 2507 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
|
|---|
| 2508 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
|
|---|
| 2509 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2510 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
|
|---|
| 2511 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2512 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2513 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2514 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
|
|---|
| 2515 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1f0f0000 LB 0x00025000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
|
|---|
| 2516 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
|
|---|
| 2517 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f0f0000 'C:\WINDOWS\system32\userenv.dll'
|
|---|
| 2518 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
|
|---|
| 2519 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2520 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21da0000 'C:\WINDOWS\System32\kernel32.dll'
|
|---|
| 2521 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff21280000 LB 0x000a2000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
|
|---|
| 2522 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2523 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
|
|---|
| 2524 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
|
|---|
| 2525 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
|
|---|
| 2526 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2527 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2528 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2529 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2530 | 14b8.2bf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2531 | 14b8.2bf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2532 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
|
|---|
| 2533 | 14b8.2bf0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
|
|---|
| 2534 | 14b8.2bf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2535 | 14b8.2bf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2536 | 14b8.2bf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 2537 | 14b8.2bf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2538 | 14b8.2bf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 2539 | 14b8.2bf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
|
|---|
| 2540 | 14b8.2bf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
|
|---|
| 2541 | 14b8.2bf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
|
|---|
| 2542 | 14b8.2bf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 2543 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2544 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2545 | 14b8.2bf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
|
|---|
| 2546 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2547 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2548 | 14b8.2bf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
|
|---|
| 2549 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2550 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2551 | 14b8.2bf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
|
|---|
| 2552 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2553 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2554 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 2555 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2556 | 14b8.2bf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 2557 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2558 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2559 | 14b8.2bf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2560 | 14b8.2bf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 2561 | 14b8.2bf0: supR3HardenedDllNotificationCallback: load 00007ffebbcf0000 LB 0x003c0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
|
|---|
| 2562 | 14b8.2bf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 2563 | 14b8.2bf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebbcf0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
|
|---|
| 2564 | 14b8.2bf0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
|
|---|
| 2565 | 14b8.2bf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2566 | 14b8.2bf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2567 | 14b8.2bf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 2568 | 14b8.2bf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 2569 | 14b8.2bf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
|
|---|
| 2570 | 14b8.2bf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
|
|---|
| 2571 | 14b8.2bf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
|
|---|
| 2572 | 14b8.2bf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
|
|---|
| 2573 | 14b8.2bf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
|
|---|
| 2574 | 14b8.2bf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
|
|---|
| 2575 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2576 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2577 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2578 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2579 | 14b8.2bf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
|
|---|
| 2580 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2581 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2582 | 14b8.2bf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
|
|---|
| 2583 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 2584 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2585 | 14b8.2bf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
|
|---|
| 2586 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2587 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2588 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2589 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2590 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2591 | 14b8.2bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2592 | 14b8.2bf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2593 | 14b8.2bf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
|
|---|
| 2594 | 14b8.2bf0: supR3HardenedDllNotificationCallback: load 00007ffebdaa0000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
|
|---|
| 2595 | 14b8.2bf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
|
|---|
| 2596 | 14b8.2bf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebdaa0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
|
|---|
| 2597 | 14b8.2bf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
|
|---|
| 2598 | 14b8.2bf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2599 | 14b8.2bf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff20820000 'C:\Windows\System32\oleaut32.dll'
|
|---|
| 2600 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff20a40000 'C:\WINDOWS\system32\gdi32.dll'
|
|---|
| 2601 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
|
|---|
| 2602 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2603 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21330000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2604 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2605 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2606 | 14b8.3bc: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
|
|---|
| 2607 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll) WinVerifyTrust
|
|---|
| 2608 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 2609 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2610 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff22320000 'C:\WINDOWS\System32\ntdll.dll'
|
|---|
| 2611 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff20c50000 LB 0x00135000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
|
|---|
| 2612 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2613 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
|
|---|
| 2614 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
|
|---|
| 2615 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
|
|---|
| 2616 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
|
|---|
| 2617 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'advapi32.dll'.
|
|---|
| 2618 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
|
|---|
| 2619 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
|
|---|
| 2620 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2621 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2622 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 2623 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2624 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
|
|---|
| 2625 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2626 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2627 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2628 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2629 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2630 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2631 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
|
|---|
| 2632 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2633 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2634 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2635 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2636 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
|
|---|
| 2637 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000990 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
|
|---|
| 2638 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 2639 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 2640 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C9B0BE701CDD3934C4537BC9090BB23A9DABB80B
|
|---|
| 2641 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2642 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2643 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.18362.1441.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
|
|---|
| 2644 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2645 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2646 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
|
|---|
| 2647 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
|
|---|
| 2648 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
|
|---|
| 2649 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
|
|---|
| 2650 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
|
|---|
| 2651 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
|
|---|
| 2652 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
|
|---|
| 2653 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2654 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2655 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2656 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
|
|---|
| 2657 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
|
|---|
| 2658 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
|
|---|
| 2659 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
|
|---|
| 2660 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
|
|---|
| 2661 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2662 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 2663 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2664 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
|
|---|
| 2665 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2666 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2667 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
|
|---|
| 2668 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2669 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
|
|---|
| 2670 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2671 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2672 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2673 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'dxgi.dll'.
|
|---|
| 2674 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'win32u.dll'.
|
|---|
| 2675 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
|
|---|
| 2676 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
|
|---|
| 2677 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 2678 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2679 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
|
|---|
| 2680 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 2681 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2682 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
|
|---|
| 2683 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2684 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2685 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
|
|---|
| 2686 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2687 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2688 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
|
|---|
| 2689 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
|
|---|
| 2690 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2691 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2692 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2693 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2694 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
|
|---|
| 2695 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll) WinVerifyTrust
|
|---|
| 2696 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
|
|---|
| 2697 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2698 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2699 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2700 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2701 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2702 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2703 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2704 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
|
|---|
| 2705 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
|
|---|
| 2706 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
|
|---|
| 2707 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
|
|---|
| 2708 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1dd60000 LB 0x000eb000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
|
|---|
| 2709 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
|
|---|
| 2710 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1b630000 LB 0x0025b000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
|
|---|
| 2711 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
|
|---|
| 2712 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1bcf0000 LB 0x001dd000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
|
|---|
| 2713 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
|
|---|
| 2714 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007ffee4330000 LB 0x0003b000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
|
|---|
| 2715 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
|
|---|
| 2716 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff20a40000 'C:\WINDOWS\System32\gdi32.dll'
|
|---|
| 2717 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee4330000 'C:\WINDOWS\system32\dataexchange.dll'
|
|---|
| 2718 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rmclient.dll'.
|
|---|
| 2719 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
|
|---|
| 2720 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
|
|---|
| 2721 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'msvcp_win.dll'.
|
|---|
| 2722 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
|
|---|
| 2723 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
|
|---|
| 2724 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2725 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
|
|---|
| 2726 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rmclient.dll)
|
|---|
| 2727 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rmclient.dll
|
|---|
| 2728 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1ced0000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
|
|---|
| 2729 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
|
|---|
| 2730 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1cac0000 LB 0x0025a000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
|
|---|
| 2731 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
|
|---|
| 2732 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2733 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2734 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2735 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2736 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 2737 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2738 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
|
|---|
| 2739 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 2740 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2741 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
|
|---|
| 2742 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2743 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2744 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
|
|---|
| 2745 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume4\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2746 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
|
|---|
| 2747 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2748 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2749 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rmclient.dll'
|
|---|
| 2750 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2751 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2752 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
|
|---|
| 2753 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
|
|---|
| 2754 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2755 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff20a80000 'C:\WINDOWS\system32\Shcore.dll'
|
|---|
| 2756 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2757 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
|
|---|
| 2758 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'coreuicomponents.dll'.
|
|---|
| 2759 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coremessaging.dll'.
|
|---|
| 2760 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll)
|
|---|
| 2761 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
|
|---|
| 2762 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2763 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
|
|---|
| 2764 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'shcore.dll'.
|
|---|
| 2765 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll)
|
|---|
| 2766 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
|
|---|
| 2767 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2768 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll)
|
|---|
| 2769 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
|
|---|
| 2770 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll)
|
|---|
| 2771 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll
|
|---|
| 2772 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
|
|---|
| 2773 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
|
|---|
| 2774 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
|
|---|
| 2775 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
|
|---|
| 2776 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
|
|---|
| 2777 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1dc60000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
|
|---|
| 2778 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
|
|---|
| 2779 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff1c240000 LB 0x000d4000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
|
|---|
| 2780 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
|
|---|
| 2781 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff19d80000 LB 0x00152000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
|
|---|
| 2782 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
|
|---|
| 2783 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff19fb0000 LB 0x0032a000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
|
|---|
| 2784 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
|
|---|
| 2785 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff0bbe0000 LB 0x0009d000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
|
|---|
| 2786 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
|
|---|
| 2787 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
|
|---|
| 2788 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2789 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
|
|---|
| 2790 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2791 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2792 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 2793 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2794 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
|
|---|
| 2795 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2796 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2797 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 2798 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2799 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
|
|---|
| 2800 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
|
|---|
| 2801 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2802 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
|
|---|
| 2803 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2804 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2805 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
|
|---|
| 2806 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2807 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
|
|---|
| 2808 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
|
|---|
| 2809 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2810 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
|
|---|
| 2811 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2812 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2813 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2814 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2815 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2816 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2817 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
|
|---|
| 2818 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2819 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2820 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntmarta.dll'
|
|---|
| 2821 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2822 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2823 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll'
|
|---|
| 2824 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2825 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2826 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll'
|
|---|
| 2827 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2828 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2829 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
|
|---|
| 2830 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2831 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2832 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff203d0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
|
|---|
| 2833 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2834 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2835 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff203d0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
|
|---|
| 2836 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2837 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2838 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff20f40000 'api-ms-win-core-com-l1-1-0.dll'
|
|---|
| 2839 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2840 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\iertutil.dll)
|
|---|
| 2841 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\iertutil.dll
|
|---|
| 2842 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff09be0000 LB 0x002a7000 C:\WINDOWS\System32\iertutil.dll [fFlags=0x0]
|
|---|
| 2843 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
|
|---|
| 2844 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2845 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2846 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2847 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2848 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\iertutil.dll'
|
|---|
| 2849 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
|
|---|
| 2850 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2851 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff20c50000 'C:\WINDOWS\System32\MSCTF.dll'
|
|---|
| 2852 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000acc pwszName=\Device\HarddiskVolume4\Windows\System32\oleacc.dll
|
|---|
| 2853 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 2854 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 2855 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1BEDEE19D2B5051E320169871E5D75A5E13293CB
|
|---|
| 2856 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2857 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2858 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04113~31bf3856ad364e35~amd64~~10.0.18362.1440.cat'; file='\Device\HarddiskVolume4\Windows\System32\oleacc.dll'
|
|---|
| 2859 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2860 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
|
|---|
| 2861 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
|
|---|
| 2862 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleacc.dll) WinVerifyTrust
|
|---|
| 2863 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleacc.dll
|
|---|
| 2864 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2865 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2866 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2867 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2868 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2869 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleacc.dll
|
|---|
| 2870 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007ffeef3f0000 LB 0x00065000 C:\WINDOWS\system32\Oleacc.dll [fFlags=0x0]
|
|---|
| 2871 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleacc.dll
|
|---|
| 2872 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeef3f0000 'C:\WINDOWS\system32\Oleacc.dll'
|
|---|
| 2873 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff20820000 'C:\WINDOWS\System32\OLEAUT32.DLL'
|
|---|
| 2874 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleacc.dll
|
|---|
| 2875 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2876 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeef3f0000 'C:\WINDOWS\system32\oleacc.dll'
|
|---|
| 2877 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleacc.dll
|
|---|
| 2878 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2879 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeef3f0000 'C:\Windows\System32\oleacc.dll'
|
|---|
| 2880 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21330000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2881 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21330000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2882 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21ac0000 'C:\WINDOWS\System32\ole32.dll'
|
|---|
| 2883 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff20820000 'C:\WINDOWS\System32\OLEAUT32.dll'
|
|---|
| 2884 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b08 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
|
|---|
| 2885 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 2886 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 2887 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=44E40386AF0D57A42A98A600819DBDC3E308B1D1
|
|---|
| 2888 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2889 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2890 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.1441.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
|
|---|
| 2891 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2892 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2893 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 2894 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
|
|---|
| 2895 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
|
|---|
| 2896 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
|
|---|
| 2897 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
|
|---|
| 2898 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2899 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b1c pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
|
|---|
| 2900 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 2901 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 2902 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D98553F4132CB95DBCBC33DB5F559AF6498E77AE
|
|---|
| 2903 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2904 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2905 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.1441.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
|
|---|
| 2906 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2907 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2908 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
|
|---|
| 2909 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
|
|---|
| 2910 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
|
|---|
| 2911 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
|
|---|
| 2912 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 2913 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2914 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
|
|---|
| 2915 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2916 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2917 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 2918 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2919 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
|
|---|
| 2920 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 2921 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2922 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
|
|---|
| 2923 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2924 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2925 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2926 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
|
|---|
| 2927 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
|
|---|
| 2928 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff09810000 LB 0x00090000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
|
|---|
| 2929 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
|
|---|
| 2930 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff08660000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
|
|---|
| 2931 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
|
|---|
| 2932 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2933 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2934 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
|
|---|
| 2935 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff08660000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
|
|---|
| 2936 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae8 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 2937 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 2938 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 2939 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=93A8F77B2517317B0A1807B79E07F6A7CEFD27B6
|
|---|
| 2940 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2941 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2942 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.1441.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
|
|---|
| 2943 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2944 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2945 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
|
|---|
| 2946 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
|
|---|
| 2947 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 2948 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2949 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2950 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2951 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2952 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2953 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 2954 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff08100000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
|
|---|
| 2955 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 2956 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff08100000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
|
|---|
| 2957 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
|
|---|
| 2958 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2959 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-localization-l1-2-0.dll'
|
|---|
| 2960 | 14b8.3bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2961 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2962 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
|
|---|
| 2963 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b60 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
|
|---|
| 2964 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 2965 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 2966 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0708A64F48237CD4D5092546CE9C373F20B30CA1
|
|---|
| 2967 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2968 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2969 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.1441.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
|
|---|
| 2970 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2971 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2972 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
|
|---|
| 2973 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
|
|---|
| 2974 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
|
|---|
| 2975 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
|
|---|
| 2976 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2977 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
|
|---|
| 2978 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2979 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2980 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2981 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
|
|---|
| 2982 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff081a0000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
|
|---|
| 2983 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
|
|---|
| 2984 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff081a0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
|
|---|
| 2985 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b30 pwszName=\Device\HarddiskVolume4\Windows\System32\amsi.dll
|
|---|
| 2986 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 2987 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 2988 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFE35A9A23BBFDF3E59A314D0CDCF1D4BAE34DC4
|
|---|
| 2989 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2990 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2991 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.18362.1441.cat'; file='\Device\HarddiskVolume4\Windows\System32\amsi.dll'
|
|---|
| 2992 | 14b8.3bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2993 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2994 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
|
|---|
| 2995 | 14b8.3bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'userenv.dll'.
|
|---|
| 2996 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\amsi.dll) WinVerifyTrust
|
|---|
| 2997 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\amsi.dll
|
|---|
| 2998 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
|
|---|
| 2999 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3000 | 14b8.3bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
|
|---|
| 3001 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3002 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3003 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3004 | 14b8.3bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3005 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3006 | 14b8.3bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
|
|---|
| 3007 | 14b8.3bc: supR3HardenedDllNotificationCallback: load 00007fff069a0000 LB 0x00017000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
|
|---|
| 3008 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
|
|---|
| 3009 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff069a0000 'C:\WINDOWS\System32\amsi.dll'
|
|---|
| 3010 | 14b8.3bc: \Device\HarddiskVolume4\Program Files\SentinelOne\Sentinel Agent 4.6.13.298\SentinelAmsi64.dll: Owner is not trusted installer (01 06 00 00 00 00 00 05 50 00 00 00 fd 23 61 39 4a 14 d6 5a 8d 32 1f 5a 3a ed 93 7f 6f 0a 0b 78)
|
|---|
| 3011 | 14b8.3bc: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume4\Program Files\SentinelOne\Sentinel Agent 4.6.13.298\SentinelAmsi64.dll)
|
|---|
| 3012 | 14b8.3bc: Error (rc=0):
|
|---|
| 3013 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume4\Program Files\SentinelOne\Sentinel Agent 4.6.13.298\SentinelAmsi64.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume4\Program Files\SentinelOne\Sentinel Agent 4.6.13.298\SentinelAmsi64.dll'.
|
|---|
| 3014 | 14b8.3bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\SentinelOne\Sentinel Agent 4.6.13.298\SentinelAmsi64.dll
|
|---|
| 3015 | 14b8.3bc: Error (rc=0):
|
|---|
| 3016 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\SentinelOne\Sentinel Agent 4.6.13.298\SentinelAmsi64.dll' (C:\Program Files\SentinelOne\Sentinel Agent 4.6.13.298\SentinelAmsi64.dll): rcNt=0xc0000190
|
|---|
| 3017 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\SentinelOne\Sentinel Agent 4.6.13.298\SentinelAmsi64.dll'
|
|---|
| 3018 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume4\Program Files\SentinelOne\Sentinel Agent 4.6.13.298\SentinelAmsi64.dll [lacks WinVerifyTrust]
|
|---|
| 3019 | 14b8.3bc: Error (rc=0):
|
|---|
| 3020 | 14b8.3bc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume4\Program Files\SentinelOne\Sentinel Agent 4.6.13.298\SentinelAmsi64.dll
|
|---|
| 3021 | 14b8.3bc: Error (rc=0):
|
|---|
| 3022 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\SentinelOne\Sentinel Agent 4.6.13.298\SentinelAmsi64.dll' (C:\Program Files\SentinelOne\Sentinel Agent 4.6.13.298\SentinelAmsi64.dll): rcNt=0xc0000190
|
|---|
| 3023 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\SentinelOne\Sentinel Agent 4.6.13.298\SentinelAmsi64.dll'
|
|---|
| 3024 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff20770000 'C:\WINDOWS\System32\ADVAPI32.dll'
|
|---|
| 3025 | 14b8.4e28: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
|
|---|
| 3026 | 14b8.4e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3027 | 14b8.4e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3028 | 14b8.4e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 3029 | 14b8.4e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
|
|---|
| 3030 | 14b8.4e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3031 | 14b8.4e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3032 | 14b8.4e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3033 | 14b8.4e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3034 | 14b8.4e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3035 | 14b8.4e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3036 | 14b8.4e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3037 | 14b8.4e28: supR3HardenedDllNotificationCallback: load 00007ffebb7a0000 LB 0x0037e000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
|
|---|
| 3038 | 14b8.4e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3039 | 14b8.4e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebb7a0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
|
|---|
| 3040 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3041 | 14b8.304c: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
|
|---|
| 3042 | 14b8.304c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3043 | 14b8.304c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3044 | 14b8.304c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 3045 | 14b8.304c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
|
|---|
| 3046 | 14b8.304c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
|
|---|
| 3047 | 14b8.304c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
|
|---|
| 3048 | 14b8.304c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
|
|---|
| 3049 | 14b8.304c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
|
|---|
| 3050 | 14b8.304c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3051 | 14b8.304c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3052 | 14b8.304c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3053 | 14b8.304c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3054 | 14b8.304c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 3055 | 14b8.304c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3056 | 14b8.304c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3057 | 14b8.304c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 3058 | 14b8.304c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3059 | 14b8.304c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3060 | 14b8.304c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3061 | 14b8.304c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3062 | 14b8.304c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
|
|---|
| 3063 | 14b8.304c: supR3HardenedDllNotificationCallback: load 00007fff1ae70000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
|
|---|
| 3064 | 14b8.304c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
|
|---|
| 3065 | 14b8.304c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1ae70000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
|
|---|
| 3066 | 14b8.4aec: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
|
|---|
| 3067 | 14b8.4aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3068 | 14b8.4aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3069 | 14b8.4aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 3070 | 14b8.4aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 3071 | 14b8.4aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
|
|---|
| 3072 | 14b8.4aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
|
|---|
| 3073 | 14b8.4aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3074 | 14b8.4aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3075 | 14b8.4aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 3076 | 14b8.4aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3077 | 14b8.4aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3078 | 14b8.4aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3079 | 14b8.4aec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3080 | 14b8.4aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
|
|---|
| 3081 | 14b8.4aec: supR3HardenedDllNotificationCallback: load 00007fff15730000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
|
|---|
| 3082 | 14b8.4aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
|
|---|
| 3083 | 14b8.4aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15730000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
|
|---|
| 3084 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21330000 'C:\WINDOWS\system32\Shell32.dll'
|
|---|
| 3085 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cf0 pwszName=\Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll
|
|---|
| 3086 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 3087 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 3088 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F44CBC4BAFE3CCCC07F920C1E6C13E8202CB0B4C
|
|---|
| 3089 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3090 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3091 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.18362.1377.cat'; file='\Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll'
|
|---|
| 3092 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3093 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
|
|---|
| 3094 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
|
|---|
| 3095 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll
|
|---|
| 3096 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
|
|---|
| 3097 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume4\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3098 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3099 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3100 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\vid.dll) WinVerifyTrust
|
|---|
| 3101 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\vid.dll
|
|---|
| 3102 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3103 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll
|
|---|
| 3104 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vid.dll
|
|---|
| 3105 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff015c0000 LB 0x00019000 C:\WINDOWS\SYSTEM32\vid.dll [fFlags=0x0]
|
|---|
| 3106 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vid.dll
|
|---|
| 3107 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007ffef0240000 LB 0x00024000 C:\WINDOWS\system32\WinHvPlatform.dll [fFlags=0x0]
|
|---|
| 3108 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll
|
|---|
| 3109 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef0240000 'C:\WINDOWS\system32\WinHvPlatform.dll'
|
|---|
| 3110 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vid.dll
|
|---|
| 3111 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3112 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff015c0000 'C:\WINDOWS\system32\vid.dll'
|
|---|
| 3113 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 3114 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3115 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff22320000 'C:\WINDOWS\system32\NTDLL.DLL'
|
|---|
| 3116 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3117 | 14b8.4a08: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
|
|---|
| 3118 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3119 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3120 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
|
|---|
| 3121 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 3122 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
|
|---|
| 3123 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
|
|---|
| 3124 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 3125 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
|
|---|
| 3126 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
|
|---|
| 3127 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
|
|---|
| 3128 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
|
|---|
| 3129 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
|
|---|
| 3130 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
|
|---|
| 3131 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
|
|---|
| 3132 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3133 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3134 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3135 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
|
|---|
| 3136 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
|
|---|
| 3137 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 3138 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3139 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 3140 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3141 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
|
|---|
| 3142 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 3143 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3144 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3145 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3146 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3147 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
|
|---|
| 3148 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cfgmgr32.dll'.
|
|---|
| 3149 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
|
|---|
| 3150 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
|
|---|
| 3151 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
|
|---|
| 3152 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3153 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3154 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
|
|---|
| 3155 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3156 | 14b8.4a08: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
|
|---|
| 3157 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 3158 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3159 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
|
|---|
| 3160 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
|
|---|
| 3161 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3162 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
|
|---|
| 3163 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3164 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3165 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3166 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3167 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3168 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3169 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 3170 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
|
|---|
| 3171 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
|
|---|
| 3172 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
|
|---|
| 3173 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3174 | 14b8.4a08: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
|
|---|
| 3175 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3176 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3177 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3178 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3179 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 3180 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3181 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3182 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 3183 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 3184 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
|
|---|
| 3185 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
|
|---|
| 3186 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
|
|---|
| 3187 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
|
|---|
| 3188 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3189 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3190 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 3191 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3192 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3193 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3194 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3195 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3196 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3197 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 3198 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3199 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
|
|---|
| 3200 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3201 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3202 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3203 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3204 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3205 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3206 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3207 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
|
|---|
| 3208 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
|
|---|
| 3209 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
|
|---|
| 3210 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
|
|---|
| 3211 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff21e60000 LB 0x00470000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
|
|---|
| 3212 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
|
|---|
| 3213 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007ffebf580000 LB 0x00067000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
|
|---|
| 3214 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
|
|---|
| 3215 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007ffeb6750000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
|
|---|
| 3216 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
|
|---|
| 3217 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff1e440000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
|
|---|
| 3218 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
|
|---|
| 3219 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007ffebadb0000 LB 0x009e8000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
|
|---|
| 3220 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
|
|---|
| 3221 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebadb0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
|
|---|
| 3222 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3223 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 3224 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3225 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebbcf0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
|
|---|
| 3226 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3227 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
|
|---|
| 3228 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3229 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6750000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
|
|---|
| 3230 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3231 | 14b8.43b8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
|
|---|
| 3232 | 14b8.43b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3233 | 14b8.43b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3234 | 14b8.43b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
|
|---|
| 3235 | 14b8.43b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 3236 | 14b8.43b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
|
|---|
| 3237 | 14b8.43b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
|
|---|
| 3238 | 14b8.43b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3239 | 14b8.43b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3240 | 14b8.43b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 3241 | 14b8.43b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3242 | 14b8.43b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3243 | 14b8.43b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3244 | 14b8.43b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3245 | 14b8.43b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3246 | 14b8.43b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
|
|---|
| 3247 | 14b8.43b8: supR3HardenedDllNotificationCallback: load 00007ffeef060000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
|
|---|
| 3248 | 14b8.43b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
|
|---|
| 3249 | 14b8.43b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeef060000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
|
|---|
| 3250 | 14b8.4b54: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
|
|---|
| 3251 | 14b8.4b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3252 | 14b8.4b54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3253 | 14b8.4b54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 3254 | 14b8.4b54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
|
|---|
| 3255 | 14b8.4b54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
|
|---|
| 3256 | 14b8.4b54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
|
|---|
| 3257 | 14b8.4b54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
|
|---|
| 3258 | 14b8.4b54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3259 | 14b8.4b54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3260 | 14b8.4b54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 3261 | 14b8.4b54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3262 | 14b8.4b54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3263 | 14b8.4b54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 3264 | 14b8.4b54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3265 | 14b8.4b54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3266 | 14b8.4b54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3267 | 14b8.4b54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3268 | 14b8.4b54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
|
|---|
| 3269 | 14b8.4b54: supR3HardenedDllNotificationCallback: load 00007fff15720000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
|
|---|
| 3270 | 14b8.4b54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
|
|---|
| 3271 | 14b8.4b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15720000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
|
|---|
| 3272 | 14b8.41f0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
|
|---|
| 3273 | 14b8.41f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3274 | 14b8.41f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3275 | 14b8.41f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 3276 | 14b8.41f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 3277 | 14b8.41f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
|
|---|
| 3278 | 14b8.41f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
|
|---|
| 3279 | 14b8.41f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3280 | 14b8.41f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3281 | 14b8.41f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 3282 | 14b8.41f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3283 | 14b8.41f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3284 | 14b8.41f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3285 | 14b8.41f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3286 | 14b8.41f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
|
|---|
| 3287 | 14b8.41f0: supR3HardenedDllNotificationCallback: load 00007fff0caa0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
|
|---|
| 3288 | 14b8.41f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
|
|---|
| 3289 | 14b8.41f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0caa0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
|
|---|
| 3290 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
|
|---|
| 3291 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3292 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e440000 'C:\WINDOWS\system32\Iphlpapi.dll'
|
|---|
| 3293 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 3294 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
|
|---|
| 3295 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
|
|---|
| 3296 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
|
|---|
| 3297 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff20a70000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
|
|---|
| 3298 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
|
|---|
| 3299 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
|
|---|
| 3300 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff150f0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
|
|---|
| 3301 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
|
|---|
| 3302 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 3303 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll)
|
|---|
| 3304 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
|
|---|
| 3305 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff142f0000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
|
|---|
| 3306 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
|
|---|
| 3307 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 3308 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
|
|---|
| 3309 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
|
|---|
| 3310 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll)
|
|---|
| 3311 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
|
|---|
| 3312 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff14930000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
|
|---|
| 3313 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
|
|---|
| 3314 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ws2_32.dll'.
|
|---|
| 3315 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'nsi.dll'.
|
|---|
| 3316 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dnsapi.dll)
|
|---|
| 3317 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dnsapi.dll
|
|---|
| 3318 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff1e490000 LB 0x000cb000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
|
|---|
| 3319 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
|
|---|
| 3320 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
|
|---|
| 3321 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3322 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
|
|---|
| 3323 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 3324 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3325 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
|
|---|
| 3326 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
|
|---|
| 3327 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3328 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
|
|---|
| 3329 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 3330 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3331 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
|
|---|
| 3332 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3333 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3334 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3335 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3336 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
|
|---|
| 3337 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3338 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
|
|---|
| 3339 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3340 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3341 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3342 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3343 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dnsapi.dll'
|
|---|
| 3344 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001004 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
|
|---|
| 3345 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 3346 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 3347 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1DCF393E857906A5D8EE3B77BAFBC689F3C62587
|
|---|
| 3348 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3349 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3350 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.1441.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
|
|---|
| 3351 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3352 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
|
|---|
| 3353 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ff8 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
|
|---|
| 3354 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 3355 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 3356 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=660345FF413C91A981DE3625BA8520D06115250B
|
|---|
| 3357 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3358 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3359 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.1441.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
|
|---|
| 3360 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3361 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
|
|---|
| 3362 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3363 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3364 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll'
|
|---|
| 3365 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3366 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3367 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
|
|---|
| 3368 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3369 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3370 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 3371 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
|
|---|
| 3372 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
|
|---|
| 3373 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
|
|---|
| 3374 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
|
|---|
| 3375 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
|
|---|
| 3376 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3377 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3378 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3379 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
|
|---|
| 3380 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll) WinVerifyTrust
|
|---|
| 3381 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
|
|---|
| 3382 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3383 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3384 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 3385 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3386 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
|
|---|
| 3387 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
|
|---|
| 3388 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3389 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
|
|---|
| 3390 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3391 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
|
|---|
| 3392 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
|
|---|
| 3393 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff1efb0000 LB 0x0002a000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
|
|---|
| 3394 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
|
|---|
| 3395 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff11000000 LB 0x00072000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
|
|---|
| 3396 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
|
|---|
| 3397 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff11000000 'C:\WINDOWS\System32\MMDevApi.dll'
|
|---|
| 3398 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001118 pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
|
|---|
| 3399 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 3400 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 3401 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8184043CF3F3DF1E3CF96E74DBBF7D0836417373
|
|---|
| 3402 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3403 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3404 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.1377.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
|
|---|
| 3405 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3406 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3407 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
|
|---|
| 3408 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
|
|---|
| 3409 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
|
|---|
| 3410 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 3411 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3412 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
|
|---|
| 3413 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3414 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3415 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3416 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
|
|---|
| 3417 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007ffebf040000 LB 0x00099000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
|
|---|
| 3418 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
|
|---|
| 3419 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
|
|---|
| 3420 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3421 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf040000 'C:\WINDOWS\System32\dsound.dll'
|
|---|
| 3422 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf040000 'C:\WINDOWS\System32\dsound.dll'
|
|---|
| 3423 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
|
|---|
| 3424 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3425 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf040000 'C:\WINDOWS\system32\dsound.dll'
|
|---|
| 3426 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
|
|---|
| 3427 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3428 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff11000000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
|
|---|
| 3429 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
|
|---|
| 3430 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3431 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3432 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010dc pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
|
|---|
| 3433 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 3434 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 3435 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38EA8D6D625C6A0A9075DAE17FD33652FF8FC23A
|
|---|
| 3436 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3437 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3438 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.1377.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
|
|---|
| 3439 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3440 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3441 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
|
|---|
| 3442 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
|
|---|
| 3443 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
|
|---|
| 3444 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
|
|---|
| 3445 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
|
|---|
| 3446 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
|
|---|
| 3447 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3448 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3449 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3450 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
|
|---|
| 3451 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
|
|---|
| 3452 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
|
|---|
| 3453 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3454 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3455 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3456 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3457 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
|
|---|
| 3458 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
|
|---|
| 3459 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
|
|---|
| 3460 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3461 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
|
|---|
| 3462 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3463 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3464 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3465 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3466 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
|
|---|
| 3467 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 3468 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
|
|---|
| 3469 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
|
|---|
| 3470 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
|
|---|
| 3471 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff143a0000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
|
|---|
| 3472 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
|
|---|
| 3473 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff1a510000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
|
|---|
| 3474 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
|
|---|
| 3475 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007ffeefd80000 LB 0x00044000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
|
|---|
| 3476 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
|
|---|
| 3477 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeefd80000 'C:\WINDOWS\System32\wdmaud.drv'
|
|---|
| 3478 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
|
|---|
| 3479 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 3480 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeefd80000 'C:\WINDOWS\System32\wdmaud.drv'
|
|---|
| 3481 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
|
|---|
| 3482 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 3483 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeefd80000 'C:\WINDOWS\System32\wdmaud.drv'
|
|---|
| 3484 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
|
|---|
| 3485 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 3486 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeefd80000 'C:\WINDOWS\System32\wdmaud.drv'
|
|---|
| 3487 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
|
|---|
| 3488 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 3489 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeefd80000 'C:\WINDOWS\System32\wdmaud.drv'
|
|---|
| 3490 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3491 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3492 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 3493 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
|
|---|
| 3494 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
|
|---|
| 3495 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
|
|---|
| 3496 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
|
|---|
| 3497 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
|
|---|
| 3498 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
|
|---|
| 3499 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3500 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
|
|---|
| 3501 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 3502 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3503 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3504 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3505 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
|
|---|
| 3506 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 3507 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3508 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
|
|---|
| 3509 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3510 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
|
|---|
| 3511 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff11080000 LB 0x0015f000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
|
|---|
| 3512 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
|
|---|
| 3513 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff11080000 'C:\WINDOWS\System32\AUDIOSES.DLL'
|
|---|
| 3514 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001008 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
|
|---|
| 3515 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 3516 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 3517 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=763C5E89A8DA653902990733D245B99CC7C40BEA
|
|---|
| 3518 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3519 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3520 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.1377.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
|
|---|
| 3521 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3522 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3523 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
|
|---|
| 3524 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
|
|---|
| 3525 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
|
|---|
| 3526 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
|
|---|
| 3527 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
|
|---|
| 3528 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
|
|---|
| 3529 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3530 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
|
|---|
| 3531 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
|
|---|
| 3532 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3533 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3534 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3535 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3536 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
|
|---|
| 3537 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
|
|---|
| 3538 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
|
|---|
| 3539 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3540 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
|
|---|
| 3541 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3542 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3543 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3544 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3545 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 3546 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
|
|---|
| 3547 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
|
|---|
| 3548 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007ffeff7a0000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
|
|---|
| 3549 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
|
|---|
| 3550 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff05a10000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
|
|---|
| 3551 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
|
|---|
| 3552 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05a10000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 3553 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
|
|---|
| 3554 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 3555 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05a10000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 3556 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
|
|---|
| 3557 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 3558 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05a10000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 3559 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
|
|---|
| 3560 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 3561 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05a10000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 3562 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
|
|---|
| 3563 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 3564 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05a10000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 3565 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
|
|---|
| 3566 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 3567 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05a10000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 3568 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
|
|---|
| 3569 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 3570 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05a10000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 3571 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05a10000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 3572 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05a10000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 3573 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05a10000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 3574 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001130 pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
|
|---|
| 3575 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 3576 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 3577 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB34EC166C3F780657AB67E557E6C2E60C398D10
|
|---|
| 3578 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3579 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3580 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.1377.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
|
|---|
| 3581 | 14b8.4a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3582 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3583 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
|
|---|
| 3584 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
|
|---|
| 3585 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
|
|---|
| 3586 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 3587 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3588 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
|
|---|
| 3589 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3590 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3591 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 3592 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
|
|---|
| 3593 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff05a00000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
|
|---|
| 3594 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
|
|---|
| 3595 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05a00000 'C:\WINDOWS\System32\midimap.dll'
|
|---|
| 3596 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
|
|---|
| 3597 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 3598 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05a00000 'C:\WINDOWS\System32\midimap.dll'
|
|---|
| 3599 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
|
|---|
| 3600 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 3601 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05a00000 'C:\WINDOWS\System32\midimap.dll'
|
|---|
| 3602 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
|
|---|
| 3603 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 3604 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05a00000 'C:\WINDOWS\System32\midimap.dll'
|
|---|
| 3605 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3606 | 14b8.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3607 | 14b8.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
|
|---|
| 3608 | 14b8.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll)
|
|---|
| 3609 | 14b8.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll
|
|---|
| 3610 | 14b8.3a88: supR3HardenedDllNotificationCallback: load 00007fff1caa0000 LB 0x00014000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
|
|---|
| 3611 | 14b8.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
|
|---|
| 3612 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3613 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3614 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3615 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3616 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3617 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3618 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll'
|
|---|
| 3619 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3620 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3621 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
|
|---|
| 3622 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3623 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf040000 'C:\WINDOWS\system32\dsound.dll'
|
|---|
| 3624 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3625 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3626 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3627 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3628 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3629 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3630 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 3631 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
|
|---|
| 3632 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
|
|---|
| 3633 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'dwmapi.dll'.
|
|---|
| 3634 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d9.dll) WinVerifyTrust
|
|---|
| 3635 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d9.dll
|
|---|
| 3636 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
|
|---|
| 3637 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3638 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
|
|---|
| 3639 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3640 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3641 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3642 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3643 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'win32u.dll'.
|
|---|
| 3644 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
|
|---|
| 3645 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'gdi32.dll'.
|
|---|
| 3646 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll) WinVerifyTrust
|
|---|
| 3647 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
|
|---|
| 3648 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 3649 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3650 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
|
|---|
| 3651 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 3652 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3653 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3654 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3655 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3656 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3657 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 3658 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3659 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3660 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3661 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 3662 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3663 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3664 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3665 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3666 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d9.dll
|
|---|
| 3667 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
|
|---|
| 3668 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff1c9c0000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\dwmapi.dll [fFlags=0x0]
|
|---|
| 3669 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
|
|---|
| 3670 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007ffefbf40000 LB 0x001c7000 C:\WINDOWS\system32\d3d9.dll [fFlags=0x0]
|
|---|
| 3671 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d9.dll
|
|---|
| 3672 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 3673 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3674 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3675 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3676 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
|
|---|
| 3677 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 3678 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
|
|---|
| 3679 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll) WinVerifyTrust
|
|---|
| 3680 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll
|
|---|
| 3681 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 3682 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3683 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3684 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3685 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3686 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3687 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3688 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll
|
|---|
| 3689 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007ffefb030000 LB 0x00165000 C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll [fFlags=0x0]
|
|---|
| 3690 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll
|
|---|
| 3691 | 14b8.4a08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 3692 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3693 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 3694 | 14b8.4a08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
|
|---|
| 3695 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3696 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-localization-l1-2-1'
|
|---|
| 3697 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
|
|---|
| 3698 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3699 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21da0000 'C:\WINDOWS\System32\kernel32.dll'
|
|---|
| 3700 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 3701 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3702 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3703 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3704 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
|
|---|
| 3705 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
|
|---|
| 3706 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
|
|---|
| 3707 | 14b8.4a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
|
|---|
| 3708 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll) WinVerifyTrust
|
|---|
| 3709 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll
|
|---|
| 3710 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 3711 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3712 | 14b8.4a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
|
|---|
| 3713 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 3714 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3715 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 3716 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3717 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3718 | 14b8.4a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3719 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3720 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll
|
|---|
| 3721 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007ffed1250000 LB 0x049be000 C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll [fFlags=0x0]
|
|---|
| 3722 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll
|
|---|
| 3723 | 14b8.4a08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 3724 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3725 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 3726 | 14b8.4a08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
|
|---|
| 3727 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3728 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-localization-l1-2-1'
|
|---|
| 3729 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
|
|---|
| 3730 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3731 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21da0000 'C:\WINDOWS\System32\kernel32.dll'
|
|---|
| 3732 | 14b8.4a08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
|
|---|
| 3733 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3734 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-string-l1-1-0'
|
|---|
| 3735 | 14b8.4a08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 3736 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3737 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-datetime-l1-1-1'
|
|---|
| 3738 | 14b8.4a08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 3739 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3740 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-localization-obsolete-l1-2-0'
|
|---|
| 3741 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 3742 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3743 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3744 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3745 | 14b8.4a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll) WinVerifyTrust
|
|---|
| 3746 | 14b8.4a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll
|
|---|
| 3747 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3748 | 14b8.4a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll
|
|---|
| 3749 | 14b8.4a08: supR3HardenedDllNotificationCallback: load 00007fff10940000 LB 0x00330000 C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll [fFlags=0x0]
|
|---|
| 3750 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll
|
|---|
| 3751 | 14b8.4a08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 3752 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3753 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 3754 | 14b8.4a08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
|
|---|
| 3755 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3756 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-localization-l1-2-1'
|
|---|
| 3757 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
|
|---|
| 3758 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3759 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21da0000 'C:\WINDOWS\System32\kernel32.dll'
|
|---|
| 3760 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 3761 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff20a40000 'C:\WINDOWS\System32\gdi32.dll'
|
|---|
| 3762 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21330000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 3763 | 14b8.3bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21330000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 3764 | 14b8.2658: '\Device\HarddiskVolume4\Windows\System32\tzres.dll' has no imports
|
|---|
| 3765 | 14b8.2658: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\tzres.dll)
|
|---|
| 3766 | 14b8.2658: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\tzres.dll
|
|---|
| 3767 | 14b8.2658: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001310 (hFile=00000000000013cc) with 0xc0000022 -> STATUS_TRUST_FAILURE
|
|---|
| 3768 | 14b8.2658: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
|
|---|
| 3769 | 14b8.2658: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000013cc (hFile=0000000000001310) with 0xc0000022 -> STATUS_TRUST_FAILURE
|
|---|
| 3770 | 14b8.2658: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bd0 pwszName=\Device\HarddiskVolume4\Windows\System32\tzres.dll
|
|---|
| 3771 | 14b8.2658: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016ab960
|
|---|
| 3772 | 14b8.2658: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016ab960
|
|---|
| 3773 | 14b8.2658: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4A827CE12E0CBC1DE2F07864E114ED20D6941776
|
|---|
| 3774 | 14b8.2658: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3775 | 14b8.2658: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3776 | 14b8.2658: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.1441.cat'; file='\Device\HarddiskVolume4\Windows\System32\tzres.dll'
|
|---|
| 3777 | 14b8.2658: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3778 | 14b8.2658: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\tzres.dll'
|
|---|
| 3779 | 14b8.2658: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3780 | 14b8.2658: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3781 | 14b8.2658: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
|
|---|
| 3782 | 14b8.2658: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
|
|---|
| 3783 | 14b8.2658: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mswsock.dll) WinVerifyTrust
|
|---|
| 3784 | 14b8.2658: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mswsock.dll
|
|---|
| 3785 | 14b8.2658: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3786 | 14b8.2658: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3787 | 14b8.2658: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 3788 | 14b8.2658: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3789 | 14b8.2658: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
|
|---|
| 3790 | 14b8.2658: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3791 | 14b8.2658: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
|
|---|
| 3792 | 14b8.2658: supR3HardenedDllNotificationCallback: load 00007fff1e720000 LB 0x00067000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
|
|---|
| 3793 | 14b8.2658: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
|
|---|
| 3794 | 14b8.2658: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e720000 'C:\WINDOWS\system32\mswsock.dll'
|
|---|
| 3795 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll
|
|---|
| 3796 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3797 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 3798 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll
|
|---|
| 3799 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3800 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 3801 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll
|
|---|
| 3802 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3803 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 3804 | 14b8.4604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-core-resourcepolicy-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 3805 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-core-resourcepolicy-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3806 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1caa0000 'ext-ms-win-core-resourcepolicy-l1-1-0.dll'
|
|---|
| 3807 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll
|
|---|
| 3808 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3809 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 3810 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll
|
|---|
| 3811 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3812 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 3813 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll
|
|---|
| 3814 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3815 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 3816 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll
|
|---|
| 3817 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3818 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 3819 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3820 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3821 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3822 | 14b8.4604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
|
|---|
| 3823 | 14b8.4604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdinfo64.dll) WinVerifyTrust
|
|---|
| 3824 | 14b8.4604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdinfo64.dll
|
|---|
| 3825 | 14b8.4604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3826 | 14b8.4604: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3827 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdinfo64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3828 | 14b8.4604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdinfo64.dll
|
|---|
| 3829 | 14b8.4604: supR3HardenedDllNotificationCallback: load 00007fff01060000 LB 0x00027000 C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdinfo64.dll [fFlags=0x0]
|
|---|
| 3830 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdinfo64.dll
|
|---|
| 3831 | 14b8.4604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 3832 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3833 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 3834 | 14b8.4604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
|
|---|
| 3835 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3836 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-localization-l1-2-1'
|
|---|
| 3837 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21da0000 'C:\WINDOWS\System32\kernel32.dll'
|
|---|
| 3838 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff01060000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdinfo64.dll'
|
|---|
| 3839 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3840 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3841 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3842 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3843 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3844 | 14b8.4604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
|
|---|
| 3845 | 14b8.4604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
|
|---|
| 3846 | 14b8.4604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 3847 | 14b8.4604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll) WinVerifyTrust
|
|---|
| 3848 | 14b8.4604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll
|
|---|
| 3849 | 14b8.4604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3850 | 14b8.4604: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3851 | 14b8.4604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
|
|---|
| 3852 | 14b8.4604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 3853 | 14b8.4604: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3854 | 14b8.4604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 3855 | 14b8.4604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3856 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3857 | 14b8.4604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll
|
|---|
| 3858 | 14b8.4604: supR3HardenedDllNotificationCallback: load 00007fff0d880000 LB 0x02bb3000 C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll [fFlags=0x0]
|
|---|
| 3859 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll
|
|---|
| 3860 | 14b8.4604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 3861 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3862 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 3863 | 14b8.4604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
|
|---|
| 3864 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3865 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-localization-l1-2-1'
|
|---|
| 3866 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21da0000 'C:\WINDOWS\System32\kernel32.dll'
|
|---|
| 3867 | 14b8.4604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
|
|---|
| 3868 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3869 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-string-l1-1-0'
|
|---|
| 3870 | 14b8.4604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 3871 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3872 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-datetime-l1-1-1'
|
|---|
| 3873 | 14b8.4604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 3874 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3875 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1fe30000 'api-ms-win-core-localization-obsolete-l1-2-0'
|
|---|
| 3876 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0d880000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll'
|
|---|
| 3877 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d9.dll
|
|---|
| 3878 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3879 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 3880 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll
|
|---|
| 3881 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3882 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 3883 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll
|
|---|
| 3884 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3885 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 3886 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll
|
|---|
| 3887 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3888 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 3889 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll
|
|---|
| 3890 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3891 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 3892 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll
|
|---|
| 3893 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3894 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 3895 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll
|
|---|
| 3896 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3897 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 3898 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll
|
|---|
| 3899 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3900 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 3901 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3902 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3903 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll
|
|---|
| 3904 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3905 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0d880000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll'
|
|---|
| 3906 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d9.dll
|
|---|
| 3907 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3908 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 3909 | 14b8.304c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff203d0000 'C:\WINDOWS\system32\User32.dll'
|
|---|
| 3910 | 14b8.3d5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
|
|---|
| 3911 | 14b8.3d5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3912 | 14b8.3d5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf040000 'C:\WINDOWS\system32\dsound.dll'
|
|---|
| 3913 | 14b8.3d5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3914 | 14b8.3d5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
|
|---|
| 3915 | 14b8.3d5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3916 | 14b8.3d5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3917 | 14b8.3d5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3918 | 14b8.3d5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3919 | 14b8.3d5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3920 | 14b8.4a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
|
|---|
| 3921 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3922 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf040000 'C:\WINDOWS\system32\dsound.dll'
|
|---|
| 3923 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3924 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3925 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3926 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3927 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3928 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3929 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3930 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3931 | 14b8.4a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1c690000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 3932 | 14b8.20bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3933 | 14b8.20bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3934 | 14b8.20bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3935 | 14b8.20bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
|
|---|
| 3936 | 14b8.20bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'combase.dll'.
|
|---|
| 3937 | 14b8.20bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shcore.dll'.
|
|---|
| 3938 | 14b8.20bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'textinputframework.dll'.
|
|---|
| 3939 | 14b8.20bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'inputhost.dll'.
|
|---|
| 3940 | 14b8.20bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
|
|---|
| 3941 | 14b8.20bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\Windows.UI.dll) WinVerifyTrust
|
|---|
| 3942 | 14b8.20bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
|
|---|
| 3943 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3944 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3945 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'inputhost.dll'...
|
|---|
| 3946 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'inputhost.dll' -> '\Device\HarddiskVolume4\Windows\System32\inputhost.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3947 | 14b8.20bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3948 | 14b8.20bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3949 | 14b8.20bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 3950 | 14b8.20bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'coremessaging.dll'.
|
|---|
| 3951 | 14b8.20bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'coreuicomponents.dll'.
|
|---|
| 3952 | 14b8.20bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'propsys.dll'.
|
|---|
| 3953 | 14b8.20bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'shcore.dll'.
|
|---|
| 3954 | 14b8.20bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'win32u.dll'.
|
|---|
| 3955 | 14b8.20bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
|
|---|
| 3956 | 14b8.20bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\InputHost.dll) WinVerifyTrust
|
|---|
| 3957 | 14b8.20bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\InputHost.dll
|
|---|
| 3958 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'...
|
|---|
| 3959 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume4\Windows\System32\textinputframework.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3960 | 14b8.20bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
|
|---|
| 3961 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 3962 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3963 | 14b8.20bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
|
|---|
| 3964 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 3965 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3966 | 14b8.20bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
|
|---|
| 3967 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3968 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3969 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3970 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3971 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 3972 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3973 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 3974 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3975 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 3976 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3977 | 14b8.20bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
|
|---|
| 3978 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
|
|---|
| 3979 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3980 | 14b8.20bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3981 | 14b8.20bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f3c0000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3982 | 14b8.20bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'oleaut32.dll'.
|
|---|
| 3983 | 14b8.20bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
|
|---|
| 3984 | 14b8.20bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll) WinVerifyTrust
|
|---|
| 3985 | 14b8.20bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
|
|---|
| 3986 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
|
|---|
| 3987 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3988 | 14b8.20bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
|
|---|
| 3989 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
|
|---|
| 3990 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3991 | 14b8.20bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
|
|---|
| 3992 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 3993 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3994 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3995 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3996 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 3997 | 14b8.20bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3998 | 14b8.20bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.UI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3999 | 14b8.20bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
|
|---|
| 4000 | 14b8.20bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\InputHost.dll
|
|---|
| 4001 | 14b8.20bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
|
|---|
| 4002 | 14b8.20bc: supR3HardenedDllNotificationCallback: load 00007fff1d090000 LB 0x000f0000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
|
|---|
| 4003 | 14b8.20bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
|
|---|
| 4004 | 14b8.20bc: supR3HardenedDllNotificationCallback: load 00007fff0bac0000 LB 0x0011c000 C:\Windows\System32\InputHost.dll [fFlags=0x0]
|
|---|
| 4005 | 14b8.20bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\InputHost.dll
|
|---|
| 4006 | 14b8.20bc: supR3HardenedDllNotificationCallback: load 00007fff0bc80000 LB 0x00149000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
|
|---|
| 4007 | 14b8.20bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
|
|---|
| 4008 | 14b8.20bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0bc80000 'C:\Windows\System32\Windows.UI.dll'
|
|---|
| 4009 | 14b8.4f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
|
|---|
| 4010 | 14b8.4f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 4011 | 14b8.4f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1a510000 'C:\WINDOWS\System32\avrt.dll'
|
|---|
| 4012 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll
|
|---|
| 4013 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4014 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4015 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll
|
|---|
| 4016 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4017 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4018 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4019 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll
|
|---|
| 4020 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4021 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4022 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll
|
|---|
| 4023 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4024 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4025 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4026 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4027 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4028 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4029 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll
|
|---|
| 4030 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4031 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0d880000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll'
|
|---|
| 4032 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d9.dll
|
|---|
| 4033 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4034 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 4035 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4036 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4037 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4038 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4039 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4040 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4041 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4042 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4043 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4044 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll
|
|---|
| 4045 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4046 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0d880000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll'
|
|---|
| 4047 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d9.dll
|
|---|
| 4048 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4049 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 4050 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4051 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4052 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4053 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4054 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4055 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll
|
|---|
| 4056 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4057 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4058 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4059 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4060 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4061 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll
|
|---|
| 4062 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4063 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0d880000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll'
|
|---|
| 4064 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d9.dll
|
|---|
| 4065 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4066 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 4067 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4068 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4069 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4070 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4071 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4072 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4073 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4074 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4075 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4076 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll
|
|---|
| 4077 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4078 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0d880000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll'
|
|---|
| 4079 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d9.dll
|
|---|
| 4080 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4081 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 4082 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4083 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4084 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4085 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll
|
|---|
| 4086 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4087 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4088 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll
|
|---|
| 4089 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4090 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4091 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4092 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4093 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4094 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4095 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll
|
|---|
| 4096 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4097 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0d880000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll'
|
|---|
| 4098 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 4099 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4100 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4101 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4102 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4103 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4104 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4105 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4106 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4107 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4108 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0d880000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll'
|
|---|
| 4109 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 4110 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4111 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4112 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4113 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4114 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4115 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4116 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4117 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4118 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4119 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0d880000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll'
|
|---|
| 4120 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 4121 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4122 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4123 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4124 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4125 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4126 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4127 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll
|
|---|
| 4128 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4129 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4130 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4131 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4132 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0d880000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll'
|
|---|
| 4133 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 4134 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4135 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4136 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4137 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4138 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4139 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4140 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4141 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4142 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4143 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0d880000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll'
|
|---|
| 4144 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 4145 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4146 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4147 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4148 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4149 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4150 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4151 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4152 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4153 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4154 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0d880000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll'
|
|---|
| 4155 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 4156 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4157 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4158 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4159 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4160 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4161 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4162 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4163 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4164 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4165 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0d880000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll'
|
|---|
| 4166 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 4167 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4168 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4169 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4170 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4171 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4172 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4173 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4174 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4175 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4176 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0d880000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll'
|
|---|
| 4177 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d9.dll
|
|---|
| 4178 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4179 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 4180 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4181 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4182 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4183 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll
|
|---|
| 4184 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4185 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4186 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll
|
|---|
| 4187 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4188 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4189 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4190 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4191 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4192 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4193 | 14b8.4604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll
|
|---|
| 4194 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4195 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0d880000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll'
|
|---|
| 4196 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 4197 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4198 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4199 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4200 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb030000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdumdim64.dll'
|
|---|
| 4201 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1250000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igd9dxva64.dll'
|
|---|
| 4202 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4203 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff10940000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igdgmm64.dll'
|
|---|
| 4204 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4205 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1e2b0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 4206 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0d880000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\igc64.dll'
|
|---|
| 4207 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbf40000 'C:\WINDOWS\system32\d3d9.dll'
|
|---|
| 4208 | 14b8.4604: KiUserExceptionDispatcher: 0xc0000005 (0000000000000000, 0000000000000040) @ 00007ffefb084bef (flags=0x0)
|
|---|
| 4209 | rax=0000000000000000 rbx=00000000b7e460b0 rcx=0000000089fe93a0 rdx=00000000b7e467a0
|
|---|
| 4210 | rsi=0000000000000000 rdi=00000000b7e460b0 r8 =0000000000000000 r9 =0000000000000001
|
|---|
| 4211 | r10=0000000000000010 r11=0000000000000000 r12=00000000b7e460b0 r13=00000000b7e460b0
|
|---|
| 4212 | r14=0000000000000000 r15=00000000b7e460b0 P1=0000000000000000 P2=0000000000000000
|
|---|
| 4213 | rip=00007ffefb084bef rsp=000000001616e278 rbp=0000000000000000 ctxflags=0010005f
|
|---|
| 4214 | cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b eflags=00010246 mxcrx=00001fa5
|
|---|
| 4215 | P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
|
|---|
| 4216 | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
|
|---|
| 4217 | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000200 dcr=0000020000000000
|
|---|
| 4218 | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
|
|---|
| 4219 | 14b8.4604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 4220 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 4221 | 14b8.4604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff21da0000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
|
|---|
| 4222 | 4c54.2d10: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 52448 ms, the end);
|
|---|
| 4223 | 4e58.30b4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 53136 ms, the end);
|
|---|