| 1 | 3a60.3a64: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa047ba00
|
|---|
| 2 | 3a60.3a64: \SystemRoot\System32\ntdll.dll:
|
|---|
| 3 | 3a60.3a64: CreationTime: 2020-03-03T11:41:35.605689100Z
|
|---|
| 4 | 3a60.3a64: LastWriteTime: 2020-03-03T11:41:35.635319900Z
|
|---|
| 5 | 3a60.3a64: ChangeTime: 2020-03-03T12:31:49.337223600Z
|
|---|
| 6 | 3a60.3a64: FileAttributes: 0x20
|
|---|
| 7 | 3a60.3a64: Size: 0x1e8458
|
|---|
| 8 | 3a60.3a64: NT Headers: 0xd8
|
|---|
| 9 | 3a60.3a64: Timestamp: 0x64d10ee0
|
|---|
| 10 | 3a60.3a64: Machine: 0x8664 - amd64
|
|---|
| 11 | 3a60.3a64: Timestamp: 0x64d10ee0
|
|---|
| 12 | 3a60.3a64: Image Version: 10.0
|
|---|
| 13 | 3a60.3a64: SizeOfImage: 0x1f0000 (2031616)
|
|---|
| 14 | 3a60.3a64: Resource Dir: 0x17f000 LB 0x6f310
|
|---|
| 15 | 3a60.3a64: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 16 | 3a60.3a64: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 17 | 3a60.3a64: ProductName: Microsoft® Windows® Operating System
|
|---|
| 18 | 3a60.3a64: ProductVersion: 10.0.18362.657
|
|---|
| 19 | 3a60.3a64: FileVersion: 10.0.18362.657 (WinBuild.160101.0800)
|
|---|
| 20 | 3a60.3a64: FileDescription: NT Layer DLL
|
|---|
| 21 | 3a60.3a64: \SystemRoot\System32\kernel32.dll:
|
|---|
| 22 | 3a60.3a64: CreationTime: 2020-03-03T11:41:12.718195400Z
|
|---|
| 23 | 3a60.3a64: LastWriteTime: 2020-03-03T11:41:12.728198400Z
|
|---|
| 24 | 3a60.3a64: ChangeTime: 2020-03-03T12:31:41.370376000Z
|
|---|
| 25 | 3a60.3a64: FileAttributes: 0x20
|
|---|
| 26 | 3a60.3a64: Size: 0xb0570
|
|---|
| 27 | 3a60.3a64: NT Headers: 0xe8
|
|---|
| 28 | 3a60.3a64: Timestamp: 0xd0cecc10
|
|---|
| 29 | 3a60.3a64: Machine: 0x8664 - amd64
|
|---|
| 30 | 3a60.3a64: Timestamp: 0xd0cecc10
|
|---|
| 31 | 3a60.3a64: Image Version: 10.0
|
|---|
| 32 | 3a60.3a64: SizeOfImage: 0xb2000 (729088)
|
|---|
| 33 | 3a60.3a64: Resource Dir: 0xb0000 LB 0x520
|
|---|
| 34 | 3a60.3a64: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 35 | 3a60.3a64: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 36 | 3a60.3a64: ProductName: Microsoft® Windows® Operating System
|
|---|
| 37 | 3a60.3a64: ProductVersion: 10.0.18362.329
|
|---|
| 38 | 3a60.3a64: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
|
|---|
| 39 | 3a60.3a64: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 40 | 3a60.3a64: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 41 | 3a60.3a64: CreationTime: 2020-03-03T11:41:36.355693900Z
|
|---|
| 42 | 3a60.3a64: LastWriteTime: 2020-03-03T11:41:36.425261200Z
|
|---|
| 43 | 3a60.3a64: ChangeTime: 2020-03-03T12:31:47.790717900Z
|
|---|
| 44 | 3a60.3a64: FileAttributes: 0x20
|
|---|
| 45 | 3a60.3a64: Size: 0x2a3508
|
|---|
| 46 | 3a60.3a64: NT Headers: 0xf0
|
|---|
| 47 | 3a60.3a64: Timestamp: 0xf96f12ee
|
|---|
| 48 | 3a60.3a64: Machine: 0x8664 - amd64
|
|---|
| 49 | 3a60.3a64: Timestamp: 0xf96f12ee
|
|---|
| 50 | 3a60.3a64: Image Version: 10.0
|
|---|
| 51 | 3a60.3a64: SizeOfImage: 0x2a3000 (2764800)
|
|---|
| 52 | 3a60.3a64: Resource Dir: 0x27d000 LB 0x548
|
|---|
| 53 | 3a60.3a64: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 54 | 3a60.3a64: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 55 | 3a60.3a64: ProductName: Microsoft® Windows® Operating System
|
|---|
| 56 | 3a60.3a64: ProductVersion: 10.0.18362.628
|
|---|
| 57 | 3a60.3a64: FileVersion: 10.0.18362.628 (WinBuild.160101.0800)
|
|---|
| 58 | 3a60.3a64: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 59 | 3a60.3a64: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 60 | 3a60.3a64: CreationTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 61 | 3a60.3a64: LastWriteTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 62 | 3a60.3a64: ChangeTime: 2020-03-03T11:42:43.490706700Z
|
|---|
| 63 | 3a60.3a64: FileAttributes: 0x20
|
|---|
| 64 | 3a60.3a64: Size: 0x1d028
|
|---|
| 65 | 3a60.3a64: NT Headers: 0xc8
|
|---|
| 66 | 3a60.3a64: Timestamp: 0xd6ced080
|
|---|
| 67 | 3a60.3a64: Machine: 0x8664 - amd64
|
|---|
| 68 | 3a60.3a64: Timestamp: 0xd6ced080
|
|---|
| 69 | 3a60.3a64: Image Version: 10.0
|
|---|
| 70 | 3a60.3a64: SizeOfImage: 0x1e000 (122880)
|
|---|
| 71 | 3a60.3a64: Resource Dir: 0x1d000 LB 0x408
|
|---|
| 72 | 3a60.3a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 73 | 3a60.3a64: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 74 | 3a60.3a64: ProductName: Microsoft® Windows® Operating System
|
|---|
| 75 | 3a60.3a64: ProductVersion: 10.0.18362.1
|
|---|
| 76 | 3a60.3a64: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
|
|---|
| 77 | 3a60.3a64: FileDescription: ApiSet Schema DLL
|
|---|
| 78 | 3a60.3a64: supR3HardenedWinFindAdversaries: 0x1000
|
|---|
| 79 | 3a60.3a64: \SystemRoot\System32\drivers\vsdatant.sys:
|
|---|
| 80 | 3a60.3a64: CreationTime: 2019-11-27T14:25:40.000000000Z
|
|---|
| 81 | 3a60.3a64: LastWriteTime: 2019-11-27T14:25:40.000000000Z
|
|---|
| 82 | 3a60.3a64: ChangeTime: 2020-03-05T08:44:55.299372300Z
|
|---|
| 83 | 3a60.3a64: FileAttributes: 0x20
|
|---|
| 84 | 3a60.3a64: Size: 0x89248
|
|---|
| 85 | 3a60.3a64: NT Headers: 0xe8
|
|---|
| 86 | 3a60.3a64: Timestamp: 0x5ddd107a
|
|---|
| 87 | 3a60.3a64: Machine: 0x8664 - amd64
|
|---|
| 88 | 3a60.3a64: Timestamp: 0x5ddd107a
|
|---|
| 89 | 3a60.3a64: Image Version: 10.0
|
|---|
| 90 | 3a60.3a64: SizeOfImage: 0xad000 (708608)
|
|---|
| 91 | 3a60.3a64: Resource Dir: 0xab000 LB 0x3d0
|
|---|
| 92 | 3a60.3a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 93 | 3a60.3a64: [Raw version resource data: 0xab060 LB 0x36c, codepage 0x0 (reserved 0x0)]
|
|---|
| 94 | 3a60.3a64: ProductName: End Point Security
|
|---|
| 95 | 3a60.3a64: ProductVersion: R80
|
|---|
| 96 | 3a60.3a64: FileVersion: 926003501
|
|---|
| 97 | 3a60.3a64: FileDescription: ZoneAlarm Firewalling Driver
|
|---|
| 98 | 3a60.3a64: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 99 | 3a60.3a64: Calling main()
|
|---|
| 100 | 3a60.3a64: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
|
|---|
| 101 | 3a60.3a64: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 102 | 3a60.3a64: SUPR3HardenedMain: Respawn #1
|
|---|
| 103 | 3a60.3a64: System32: \Device\HarddiskVolume3\Windows\System32
|
|---|
| 104 | 3a60.3a64: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
|
|---|
| 105 | 3a60.3a64: KnownDllPath: C:\WINDOWS\System32
|
|---|
| 106 | 3a60.3a64: supR3HardenedWinInit: Performing a limited self purification...
|
|---|
| 107 | 3a60.3a64: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
|
|---|
| 108 | 3a60.3a64: *0000000000000000-0000000000f7ffff 0x0001/0x0000 0x0000000
|
|---|
| 109 | 3a60.3a64: *0000000000f80000-0000000000f8ffff 0x0004/0x0004 0x0040000
|
|---|
| 110 | 3a60.3a64: 0000000000f90000-0000000000f9ffff 0x0001/0x0000 0x0000000
|
|---|
| 111 | 3a60.3a64: *0000000000fa0000-0000000000fbafff 0x0002/0x0002 0x0040000
|
|---|
| 112 | 3a60.3a64: 0000000000fbb000-0000000000fbffff 0x0001/0x0000 0x0000000
|
|---|
| 113 | 3a60.3a64: *0000000000fc0000-0000000000fc3fff 0x0002/0x0002 0x0040000
|
|---|
| 114 | 3a60.3a64: 0000000000fc4000-0000000000fcffff 0x0001/0x0000 0x0000000
|
|---|
| 115 | 3a60.3a64: *0000000000fd0000-0000000000fd1fff 0x0004/0x0004 0x0020000
|
|---|
| 116 | 3a60.3a64: 0000000000fd2000-0000000000ffffff 0x0001/0x0000 0x0000000
|
|---|
| 117 | 3a60.3a64: *0000000001000000-000000000117ffff 0x0000/0x0004 0x0020000
|
|---|
| 118 | 3a60.3a64: 0000000001180000-0000000001182fff 0x0004/0x0004 0x0020000
|
|---|
| 119 | 3a60.3a64: 0000000001183000-00000000011fffff 0x0000/0x0004 0x0020000
|
|---|
| 120 | 3a60.3a64: *0000000001200000-00000000012b0fff 0x0000/0x0004 0x0020000
|
|---|
| 121 | 3a60.3a64: 00000000012b1000-00000000012b3fff 0x0104/0x0004 0x0020000
|
|---|
| 122 | 3a60.3a64: 00000000012b4000-00000000012fffff 0x0004/0x0004 0x0020000
|
|---|
| 123 | 3a60.3a64: *0000000001300000-0000000001301fff 0x0004/0x0004 0x0020000
|
|---|
| 124 | 3a60.3a64: 0000000001302000-0000000001331fff 0x0000/0x0004 0x0020000
|
|---|
| 125 | 3a60.3a64: 0000000001332000-000000000136ffff 0x0001/0x0000 0x0000000
|
|---|
| 126 | 3a60.3a64: *0000000001370000-0000000001375fff 0x0004/0x0004 0x0020000
|
|---|
| 127 | 3a60.3a64: 0000000001376000-000000000146ffff 0x0000/0x0004 0x0020000
|
|---|
| 128 | 3a60.3a64: *0000000001470000-0000000001536fff 0x0002/0x0002 0x0040000
|
|---|
| 129 | 3a60.3a64: 0000000001537000-00000000015bffff 0x0001/0x0000 0x0000000
|
|---|
| 130 | 3a60.3a64: *00000000015c0000-00000000015cefff 0x0004/0x0004 0x0020000
|
|---|
| 131 | 3a60.3a64: 00000000015cf000-00000000015cffff 0x0000/0x0004 0x0020000
|
|---|
| 132 | 3a60.3a64: *00000000015d0000-00000000015d9fff 0x0000/0x0004 0x0020000
|
|---|
| 133 | 3a60.3a64: 00000000015da000-00000000017cafff 0x0004/0x0004 0x0020000
|
|---|
| 134 | 3a60.3a64: 00000000017cb000-00000000017cbfff 0x0000/0x0004 0x0020000
|
|---|
| 135 | 3a60.3a64: 00000000017cc000-00000000017cffff 0x0001/0x0000 0x0000000
|
|---|
| 136 | 3a60.3a64: *00000000017d0000-00000000017ecfff 0x0004/0x0004 0x0020000
|
|---|
| 137 | 3a60.3a64: 00000000017ed000-00000000018cffff 0x0000/0x0004 0x0020000
|
|---|
| 138 | 3a60.3a64: 00000000018d0000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 139 | 3a60.3a64: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 140 | 3a60.3a64: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000
|
|---|
| 141 | 3a60.3a64: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000
|
|---|
| 142 | 3a60.3a64: 000000007ffe3000-00007ff4ec71ffff 0x0001/0x0000 0x0000000
|
|---|
| 143 | 3a60.3a64: *00007ff4ec720000-00007ff4ec724fff 0x0002/0x0002 0x0040000
|
|---|
| 144 | 3a60.3a64: 00007ff4ec725000-00007ff4ec81ffff 0x0000/0x0002 0x0040000
|
|---|
| 145 | 3a60.3a64: *00007ff4ec820000-00007ff5ec83ffff 0x0000/0x0004 0x0020000
|
|---|
| 146 | 3a60.3a64: *00007ff5ec840000-00007ff5ee83ffff 0x0000/0x0004 0x0020000
|
|---|
| 147 | 3a60.3a64: 00007ff5ee840000-00007ff5ee840fff 0x0004/0x0004 0x0020000
|
|---|
| 148 | 3a60.3a64: 00007ff5ee841000-00007ff5ee84ffff 0x0001/0x0000 0x0000000
|
|---|
| 149 | 3a60.3a64: *00007ff5ee850000-00007ff5ee850fff 0x0002/0x0002 0x0040000
|
|---|
| 150 | 3a60.3a64: 00007ff5ee851000-00007ff5ee85ffff 0x0001/0x0000 0x0000000
|
|---|
| 151 | 3a60.3a64: *00007ff5ee860000-00007ff5ee882fff 0x0002/0x0002 0x0040000
|
|---|
| 152 | 3a60.3a64: 00007ff5ee883000-00007ff72fe1ffff 0x0001/0x0000 0x0000000
|
|---|
| 153 | 3a60.3a64: *00007ff72fe20000-00007ff72fe20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 154 | 3a60.3a64: 00007ff72fe21000-00007ff72fe96fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 155 | 3a60.3a64: 00007ff72fe97000-00007ff72fe97fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 156 | 3a60.3a64: 00007ff72fe98000-00007ff72fedffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 157 | 3a60.3a64: 00007ff72fee0000-00007ff72fee2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 158 | 3a60.3a64: 00007ff72fee3000-00007ff72fee5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 159 | 3a60.3a64: 00007ff72fee6000-00007ff72fee8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 160 | 3a60.3a64: 00007ff72fee9000-00007ff72fee9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 161 | 3a60.3a64: 00007ff72feea000-00007ff72feebfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 162 | 3a60.3a64: 00007ff72feec000-00007ff72feecfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 163 | 3a60.3a64: 00007ff72feed000-00007ff72ff35fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 164 | 3a60.3a64: 00007ff72ff36000-00007fff15caffff 0x0001/0x0000 0x0000000
|
|---|
| 165 | 3a60.3a64: *00007fff15cb0000-00007fff15cb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
|
|---|
| 166 | 3a60.3a64: 00007fff15cb1000-00007fff15db5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
|
|---|
| 167 | 3a60.3a64: 00007fff15db6000-00007fff15f17fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
|
|---|
| 168 | 3a60.3a64: 00007fff15f18000-00007fff15f1bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
|
|---|
| 169 | 3a60.3a64: 00007fff15f1c000-00007fff15f1cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
|
|---|
| 170 | 3a60.3a64: 00007fff15f1d000-00007fff15f52fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
|
|---|
| 171 | 3a60.3a64: 00007fff15f53000-00007fff176fffff 0x0001/0x0000 0x0000000
|
|---|
| 172 | 3a60.3a64: *00007fff17700000-00007fff17700fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 173 | 3a60.3a64: 00007fff17701000-00007fff17775fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 174 | 3a60.3a64: 00007fff17776000-00007fff177a7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 175 | 3a60.3a64: 00007fff177a8000-00007fff177a8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 176 | 3a60.3a64: 00007fff177a9000-00007fff177a9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 177 | 3a60.3a64: 00007fff177aa000-00007fff177b1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 178 | 3a60.3a64: 00007fff177b2000-00007fff1807ffff 0x0001/0x0000 0x0000000
|
|---|
| 179 | 3a60.3a64: *00007fff18080000-00007fff18080fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 180 | 3a60.3a64: 00007fff18081000-00007fff18197fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 181 | 3a60.3a64: 00007fff18198000-00007fff181defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 182 | 3a60.3a64: 00007fff181df000-00007fff181dffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 183 | 3a60.3a64: 00007fff181e0000-00007fff181e1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 184 | 3a60.3a64: 00007fff181e2000-00007fff181eafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 185 | 3a60.3a64: 00007fff181eb000-00007fff1826ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 186 | 3a60.3a64: 00007fff18270000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 187 | 3a60.3a64: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
|
|---|
| 188 | 3a60.3a64: kernelbase.dll: timestamp 0xf96f12ee (rc=VINF_SUCCESS)
|
|---|
| 189 | 3a60.3a64: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
|
|---|
| 190 | 3a60.3a64: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 191 | 3a60.3a64: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
|
|---|
| 192 | 3a60.3a64: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
|
|---|
| 193 | 3a60.3a64: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 194 | 3a60.3a64: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 195 | 3a60.3a64: supR3HardNtEnableThreadCreationEx:
|
|---|
| 196 | 3a60.3a64: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff180f17f0 pvNtTerminateThread=00007fff1811cb10
|
|---|
| 197 | 3a60.3a64: supR3HardenedWinDoReSpawn(1): New child 3b98.3b9c [kernel32].
|
|---|
| 198 | 3a60.3a64: supR3HardNtChildGatherData: PebBaseAddress=000000000048f000 cbPeb=0x388
|
|---|
| 199 | 3a60.3a64: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff18080000 uNtDllChildAddr=00007fff18080000
|
|---|
| 200 | 3a60.3a64: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff180f17f0
|
|---|
| 201 | 3a60.3a64: supR3HardenedWinSetupChildInit: Initial context:
|
|---|
| 202 | rax=0000000000000000 rbx=0000000000000000 rcx=00007ff72fe27900 rdx=000000000048f000
|
|---|
| 203 | rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
|
|---|
| 204 | r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
|
|---|
| 205 | r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
|
|---|
| 206 | rip=00007fff180eceb0 rsp=00000000006ff808 rbp=0000000000000000 ctxflags=0010001b
|
|---|
| 207 | cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
|
|---|
| 208 | P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
|
|---|
| 209 | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
|
|---|
| 210 | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
|
|---|
| 211 | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
|
|---|
| 212 | 3a60.3a64: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 213 | 3a60.3a64: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 214 | 3a60.3a64: supR3HardNtChildPurify: Startup delay kludge #1/0: 527 ms, 32 sleeps
|
|---|
| 215 | 3a60.3a64: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 216 | 3a60.3a64: *0000000000000000-000000000030ffff 0x0001/0x0000 0x0000000
|
|---|
| 217 | 3a60.3a64: *0000000000310000-000000000032ffff 0x0004/0x0004 0x0020000
|
|---|
| 218 | 3a60.3a64: *0000000000330000-000000000034afff 0x0002/0x0002 0x0040000
|
|---|
| 219 | 3a60.3a64: 000000000034b000-000000000034ffff 0x0001/0x0000 0x0000000
|
|---|
| 220 | 3a60.3a64: *0000000000350000-0000000000353fff 0x0002/0x0002 0x0040000
|
|---|
| 221 | 3a60.3a64: 0000000000354000-000000000035ffff 0x0001/0x0000 0x0000000
|
|---|
| 222 | 3a60.3a64: *0000000000360000-0000000000361fff 0x0004/0x0004 0x0020000
|
|---|
| 223 | 3a60.3a64: 0000000000362000-00000000003fffff 0x0001/0x0000 0x0000000
|
|---|
| 224 | 3a60.3a64: *0000000000400000-000000000048efff 0x0000/0x0004 0x0020000
|
|---|
| 225 | 3a60.3a64: 000000000048f000-0000000000491fff 0x0004/0x0004 0x0020000
|
|---|
| 226 | 3a60.3a64: 0000000000492000-00000000005fffff 0x0000/0x0004 0x0020000
|
|---|
| 227 | 3a60.3a64: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
|
|---|
| 228 | 3a60.3a64: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
|
|---|
| 229 | 3a60.3a64: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
|
|---|
| 230 | 3a60.3a64: 0000000000700000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 231 | 3a60.3a64: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 232 | 3a60.3a64: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000
|
|---|
| 233 | 3a60.3a64: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000
|
|---|
| 234 | 3a60.3a64: 000000007ffe3000-00007ff5c1faffff 0x0001/0x0000 0x0000000
|
|---|
| 235 | 3a60.3a64: *00007ff5c1fb0000-00007ff5c1fb0fff 0x0002/0x0002 0x0040000
|
|---|
| 236 | 3a60.3a64: 00007ff5c1fb1000-00007ff5c1fbffff 0x0001/0x0000 0x0000000
|
|---|
| 237 | 3a60.3a64: *00007ff5c1fc0000-00007ff5c1fe2fff 0x0002/0x0002 0x0040000
|
|---|
| 238 | 3a60.3a64: 00007ff5c1fe3000-00007ff72fe1ffff 0x0001/0x0000 0x0000000
|
|---|
| 239 | 3a60.3a64: *00007ff72fe20000-00007ff72fe20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 240 | 3a60.3a64: 00007ff72fe21000-00007ff72fe96fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 241 | 3a60.3a64: 00007ff72fe97000-00007ff72fe97fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 242 | 3a60.3a64: 00007ff72fe98000-00007ff72fedffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 243 | 3a60.3a64: 00007ff72fee0000-00007ff72fee0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 244 | 3a60.3a64: 00007ff72fee1000-00007ff72fee1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 245 | 3a60.3a64: 00007ff72fee2000-00007ff72fee6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 246 | 3a60.3a64: 00007ff72fee7000-00007ff72fee7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 247 | 3a60.3a64: 00007ff72fee8000-00007ff72fee8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 248 | 3a60.3a64: 00007ff72fee9000-00007ff72feecfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 249 | 3a60.3a64: 00007ff72feed000-00007ff72ff35fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 250 | 3a60.3a64: 00007ff72ff36000-00007fff1807ffff 0x0001/0x0000 0x0000000
|
|---|
| 251 | 3a60.3a64: *00007fff18080000-00007fff18080fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 252 | 3a60.3a64: 00007fff18081000-00007fff18197fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 253 | 3a60.3a64: 00007fff18198000-00007fff181defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 254 | 3a60.3a64: 00007fff181df000-00007fff181eafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 255 | 3a60.3a64: 00007fff181eb000-00007fff181f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 256 | 3a60.3a64: 00007fff181fa000-00007fff181fafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 257 | 3a60.3a64: 00007fff181fb000-00007fff181fdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 258 | 3a60.3a64: 00007fff181fe000-00007fff1826ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 259 | 3a60.3a64: 00007fff18270000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 260 | 3a60.3a64: supR3HardNtChildPurify: Done after 530 ms and 0 fixes (loop #0).
|
|---|
| 261 | 3b98.3b9c: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
|
|---|
| 262 | 3b98.3b9c: supR3HardenedVmProcessInit: uNtDllAddr=00007fff18080000 g_uNtVerCombined=0xa047ba00 (stack ~00000000006ff298)
|
|---|
| 263 | 3b98.3b9c: ntdll.dll: timestamp 0x64d10ee0 (rc=VINF_SUCCESS)
|
|---|
| 264 | 3b98.3b9c: New simple heap: #1 0000000000800000 LB 0x400000 (for 2031616 allocation)
|
|---|
| 265 | 3a60.3a64: supR3HardNtEnableThreadCreationEx:
|
|---|
| 266 | 3b98.3b9c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 267 | 3b98.3b9c: System32: \Device\HarddiskVolume3\Windows\System32
|
|---|
| 268 | 3b98.3b9c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
|
|---|
| 269 | 3b98.3b9c: KnownDllPath: C:\WINDOWS\System32
|
|---|
| 270 | 3b98.3b9c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
|
|---|
| 271 | 3b98.3b9c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
|
|---|
| 272 | 3b98.3b9c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
|
|---|
| 273 | 3b98.3b9c: Registered Dll notification callback with NTDLL.
|
|---|
| 274 | 3b98.3b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
|
|---|
| 275 | 3b98.3b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 276 | 3b98.3b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 277 | 3b98.3b9c: supR3HardenedDllNotificationCallback: load 00007fff15cb0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
|
|---|
| 278 | 3b98.3b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
|
|---|
| 279 | 3b98.3b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
|
|---|
| 280 | 3b98.3b9c: supR3HardenedDllNotificationCallback: load 00007fff17700000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
|
|---|
| 281 | 3b98.3b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 282 | 3b98.3b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17700000 'C:\WINDOWS\System32\KERNEL32.DLL'
|
|---|
| 283 | 3b98.3b9c: supR3HardenedDllNotificationCallback: load 00007ff72fe20000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
|
|---|
| 284 | 3b98.3b9c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 285 | 3b98.3b9c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 286 | 3b98.3b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 287 | 3b98.3b9c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff180f17f0 pvNtTerminateThread=00007fff1811cb10
|
|---|
| 288 | 3a60.3a64: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 75 ms.
|
|---|
| 289 | 3b98.3b9c: \SystemRoot\System32\ntdll.dll:
|
|---|
| 290 | 3b98.3b9c: CreationTime: 2020-03-03T11:41:35.605689100Z
|
|---|
| 291 | 3b98.3b9c: LastWriteTime: 2020-03-03T11:41:35.635319900Z
|
|---|
| 292 | 3b98.3b9c: ChangeTime: 2020-03-03T12:31:49.337223600Z
|
|---|
| 293 | 3b98.3b9c: FileAttributes: 0x20
|
|---|
| 294 | 3b98.3b9c: Size: 0x1e8458
|
|---|
| 295 | 3b98.3b9c: NT Headers: 0xd8
|
|---|
| 296 | 3b98.3b9c: Timestamp: 0x64d10ee0
|
|---|
| 297 | 3b98.3b9c: Machine: 0x8664 - amd64
|
|---|
| 298 | 3b98.3b9c: Timestamp: 0x64d10ee0
|
|---|
| 299 | 3b98.3b9c: Image Version: 10.0
|
|---|
| 300 | 3b98.3b9c: SizeOfImage: 0x1f0000 (2031616)
|
|---|
| 301 | 3b98.3b9c: Resource Dir: 0x17f000 LB 0x6f310
|
|---|
| 302 | 3b98.3b9c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 303 | 3b98.3b9c: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 304 | 3b98.3b9c: ProductName: Microsoft® Windows® Operating System
|
|---|
| 305 | 3b98.3b9c: ProductVersion: 10.0.18362.657
|
|---|
| 306 | 3b98.3b9c: FileVersion: 10.0.18362.657 (WinBuild.160101.0800)
|
|---|
| 307 | 3b98.3b9c: FileDescription: NT Layer DLL
|
|---|
| 308 | 3b98.3b9c: \SystemRoot\System32\kernel32.dll:
|
|---|
| 309 | 3b98.3b9c: CreationTime: 2020-03-03T11:41:12.718195400Z
|
|---|
| 310 | 3b98.3b9c: LastWriteTime: 2020-03-03T11:41:12.728198400Z
|
|---|
| 311 | 3b98.3b9c: ChangeTime: 2020-03-03T12:31:41.370376000Z
|
|---|
| 312 | 3b98.3b9c: FileAttributes: 0x20
|
|---|
| 313 | 3b98.3b9c: Size: 0xb0570
|
|---|
| 314 | 3b98.3b9c: NT Headers: 0xe8
|
|---|
| 315 | 3b98.3b9c: Timestamp: 0xd0cecc10
|
|---|
| 316 | 3b98.3b9c: Machine: 0x8664 - amd64
|
|---|
| 317 | 3b98.3b9c: Timestamp: 0xd0cecc10
|
|---|
| 318 | 3b98.3b9c: Image Version: 10.0
|
|---|
| 319 | 3b98.3b9c: SizeOfImage: 0xb2000 (729088)
|
|---|
| 320 | 3b98.3b9c: Resource Dir: 0xb0000 LB 0x520
|
|---|
| 321 | 3b98.3b9c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 322 | 3b98.3b9c: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 323 | 3b98.3b9c: ProductName: Microsoft® Windows® Operating System
|
|---|
| 324 | 3b98.3b9c: ProductVersion: 10.0.18362.329
|
|---|
| 325 | 3b98.3b9c: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
|
|---|
| 326 | 3b98.3b9c: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 327 | 3b98.3b9c: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 328 | 3b98.3b9c: CreationTime: 2020-03-03T11:41:36.355693900Z
|
|---|
| 329 | 3b98.3b9c: LastWriteTime: 2020-03-03T11:41:36.425261200Z
|
|---|
| 330 | 3b98.3b9c: ChangeTime: 2020-03-03T12:31:47.790717900Z
|
|---|
| 331 | 3b98.3b9c: FileAttributes: 0x20
|
|---|
| 332 | 3b98.3b9c: Size: 0x2a3508
|
|---|
| 333 | 3b98.3b9c: NT Headers: 0xf0
|
|---|
| 334 | 3b98.3b9c: Timestamp: 0xf96f12ee
|
|---|
| 335 | 3b98.3b9c: Machine: 0x8664 - amd64
|
|---|
| 336 | 3b98.3b9c: Timestamp: 0xf96f12ee
|
|---|
| 337 | 3b98.3b9c: Image Version: 10.0
|
|---|
| 338 | 3b98.3b9c: SizeOfImage: 0x2a3000 (2764800)
|
|---|
| 339 | 3b98.3b9c: Resource Dir: 0x27d000 LB 0x548
|
|---|
| 340 | 3b98.3b9c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 341 | 3b98.3b9c: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 342 | 3b98.3b9c: ProductName: Microsoft® Windows® Operating System
|
|---|
| 343 | 3b98.3b9c: ProductVersion: 10.0.18362.628
|
|---|
| 344 | 3b98.3b9c: FileVersion: 10.0.18362.628 (WinBuild.160101.0800)
|
|---|
| 345 | 3b98.3b9c: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 346 | 3b98.3b9c: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 347 | 3b98.3b9c: CreationTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 348 | 3b98.3b9c: LastWriteTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 349 | 3b98.3b9c: ChangeTime: 2020-03-03T11:42:43.490706700Z
|
|---|
| 350 | 3b98.3b9c: FileAttributes: 0x20
|
|---|
| 351 | 3b98.3b9c: Size: 0x1d028
|
|---|
| 352 | 3b98.3b9c: NT Headers: 0xc8
|
|---|
| 353 | 3b98.3b9c: Timestamp: 0xd6ced080
|
|---|
| 354 | 3b98.3b9c: Machine: 0x8664 - amd64
|
|---|
| 355 | 3b98.3b9c: Timestamp: 0xd6ced080
|
|---|
| 356 | 3b98.3b9c: Image Version: 10.0
|
|---|
| 357 | 3b98.3b9c: SizeOfImage: 0x1e000 (122880)
|
|---|
| 358 | 3b98.3b9c: Resource Dir: 0x1d000 LB 0x408
|
|---|
| 359 | 3b98.3b9c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 360 | 3b98.3b9c: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 361 | 3b98.3b9c: ProductName: Microsoft® Windows® Operating System
|
|---|
| 362 | 3b98.3b9c: ProductVersion: 10.0.18362.1
|
|---|
| 363 | 3b98.3b9c: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
|
|---|
| 364 | 3b98.3b9c: FileDescription: ApiSet Schema DLL
|
|---|
| 365 | 3b98.3b9c: supR3HardenedWinFindAdversaries: 0x1000
|
|---|
| 366 | 3b98.3b9c: \SystemRoot\System32\drivers\vsdatant.sys:
|
|---|
| 367 | 3b98.3b9c: CreationTime: 2019-11-27T14:25:40.000000000Z
|
|---|
| 368 | 3b98.3b9c: LastWriteTime: 2019-11-27T14:25:40.000000000Z
|
|---|
| 369 | 3b98.3b9c: ChangeTime: 2020-03-05T08:44:55.299372300Z
|
|---|
| 370 | 3b98.3b9c: FileAttributes: 0x20
|
|---|
| 371 | 3b98.3b9c: Size: 0x89248
|
|---|
| 372 | 3b98.3b9c: NT Headers: 0xe8
|
|---|
| 373 | 3b98.3b9c: Timestamp: 0x5ddd107a
|
|---|
| 374 | 3b98.3b9c: Machine: 0x8664 - amd64
|
|---|
| 375 | 3b98.3b9c: Timestamp: 0x5ddd107a
|
|---|
| 376 | 3b98.3b9c: Image Version: 10.0
|
|---|
| 377 | 3b98.3b9c: SizeOfImage: 0xad000 (708608)
|
|---|
| 378 | 3b98.3b9c: Resource Dir: 0xab000 LB 0x3d0
|
|---|
| 379 | 3b98.3b9c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 380 | 3b98.3b9c: [Raw version resource data: 0xab060 LB 0x36c, codepage 0x0 (reserved 0x0)]
|
|---|
| 381 | 3b98.3b9c: ProductName: End Point Security
|
|---|
| 382 | 3b98.3b9c: ProductVersion: R80
|
|---|
| 383 | 3b98.3b9c: FileVersion: 926003501
|
|---|
| 384 | 3b98.3b9c: FileDescription: ZoneAlarm Firewalling Driver
|
|---|
| 385 | 3b98.3b9c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 386 | 3b98.3b9c: Calling main()
|
|---|
| 387 | 3b98.3b9c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
|
|---|
| 388 | 3b98.3b9c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 389 | 3b98.3b9c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 390 | 3b98.3b9c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 391 | 3b98.3b9c: SUPR3HardenedMain: Respawn #2
|
|---|
| 392 | 3b98.3b9c: supR3HardNtEnableThreadCreationEx:
|
|---|
| 393 | 3b98.3b9c: supR3HardenedDllNotificationCallback: load 00007fff165b0000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
|
|---|
| 394 | 3b98.3b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
|
|---|
| 395 | 3b98.3b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 396 | 3b98.3b9c: supR3HardenedDllNotificationCallback: load 00007fff170f0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
|
|---|
| 397 | 3b98.3b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
|
|---|
| 398 | 3b98.3b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
|
|---|
| 399 | 3b98.3b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
|
|---|
| 400 | 3b98.3b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 401 | 3b98.3b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
|
|---|
| 402 | 3b98.3b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
|
|---|
| 403 | 3b98.3b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
|
|---|
| 404 | 3b98.3b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 405 | 3b98.3b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 406 | 3b98.3b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 407 | 3b98.3b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 408 | 3b98.3b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
|
|---|
| 409 | 3b98.3b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
|
|---|
| 410 | 3b98.3b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
|
|---|
| 411 | 3b98.3b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 412 | 3b98.3b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 413 | 3b98.3b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
|
|---|
| 414 | 3b98.3b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 415 | 3b98.3b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 416 | 3b98.3b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 417 | 3b98.3b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 418 | 3b98.3b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
|
|---|
| 419 | 3b98.3b9c: supR3HardenedDllNotificationCallback: load 00007fff173f0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
|
|---|
| 420 | 3b98.3b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 421 | 3b98.3b9c: supR3HardenedDllNotificationCallback: load 00007fff172e0000 LB 0x000a3000 C:\WINDOWS\System32\ADVAPI32.DLL [fFlags=0x0]
|
|---|
| 422 | 3b98.3b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
|
|---|
| 423 | 3b98.3b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff172e0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
|
|---|
| 424 | 3b98.3b9c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
|
|---|
| 425 | 3b98.3b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
|
|---|
| 426 | 3b98.3b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 427 | 3b98.3b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 428 | 3b98.3b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff18080000 'C:\WINDOWS\System32\ntdll.dll'
|
|---|
| 429 | 3b98.3b9c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff180f17f0 pvNtTerminateThread=00007fff1811cb10
|
|---|
| 430 | 3b98.3b9c: supR3HardenedWinDoReSpawn(2): New child 3660.3664 [kernel32].
|
|---|
| 431 | 3b98.3b9c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
|
|---|
| 432 | 3b98.3b9c: supR3HardNtChildGatherData: PebBaseAddress=0000000000536000 cbPeb=0x388
|
|---|
| 433 | 3b98.3b9c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff18080000 uNtDllChildAddr=00007fff18080000
|
|---|
| 434 | 3b98.3b9c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff180f17f0
|
|---|
| 435 | 3b98.3b9c: supR3HardenedWinSetupChildInit: Initial context:
|
|---|
| 436 | rax=0000000000000000 rbx=0000000000000000 rcx=00007ff72fe27900 rdx=0000000000536000
|
|---|
| 437 | rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
|
|---|
| 438 | r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
|
|---|
| 439 | r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
|
|---|
| 440 | rip=00007fff180eceb0 rsp=00000000006ffa48 rbp=0000000000000000 ctxflags=0010001b
|
|---|
| 441 | cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
|
|---|
| 442 | P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
|
|---|
| 443 | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
|
|---|
| 444 | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
|
|---|
| 445 | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
|
|---|
| 446 | 3b98.3b9c: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
|
|---|
| 447 | 3b98.3b9c: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 448 | 3b98.3b9c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 449 | 3b98.3b9c: supR3HardNtChildPurify: Startup delay kludge #1/0: 522 ms, 32 sleeps
|
|---|
| 450 | 3b98.3b9c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 451 | 3b98.3b9c: *0000000000000000-000000000032ffff 0x0001/0x0000 0x0000000
|
|---|
| 452 | 3b98.3b9c: *0000000000330000-000000000034ffff 0x0004/0x0004 0x0020000
|
|---|
| 453 | 3b98.3b9c: *0000000000350000-000000000036afff 0x0002/0x0002 0x0040000
|
|---|
| 454 | 3b98.3b9c: 000000000036b000-000000000036ffff 0x0001/0x0000 0x0000000
|
|---|
| 455 | 3b98.3b9c: *0000000000370000-0000000000373fff 0x0002/0x0002 0x0040000
|
|---|
| 456 | 3b98.3b9c: 0000000000374000-000000000037ffff 0x0001/0x0000 0x0000000
|
|---|
| 457 | 3b98.3b9c: *0000000000380000-0000000000381fff 0x0004/0x0004 0x0020000
|
|---|
| 458 | 3b98.3b9c: 0000000000382000-00000000003fffff 0x0001/0x0000 0x0000000
|
|---|
| 459 | 3b98.3b9c: *0000000000400000-0000000000535fff 0x0000/0x0004 0x0020000
|
|---|
| 460 | 3b98.3b9c: 0000000000536000-0000000000538fff 0x0004/0x0004 0x0020000
|
|---|
| 461 | 3b98.3b9c: 0000000000539000-00000000005fffff 0x0000/0x0004 0x0020000
|
|---|
| 462 | 3b98.3b9c: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
|
|---|
| 463 | 3b98.3b9c: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
|
|---|
| 464 | 3b98.3b9c: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
|
|---|
| 465 | 3b98.3b9c: 0000000000700000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 466 | 3b98.3b9c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 467 | 3b98.3b9c: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000
|
|---|
| 468 | 3b98.3b9c: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000
|
|---|
| 469 | 3b98.3b9c: 000000007ffe3000-00007ff56b8affff 0x0001/0x0000 0x0000000
|
|---|
| 470 | 3b98.3b9c: *00007ff56b8b0000-00007ff56b8b0fff 0x0002/0x0002 0x0040000
|
|---|
| 471 | 3b98.3b9c: 00007ff56b8b1000-00007ff56b8bffff 0x0001/0x0000 0x0000000
|
|---|
| 472 | 3b98.3b9c: *00007ff56b8c0000-00007ff56b8e2fff 0x0002/0x0002 0x0040000
|
|---|
| 473 | 3b98.3b9c: 00007ff56b8e3000-00007ff72fe1ffff 0x0001/0x0000 0x0000000
|
|---|
| 474 | 3b98.3b9c: *00007ff72fe20000-00007ff72fe20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 475 | 3b98.3b9c: 00007ff72fe21000-00007ff72fe96fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 476 | 3b98.3b9c: 00007ff72fe97000-00007ff72fe97fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 477 | 3b98.3b9c: 00007ff72fe98000-00007ff72fedffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 478 | 3b98.3b9c: 00007ff72fee0000-00007ff72fee0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 479 | 3b98.3b9c: 00007ff72fee1000-00007ff72fee1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 480 | 3b98.3b9c: 00007ff72fee2000-00007ff72fee6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 481 | 3b98.3b9c: 00007ff72fee7000-00007ff72fee7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 482 | 3b98.3b9c: 00007ff72fee8000-00007ff72fee8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 483 | 3b98.3b9c: 00007ff72fee9000-00007ff72feecfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 484 | 3b98.3b9c: 00007ff72feed000-00007ff72ff35fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 485 | 3b98.3b9c: 00007ff72ff36000-00007fff1807ffff 0x0001/0x0000 0x0000000
|
|---|
| 486 | 3b98.3b9c: *00007fff18080000-00007fff18080fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 487 | 3b98.3b9c: 00007fff18081000-00007fff18197fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 488 | 3b98.3b9c: 00007fff18198000-00007fff181defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 489 | 3b98.3b9c: 00007fff181df000-00007fff181eafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 490 | 3b98.3b9c: 00007fff181eb000-00007fff181f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 491 | 3b98.3b9c: 00007fff181fa000-00007fff181fafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 492 | 3b98.3b9c: 00007fff181fb000-00007fff181fdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 493 | 3b98.3b9c: 00007fff181fe000-00007fff1826ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 494 | 3b98.3b9c: 00007fff18270000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 495 | 3b98.3b9c: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
|
|---|
| 496 | 3b98.3b9c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 497 | 3b98.3b9c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
|
|---|
| 498 | 3b98.3b9c: supR3HardNtChildPurify: Done after 551 ms and 0 fixes (loop #0).
|
|---|
| 499 | 3660.3664: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
|
|---|
| 500 | 3660.3664: supR3HardenedVmProcessInit: uNtDllAddr=00007fff18080000 g_uNtVerCombined=0xa047ba00 (stack ~00000000006ff4d8)
|
|---|
| 501 | 3b98.3b9c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000800000 LB 0x400000)
|
|---|
| 502 | 3660.3664: ntdll.dll: timestamp 0x64d10ee0 (rc=VINF_SUCCESS)
|
|---|
| 503 | 3660.3664: New simple heap: #1 0000000000800000 LB 0x400000 (for 2031616 allocation)
|
|---|
| 504 | 3b98.3b9c: supR3HardNtEnableThreadCreationEx:
|
|---|
| 505 | 3660.3664: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 506 | 3660.3664: System32: \Device\HarddiskVolume3\Windows\System32
|
|---|
| 507 | 3660.3664: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
|
|---|
| 508 | 3660.3664: KnownDllPath: C:\WINDOWS\System32
|
|---|
| 509 | 3660.3664: supR3HardenedVmProcessInit: Opening vboxdrv...
|
|---|
| 510 | 3660.3664: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
|
|---|
| 511 | 3660.3664: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
|
|---|
| 512 | 3660.3664: Registered Dll notification callback with NTDLL.
|
|---|
| 513 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
|
|---|
| 514 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 515 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 516 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff15cb0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
|
|---|
| 517 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
|
|---|
| 518 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
|
|---|
| 519 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff17700000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
|
|---|
| 520 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 521 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17700000 'C:\WINDOWS\System32\KERNEL32.DLL'
|
|---|
| 522 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007ff72fe20000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
|
|---|
| 523 | 3660.3664: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 524 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 525 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 526 | 3660.3664: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff180f17f0 pvNtTerminateThread=00007fff1811cb10
|
|---|
| 527 | 3b98.3b9c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 102 ms.
|
|---|
| 528 | 3660.3664: \SystemRoot\System32\ntdll.dll:
|
|---|
| 529 | 3660.3664: CreationTime: 2020-03-03T11:41:35.605689100Z
|
|---|
| 530 | 3660.3664: LastWriteTime: 2020-03-03T11:41:35.635319900Z
|
|---|
| 531 | 3660.3664: ChangeTime: 2020-03-03T12:31:49.337223600Z
|
|---|
| 532 | 3660.3664: FileAttributes: 0x20
|
|---|
| 533 | 3660.3664: Size: 0x1e8458
|
|---|
| 534 | 3660.3664: NT Headers: 0xd8
|
|---|
| 535 | 3660.3664: Timestamp: 0x64d10ee0
|
|---|
| 536 | 3660.3664: Machine: 0x8664 - amd64
|
|---|
| 537 | 3660.3664: Timestamp: 0x64d10ee0
|
|---|
| 538 | 3660.3664: Image Version: 10.0
|
|---|
| 539 | 3660.3664: SizeOfImage: 0x1f0000 (2031616)
|
|---|
| 540 | 3660.3664: Resource Dir: 0x17f000 LB 0x6f310
|
|---|
| 541 | 3660.3664: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 542 | 3660.3664: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 543 | 3660.3664: ProductName: Microsoft® Windows® Operating System
|
|---|
| 544 | 3660.3664: ProductVersion: 10.0.18362.657
|
|---|
| 545 | 3660.3664: FileVersion: 10.0.18362.657 (WinBuild.160101.0800)
|
|---|
| 546 | 3660.3664: FileDescription: NT Layer DLL
|
|---|
| 547 | 3660.3664: \SystemRoot\System32\kernel32.dll:
|
|---|
| 548 | 3660.3664: CreationTime: 2020-03-03T11:41:12.718195400Z
|
|---|
| 549 | 3660.3664: LastWriteTime: 2020-03-03T11:41:12.728198400Z
|
|---|
| 550 | 3660.3664: ChangeTime: 2020-03-03T12:31:41.370376000Z
|
|---|
| 551 | 3660.3664: FileAttributes: 0x20
|
|---|
| 552 | 3660.3664: Size: 0xb0570
|
|---|
| 553 | 3660.3664: NT Headers: 0xe8
|
|---|
| 554 | 3660.3664: Timestamp: 0xd0cecc10
|
|---|
| 555 | 3660.3664: Machine: 0x8664 - amd64
|
|---|
| 556 | 3660.3664: Timestamp: 0xd0cecc10
|
|---|
| 557 | 3660.3664: Image Version: 10.0
|
|---|
| 558 | 3660.3664: SizeOfImage: 0xb2000 (729088)
|
|---|
| 559 | 3660.3664: Resource Dir: 0xb0000 LB 0x520
|
|---|
| 560 | 3660.3664: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 561 | 3660.3664: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 562 | 3660.3664: ProductName: Microsoft® Windows® Operating System
|
|---|
| 563 | 3660.3664: ProductVersion: 10.0.18362.329
|
|---|
| 564 | 3660.3664: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
|
|---|
| 565 | 3660.3664: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 566 | 3660.3664: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 567 | 3660.3664: CreationTime: 2020-03-03T11:41:36.355693900Z
|
|---|
| 568 | 3660.3664: LastWriteTime: 2020-03-03T11:41:36.425261200Z
|
|---|
| 569 | 3660.3664: ChangeTime: 2020-03-03T12:31:47.790717900Z
|
|---|
| 570 | 3660.3664: FileAttributes: 0x20
|
|---|
| 571 | 3660.3664: Size: 0x2a3508
|
|---|
| 572 | 3660.3664: NT Headers: 0xf0
|
|---|
| 573 | 3660.3664: Timestamp: 0xf96f12ee
|
|---|
| 574 | 3660.3664: Machine: 0x8664 - amd64
|
|---|
| 575 | 3660.3664: Timestamp: 0xf96f12ee
|
|---|
| 576 | 3660.3664: Image Version: 10.0
|
|---|
| 577 | 3660.3664: SizeOfImage: 0x2a3000 (2764800)
|
|---|
| 578 | 3660.3664: Resource Dir: 0x27d000 LB 0x548
|
|---|
| 579 | 3660.3664: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 580 | 3660.3664: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 581 | 3660.3664: ProductName: Microsoft® Windows® Operating System
|
|---|
| 582 | 3660.3664: ProductVersion: 10.0.18362.628
|
|---|
| 583 | 3660.3664: FileVersion: 10.0.18362.628 (WinBuild.160101.0800)
|
|---|
| 584 | 3660.3664: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 585 | 3660.3664: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 586 | 3660.3664: CreationTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 587 | 3660.3664: LastWriteTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 588 | 3660.3664: ChangeTime: 2020-03-03T11:42:43.490706700Z
|
|---|
| 589 | 3660.3664: FileAttributes: 0x20
|
|---|
| 590 | 3660.3664: Size: 0x1d028
|
|---|
| 591 | 3660.3664: NT Headers: 0xc8
|
|---|
| 592 | 3660.3664: Timestamp: 0xd6ced080
|
|---|
| 593 | 3660.3664: Machine: 0x8664 - amd64
|
|---|
| 594 | 3660.3664: Timestamp: 0xd6ced080
|
|---|
| 595 | 3660.3664: Image Version: 10.0
|
|---|
| 596 | 3660.3664: SizeOfImage: 0x1e000 (122880)
|
|---|
| 597 | 3660.3664: Resource Dir: 0x1d000 LB 0x408
|
|---|
| 598 | 3660.3664: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 599 | 3660.3664: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 600 | 3660.3664: ProductName: Microsoft® Windows® Operating System
|
|---|
| 601 | 3660.3664: ProductVersion: 10.0.18362.1
|
|---|
| 602 | 3660.3664: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
|
|---|
| 603 | 3660.3664: FileDescription: ApiSet Schema DLL
|
|---|
| 604 | 3660.3664: supR3HardenedWinFindAdversaries: 0x1000
|
|---|
| 605 | 3660.3664: \SystemRoot\System32\drivers\vsdatant.sys:
|
|---|
| 606 | 3660.3664: CreationTime: 2019-11-27T14:25:40.000000000Z
|
|---|
| 607 | 3660.3664: LastWriteTime: 2019-11-27T14:25:40.000000000Z
|
|---|
| 608 | 3660.3664: ChangeTime: 2020-03-05T08:44:55.299372300Z
|
|---|
| 609 | 3660.3664: FileAttributes: 0x20
|
|---|
| 610 | 3660.3664: Size: 0x89248
|
|---|
| 611 | 3660.3664: NT Headers: 0xe8
|
|---|
| 612 | 3660.3664: Timestamp: 0x5ddd107a
|
|---|
| 613 | 3660.3664: Machine: 0x8664 - amd64
|
|---|
| 614 | 3660.3664: Timestamp: 0x5ddd107a
|
|---|
| 615 | 3660.3664: Image Version: 10.0
|
|---|
| 616 | 3660.3664: SizeOfImage: 0xad000 (708608)
|
|---|
| 617 | 3660.3664: Resource Dir: 0xab000 LB 0x3d0
|
|---|
| 618 | 3660.3664: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 619 | 3660.3664: [Raw version resource data: 0xab060 LB 0x36c, codepage 0x0 (reserved 0x0)]
|
|---|
| 620 | 3660.3664: ProductName: End Point Security
|
|---|
| 621 | 3660.3664: ProductVersion: R80
|
|---|
| 622 | 3660.3664: FileVersion: 926003501
|
|---|
| 623 | 3660.3664: FileDescription: ZoneAlarm Firewalling Driver
|
|---|
| 624 | 3660.3664: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 625 | 3660.3664: Calling main()
|
|---|
| 626 | 3660.3664: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
|
|---|
| 627 | 3660.3664: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 628 | 3660.3664: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 629 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 630 | 3660.3664: SUPR3HardenedMain: Final process, opening VBoxDrv...
|
|---|
| 631 | 3660.3664: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000800000 LB 0x400000)
|
|---|
| 632 | 3660.3664: supR3HardNtEnableThreadCreationEx:
|
|---|
| 633 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
|
|---|
| 634 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
|
|---|
| 635 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 636 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 637 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007ffeee730000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
|
|---|
| 638 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 639 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 640 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 641 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeee730000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 642 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 643 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 644 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeee730000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 645 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeee730000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 646 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 647 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
|
|---|
| 648 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
|
|---|
| 649 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
|
|---|
| 650 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
|
|---|
| 651 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
|
|---|
| 652 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 653 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 654 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
|
|---|
| 655 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 656 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
|
|---|
| 657 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 658 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msasn1.dll'.
|
|---|
| 659 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
|
|---|
| 660 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
|
|---|
| 661 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
|
|---|
| 662 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
|
|---|
| 663 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
|
|---|
| 664 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
|
|---|
| 665 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 666 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 667 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
|
|---|
| 668 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 669 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
|
|---|
| 670 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
|
|---|
| 671 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
|
|---|
| 672 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 673 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff173f0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
|
|---|
| 674 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 675 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff14ff0000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
|
|---|
| 676 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
|
|---|
| 677 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff15a30000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
|
|---|
| 678 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
|
|---|
| 679 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
|
|---|
| 680 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff15f90000 LB 0x00149000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
|
|---|
| 681 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 682 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff165b0000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
|
|---|
| 683 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 684 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff15930000 LB 0x0005c000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
|
|---|
| 685 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 686 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 687 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 688 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 689 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 690 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 691 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 692 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 693 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 694 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 695 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 696 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 697 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 698 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
|
|---|
| 699 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 700 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-localization-l1-2-1'
|
|---|
| 701 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15930000 'C:\WINDOWS\system32\Wintrust.dll'
|
|---|
| 702 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
|
|---|
| 703 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
|
|---|
| 704 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 705 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff15f60000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
|
|---|
| 706 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 707 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f60000 'C:\WINDOWS\system32\bcrypt.dll'
|
|---|
| 708 | 3660.3664: bcrypt.dll loaded at 00007fff15f60000, BCryptOpenAlgorithmProvider at 00007fff15f64c70, preloading providers:
|
|---|
| 709 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
|
|---|
| 710 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
|
|---|
| 711 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 712 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff15b30000 LB 0x00080000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
|
|---|
| 713 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
|
|---|
| 714 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15b30000 'C:\WINDOWS\system32\bcryptprimitives.dll'
|
|---|
| 715 | 3660.3664: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000d2a3d0)
|
|---|
| 716 | 3660.3664: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000d2fad0)
|
|---|
| 717 | 3660.3664: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000d2fdd0)
|
|---|
| 718 | 3660.3664: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000d300d0)
|
|---|
| 719 | 3660.3664: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000d303d0)
|
|---|
| 720 | 3660.3664: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000d306d0)
|
|---|
| 721 | 3660.3664: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000d309d0)
|
|---|
| 722 | 3660.3664: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000d30cd0)
|
|---|
| 723 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff15c90000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0]
|
|---|
| 724 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
|
|---|
| 725 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
|
|---|
| 726 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
|
|---|
| 727 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
|
|---|
| 728 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
|
|---|
| 729 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 730 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 731 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 732 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 733 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 734 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff142f0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
|
|---|
| 735 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 736 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 737 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
|
|---|
| 738 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
|
|---|
| 739 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
|
|---|
| 740 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff148f0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
|
|---|
| 741 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
|
|---|
| 742 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 743 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
|
|---|
| 744 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
|
|---|
| 745 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
|
|---|
| 746 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 747 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17700000 'C:\WINDOWS\System32\kernel32.dll'
|
|---|
| 748 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 749 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 750 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15930000 'C:\WINDOWS\System32\WINTRUST.DLL'
|
|---|
| 751 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 752 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 753 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\CRYPT32.dll'
|
|---|
| 754 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff17eb0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
|
|---|
| 755 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
|
|---|
| 756 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
|
|---|
| 757 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
|
|---|
| 758 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 759 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 760 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 761 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 762 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 763 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 764 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff170f0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
|
|---|
| 765 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
|
|---|
| 766 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
|
|---|
| 767 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
|
|---|
| 768 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 769 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
|
|---|
| 770 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
|
|---|
| 771 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
|
|---|
| 772 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff139d0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
|
|---|
| 773 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
|
|---|
| 774 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff14fd0000 LB 0x0001f000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
|
|---|
| 775 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
|
|---|
| 776 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
|
|---|
| 777 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 778 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
|
|---|
| 779 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
|
|---|
| 780 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
|
|---|
| 781 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
|
|---|
| 782 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 783 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 784 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 785 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 786 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 787 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 788 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 789 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 790 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 791 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 792 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 793 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 794 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 795 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 796 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 797 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 798 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007ffee9790000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
|
|---|
| 799 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 800 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 801 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 802 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 803 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 804 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 805 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 806 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 807 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 808 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 809 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 810 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 811 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 812 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 813 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 814 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 815 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 816 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 817 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 818 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 819 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 820 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 821 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 822 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 823 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 824 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 825 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 826 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 827 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 828 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 829 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 830 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 831 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff172e0000 LB 0x000a3000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
|
|---|
| 832 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 833 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
|
|---|
| 834 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
|
|---|
| 835 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
|
|---|
| 836 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 837 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 838 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 839 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 840 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 841 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
|
|---|
| 842 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
|
|---|
| 843 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
|
|---|
| 844 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 845 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 846 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 847 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 848 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 849 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 850 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 851 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 852 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
|
|---|
| 853 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001514c60
|
|---|
| 854 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
|
|---|
| 855 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=95FD49F93AE6ADF9D4DE48632E3114C0D5FFE7A0
|
|---|
| 856 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 857 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 858 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff165b0000 'C:\WINDOWS\System32\rpcrt4.dll'
|
|---|
| 859 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 860 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 861 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 862 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 863 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 864 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 865 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\SystemRoot\System32\ntdll.dll'
|
|---|
| 866 | 3660.3664: g_pfnWinVerifyTrust=00007fff159361f0
|
|---|
| 867 | 3660.3664: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
|
|---|
| 868 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 869 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 870 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 871 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 872 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 873 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 874 | 3660.3664: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
|
|---|
| 875 | 3660.3664: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
|
|---|
| 876 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 877 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 878 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 879 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
|
|---|
| 880 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 881 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 882 | 3660.3664: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
|
|---|
| 883 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 884 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 885 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 886 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 887 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
|
|---|
| 888 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
|
|---|
| 889 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
|
|---|
| 890 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
|
|---|
| 891 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
|
|---|
| 892 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 893 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 894 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 895 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
|
|---|
| 896 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 897 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
|
|---|
| 898 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 899 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 900 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 901 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
|
|---|
| 902 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 903 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 904 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 905 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
|
|---|
| 906 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 907 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 908 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 909 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
|
|---|
| 910 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 911 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 912 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 913 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
|
|---|
| 914 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 915 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 916 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 917 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
|
|---|
| 918 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 919 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 920 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
|
|---|
| 921 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 922 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 923 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
|
|---|
| 924 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
|
|---|
| 925 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 926 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 927 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 928 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
|
|---|
| 929 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 930 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 931 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
|
|---|
| 932 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 933 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 934 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
|
|---|
| 935 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 936 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 937 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
|
|---|
| 938 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 939 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 940 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
|
|---|
| 941 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 942 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 943 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
|
|---|
| 944 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 945 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 946 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
|
|---|
| 947 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 948 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
|
|---|
| 949 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 950 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
|
|---|
| 951 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 952 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 953 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
|
|---|
| 954 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 955 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 956 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
|
|---|
| 957 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\system32\crypt32.dll'
|
|---|
| 958 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
|
|---|
| 959 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
|
|---|
| 960 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
|
|---|
| 961 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xbdcefb66ec78c600 C=US, ST=California, O=Kofax, OU=Atalasoft, CN=Kofax Web Capture Service
|
|---|
| 962 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
|
|---|
| 963 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
|
|---|
| 964 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
|
|---|
| 965 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
|
|---|
| 966 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
|
|---|
| 967 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
|
|---|
| 968 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
|
|---|
| 969 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
|
|---|
| 970 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
|
|---|
| 971 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
|
|---|
| 972 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
|
|---|
| 973 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
|
|---|
| 974 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
|
|---|
| 975 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
|
|---|
| 976 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
|
|---|
| 977 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
|
|---|
| 978 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xfb700f54a232be00 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3
|
|---|
| 979 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
|
|---|
| 980 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
|
|---|
| 981 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
|
|---|
| 982 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
|
|---|
| 983 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
|
|---|
| 984 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
|
|---|
| 985 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
|
|---|
| 986 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
|
|---|
| 987 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
|
|---|
| 988 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
|
|---|
| 989 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
|
|---|
| 990 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
|
|---|
| 991 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
|
|---|
| 992 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
|
|---|
| 993 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
|
|---|
| 994 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
|
|---|
| 995 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
|
|---|
| 996 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
|
|---|
| 997 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
|
|---|
| 998 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x4b24f9897ec7e300 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
|
|---|
| 999 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
|
|---|
| 1000 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
|
|---|
| 1001 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
|
|---|
| 1002 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
|
|---|
| 1003 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
|
|---|
| 1004 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x3eaa756fe759c500 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
|
|---|
| 1005 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
|
|---|
| 1006 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
|
|---|
| 1007 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
|
|---|
| 1008 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
|
|---|
| 1009 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
|
|---|
| 1010 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
|
|---|
| 1011 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
|
|---|
| 1012 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
|
|---|
| 1013 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
|
|---|
| 1014 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
|
|---|
| 1015 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
|
|---|
| 1016 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
|
|---|
| 1017 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
|
|---|
| 1018 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x9084fc5c3c87ab00 DC=local, DC=docspro, CN=docspro-VSRV01-CA
|
|---|
| 1019 | 3660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x8dd52735f63dc800 DC=local, DC=docspro, CN=Docpro CA
|
|---|
| 1020 | 3660.3664: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=62
|
|---|
| 1021 | 3660.3664: SUPR3HardenedMain: Load Runtime...
|
|---|
| 1022 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1023 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 1024 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 1025 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 1026 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 1027 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
|
|---|
| 1028 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1029 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 1030 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1031 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1032 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1033 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
|
|---|
| 1034 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
|
|---|
| 1035 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 1036 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1037 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1038 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 1039 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1040 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1041 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1042 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1043 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 1044 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1045 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 1046 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
|
|---|
| 1047 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1048 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1049 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1050 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1051 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1052 | 3660.3664: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1053 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
|
|---|
| 1054 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1055 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1056 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
|
|---|
| 1057 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
|
|---|
| 1058 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1059 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
|
|---|
| 1060 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1061 | 3660.3664: supR3HardenedDllNotificationCallback: load 000000005bac0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
|
|---|
| 1062 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
|
|---|
| 1063 | 3660.3664: supR3HardenedDllNotificationCallback: load 000000005af40000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
|
|---|
| 1064 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1065 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff166d0000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
|
|---|
| 1066 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 1067 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007ffece350000 LB 0x005d6000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
|
|---|
| 1068 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1069 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1070 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1071 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1072 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1073 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1074 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1075 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1076 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1077 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1078 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1079 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1080 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1081 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1082 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1083 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1084 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1085 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1086 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1087 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1088 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1089 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1090 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1091 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1092 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1093 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1094 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1095 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1096 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1097 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1098 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1099 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1100 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1101 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1102 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1103 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1104 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1105 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1106 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1107 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1108 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1109 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1110 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1111 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1112 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1113 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1114 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1115 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1116 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1117 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1118 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1119 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1120 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1121 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1122 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1123 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1124 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1125 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1126 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1127 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1128 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1129 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1130 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1131 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1132 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1133 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1134 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1135 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1136 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1137 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1138 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1139 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1140 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1141 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1142 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1143 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1144 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1145 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1146 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1147 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1148 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1149 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1150 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1151 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1152 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1153 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1154 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1155 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1156 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1157 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1158 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1159 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1160 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1161 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1162 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1163 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1164 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1165 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1166 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1167 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1168 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1169 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1170 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1171 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1172 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1173 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1174 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1175 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1176 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1177 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1178 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1179 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1180 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1181 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1182 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1183 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1184 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1185 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1186 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1187 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1188 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1189 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1190 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1191 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1192 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1193 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1194 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1195 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1196 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1197 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1198 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1199 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1200 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1201 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1202 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1203 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1204 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1205 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1206 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1207 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1208 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1209 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1210 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1211 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1212 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1213 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1214 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1215 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1216 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1217 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1218 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1219 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1220 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1221 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1222 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1223 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1224 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1225 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1226 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1227 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1228 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1229 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1230 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1231 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1232 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1233 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1234 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1235 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1236 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1237 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1238 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1239 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1240 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1241 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1242 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1243 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1244 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1245 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1246 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1247 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
|
|---|
| 1248 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
|
|---|
| 1249 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1250 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15930000 'C:\WINDOWS\system32\Wintrust.dll'
|
|---|
| 1251 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
|
|---|
| 1252 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1253 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1254 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1255 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1256 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1257 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\system32\crypt32.dll'
|
|---|
| 1258 | 3660.3664: SUPR3HardenedMain: Load TrustedMain...
|
|---|
| 1259 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1260 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
|
|---|
| 1261 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
|
|---|
| 1262 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 1263 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
|
|---|
| 1264 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
|
|---|
| 1265 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
|
|---|
| 1266 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
|
|---|
| 1267 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
|
|---|
| 1268 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
|
|---|
| 1269 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
|
|---|
| 1270 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
|
|---|
| 1271 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
|
|---|
| 1272 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
|
|---|
| 1273 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
|
|---|
| 1274 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
|
|---|
| 1275 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 1276 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1277 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1278 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1279 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
|
|---|
| 1280 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
|
|---|
| 1281 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
|
|---|
| 1282 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 1283 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1284 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1285 | 3660.3664: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 ef 47 54 52 b6 1c 06 f2 a1 42 cf 9f 72 06 00 00)
|
|---|
| 1286 | 3660.3664: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1287 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1288 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1289 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 1290 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
|
|---|
| 1291 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1292 | 3660.3664: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 1293 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1294 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
|
|---|
| 1295 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
|
|---|
| 1296 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1297 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1298 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 1299 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1300 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
|
|---|
| 1301 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1302 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1303 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 1304 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
|
|---|
| 1305 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
|
|---|
| 1306 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
|
|---|
| 1307 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 1308 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1309 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1310 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1311 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1312 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1313 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1314 | 3660.3664: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 1315 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 1316 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'bcryptprimitives.dll'.
|
|---|
| 1317 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
|
|---|
| 1318 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 1319 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 1320 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1321 | 3660.3664: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 1322 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
|
|---|
| 1323 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
|
|---|
| 1324 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
|
|---|
| 1325 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1326 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
|
|---|
| 1327 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1328 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1329 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1330 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1331 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
|
|---|
| 1332 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
|
|---|
| 1333 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'.
|
|---|
| 1334 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
|
|---|
| 1335 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
|
|---|
| 1336 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1337 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1338 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1339 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1340 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1341 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
|
|---|
| 1342 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1343 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1344 | 3660.3664: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 1345 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
|
|---|
| 1346 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
|
|---|
| 1347 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
|
|---|
| 1348 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 1349 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1350 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1351 | 3660.3664: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 1352 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
|
|---|
| 1353 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
|
|---|
| 1354 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
|
|---|
| 1355 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1356 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1357 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1358 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1359 | 3660.3664: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 1360 | 3660.3664: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
|
|---|
| 1361 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
|
|---|
| 1362 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
|
|---|
| 1363 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1364 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1365 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1366 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1367 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1368 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
|
|---|
| 1369 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1370 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1371 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
|
|---|
| 1372 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
|
|---|
| 1373 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
|
|---|
| 1374 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
|
|---|
| 1375 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1376 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1377 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1378 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1379 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1380 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1381 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
|
|---|
| 1382 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1383 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
|
|---|
| 1384 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
|
|---|
| 1385 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
|
|---|
| 1386 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
|
|---|
| 1387 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
|
|---|
| 1388 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1389 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1390 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1391 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1392 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1393 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1394 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1395 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1396 | 3660.3664: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
|
|---|
| 1397 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1398 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
|
|---|
| 1399 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
|
|---|
| 1400 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 1401 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 1402 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
|
|---|
| 1403 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
|
|---|
| 1404 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
|
|---|
| 1405 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
|
|---|
| 1406 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1407 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1408 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1409 | 3660.3664: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
|
|---|
| 1410 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
|
|---|
| 1411 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
|
|---|
| 1412 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
|
|---|
| 1413 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1414 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
|
|---|
| 1415 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1416 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1417 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
|
|---|
| 1418 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1419 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1420 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1421 | 3660.3664: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 1422 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 1423 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1424 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
|
|---|
| 1425 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
|
|---|
| 1426 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
|
|---|
| 1427 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1428 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1429 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
|
|---|
| 1430 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
|
|---|
| 1431 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1432 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1433 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1434 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1435 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1436 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1437 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1438 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1439 | 3660.3664: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
|
|---|
| 1440 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'.
|
|---|
| 1441 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'.
|
|---|
| 1442 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
|
|---|
| 1443 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 1444 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1445 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1446 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1447 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1448 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1449 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1450 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1451 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1452 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1453 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1454 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1455 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1456 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1457 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1458 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1459 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1460 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1461 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1462 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1463 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1464 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1465 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1466 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1467 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1468 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1469 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1470 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1471 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1472 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1473 | 3660.3664: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
|
|---|
| 1474 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1475 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
|
|---|
| 1476 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1477 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
|
|---|
| 1478 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
|
|---|
| 1479 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
|
|---|
| 1480 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
|
|---|
| 1481 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1482 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1483 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1484 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1485 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1486 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1487 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1488 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1489 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1490 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
|
|---|
| 1491 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1492 | 3660.3664: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 1493 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
|
|---|
| 1494 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
|
|---|
| 1495 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 1496 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1497 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 1498 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1499 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1500 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 1501 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1502 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1503 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1504 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1505 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1506 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
|
|---|
| 1507 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1508 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1509 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1510 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
|
|---|
| 1511 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1512 | 3660.3664: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 1513 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1514 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 1515 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
|
|---|
| 1516 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
|
|---|
| 1517 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
|
|---|
| 1518 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1519 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1520 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1521 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1522 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1523 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1524 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1525 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1526 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 1527 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1528 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1529 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 1530 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1531 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1532 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1533 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1534 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1535 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1536 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1537 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1538 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
|
|---|
| 1539 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1540 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1541 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1542 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1543 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1544 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 1545 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1546 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 1547 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1548 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
|
|---|
| 1549 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
|
|---|
| 1550 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
|
|---|
| 1551 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1552 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1553 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
|
|---|
| 1554 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1555 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1556 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
|
|---|
| 1557 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1558 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1559 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1560 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1561 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1562 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1563 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1564 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1565 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
|
|---|
| 1566 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1567 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1568 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1569 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1570 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1571 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1572 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1573 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1574 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1575 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1576 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1577 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1578 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1579 | 3660.3664: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
|
|---|
| 1580 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1581 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1582 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
|
|---|
| 1583 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1584 | 3660.3664: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
|
|---|
| 1585 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1586 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1587 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1588 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1589 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1590 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1591 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 1592 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1593 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
|
|---|
| 1594 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1595 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1596 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
|
|---|
| 1597 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
|
|---|
| 1598 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
|
|---|
| 1599 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
|
|---|
| 1600 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
|
|---|
| 1601 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 1602 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
|
|---|
| 1603 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
|
|---|
| 1604 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
|
|---|
| 1605 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
|
|---|
| 1606 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
|
|---|
| 1607 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
|
|---|
| 1608 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1609 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1610 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
|
|---|
| 1611 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000052c pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
|
|---|
| 1612 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
|
|---|
| 1613 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
|
|---|
| 1614 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0837440FAE05EB650168FFA2D15E73182F6A3A26
|
|---|
| 1615 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1616 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1617 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1618 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1619 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 1620 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1621 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1622 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1623 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1624 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1625 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 1626 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1627 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1628 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1629 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1630 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1631 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1632 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1633 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1634 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1635 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1636 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1637 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1638 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1639 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1640 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 1641 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1642 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1643 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1644 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
|
|---|
| 1645 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1646 | 3660.3664: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
|
|---|
| 1647 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
|
|---|
| 1648 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
|
|---|
| 1649 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
|
|---|
| 1650 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
|
|---|
| 1651 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1652 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1653 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
|
|---|
| 1654 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1655 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 1656 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
|
|---|
| 1657 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
|
|---|
| 1658 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
|
|---|
| 1659 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 1660 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
|
|---|
| 1661 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DXCore.dll)
|
|---|
| 1662 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DXCore.dll
|
|---|
| 1663 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff15bb0000 LB 0x00021000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
|
|---|
| 1664 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
|
|---|
| 1665 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff15990000 LB 0x0009e000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
|
|---|
| 1666 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
|
|---|
| 1667 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff15010000 LB 0x00194000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
|
|---|
| 1668 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 1669 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
|
|---|
| 1670 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
|
|---|
| 1671 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
|
|---|
| 1672 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
|
|---|
| 1673 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
|
|---|
| 1674 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff17ee0000 LB 0x00026000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
|
|---|
| 1675 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
|
|---|
| 1676 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff16130000 LB 0x00194000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
|
|---|
| 1677 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust]
|
|---|
| 1678 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff16da0000 LB 0x00336000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
|
|---|
| 1679 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
|
|---|
| 1680 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff160e0000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
|
|---|
| 1681 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
|
|---|
| 1682 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
|
|---|
| 1683 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff13a50000 LB 0x00020000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0]
|
|---|
| 1684 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
|
|---|
| 1685 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007ffef8710000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
|
|---|
| 1686 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
|
|---|
| 1687 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007ffef8810000 LB 0x00156000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
|
|---|
| 1688 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
|
|---|
| 1689 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff16cf0000 LB 0x000a9000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
|
|---|
| 1690 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1691 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
|
|---|
| 1692 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
|
|---|
| 1693 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
|
|---|
| 1694 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 1695 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff14f50000 LB 0x00010000 C:\WINDOWS\System32\UMPDC.dll [fFlags=0x0]
|
|---|
| 1696 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\umpdc.dll)
|
|---|
| 1697 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\umpdc.dll
|
|---|
| 1698 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff14f80000 LB 0x0004a000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
|
|---|
| 1699 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
|
|---|
| 1700 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'.
|
|---|
| 1701 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
|
|---|
| 1702 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
|
|---|
| 1703 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff176a0000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
|
|---|
| 1704 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
|
|---|
| 1705 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
|
|---|
| 1706 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
|
|---|
| 1707 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
|
|---|
| 1708 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
|
|---|
| 1709 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff14f60000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
|
|---|
| 1710 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
|
|---|
| 1711 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
|
|---|
| 1712 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
|
|---|
| 1713 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
|
|---|
| 1714 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff151b0000 LB 0x0077f000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
|
|---|
| 1715 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
|
|---|
| 1716 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
|
|---|
| 1717 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
|
|---|
| 1718 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
|
|---|
| 1719 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
|
|---|
| 1720 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
|
|---|
| 1721 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff177c0000 LB 0x006e5000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
|
|---|
| 1722 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
|
|---|
| 1723 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff17540000 LB 0x00156000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
|
|---|
| 1724 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1725 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007ffefaca0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
|
|---|
| 1726 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
|
|---|
| 1727 | 3660.3664: supR3HardenedDllNotificationCallback: load 000000005b550000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
|
|---|
| 1728 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1729 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007ffecdd50000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
|
|---|
| 1730 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1731 | 3660.3664: supR3HardenedDllNotificationCallback: load 000000005afe0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
|
|---|
| 1732 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
|
|---|
| 1733 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff17190000 LB 0x000c4000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
|
|---|
| 1734 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 1735 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007ffecba30000 LB 0x02314000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
|
|---|
| 1736 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
|
|---|
| 1737 | 3660.3664: supR3HardenedDllNotificationCallback: load 000000005aee0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
|
|---|
| 1738 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1739 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff08d40000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
|
|---|
| 1740 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
|
|---|
| 1741 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff08dd0000 LB 0x00024000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
|
|---|
| 1742 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 1743 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007ffec8c30000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
|
|---|
| 1744 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
|
|---|
| 1745 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
|
|---|
| 1746 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 1747 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
|
|---|
| 1748 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 1749 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
|
|---|
| 1750 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 1751 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
|
|---|
| 1752 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 1753 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
|
|---|
| 1754 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 1755 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
|
|---|
| 1756 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 1757 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
|
|---|
| 1758 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 1759 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
|
|---|
| 1760 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 1761 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
|
|---|
| 1762 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 1763 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 1764 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 1765 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 1766 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 1767 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
|
|---|
| 1768 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 1769 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 1770 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 1771 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 1772 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 1773 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 1774 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 1775 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 1776 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 1777 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 1778 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 1779 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 1780 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 1781 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 1782 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 1783 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 1784 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
|
|---|
| 1785 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1786 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
|
|---|
| 1787 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1788 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1789 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 1790 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1791 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
|
|---|
| 1792 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 1793 | 3660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
|
|---|
| 1794 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1795 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1796 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
|
|---|
| 1797 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 1798 | 3660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 1799 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1800 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1801 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1802 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1803 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1804 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1805 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
|
|---|
| 1806 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 1807 | 3660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 1808 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1809 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1810 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
|
|---|
| 1811 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 1812 | 3660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
|
|---|
| 1813 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1814 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1815 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'...
|
|---|
| 1816 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1817 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\umpdc.dll [redoing WinVerifyTrust]
|
|---|
| 1818 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
|
|---|
| 1819 | 3660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\umpdc.dll
|
|---|
| 1820 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1821 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1822 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1823 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1824 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
|
|---|
| 1825 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 1826 | 3660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 1827 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1828 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1829 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 1830 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1831 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1832 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1833 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1834 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
|
|---|
| 1835 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 1836 | 3660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
|
|---|
| 1837 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1838 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1839 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
|
|---|
| 1840 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 1841 | 3660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 1842 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1843 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1844 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
|
|---|
| 1845 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 1846 | 3660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
|
|---|
| 1847 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 1848 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1849 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
|
|---|
| 1850 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 1851 | 3660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
|
|---|
| 1852 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1853 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1854 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
|
|---|
| 1855 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 1856 | 3660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
|
|---|
| 1857 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 1858 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1859 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
|
|---|
| 1860 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 1861 | 3660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
|
|---|
| 1862 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1863 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17700000 'C:\WINDOWS\System32\kernel32.dll'
|
|---|
| 1864 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
|
|---|
| 1865 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 1866 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
|
|---|
| 1867 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 1868 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
|
|---|
| 1869 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 1870 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
|
|---|
| 1871 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 1872 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
|
|---|
| 1873 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 1874 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
|
|---|
| 1875 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 1876 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
|
|---|
| 1877 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 1878 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
|
|---|
| 1879 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 1880 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
|
|---|
| 1881 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 1882 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 1883 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 1884 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 1885 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 1886 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
|
|---|
| 1887 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 1888 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 1889 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 1890 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 1891 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 1892 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 1893 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 1894 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 1895 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 1896 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 1897 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 1898 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 1899 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 1900 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 1901 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 1902 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
|
|---|
| 1903 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 1904 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
|
|---|
| 1905 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 1906 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
|
|---|
| 1907 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 1908 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
|
|---|
| 1909 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 1910 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
|
|---|
| 1911 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 1912 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
|
|---|
| 1913 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 1914 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
|
|---|
| 1915 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 1916 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
|
|---|
| 1917 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 1918 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
|
|---|
| 1919 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 1920 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 1921 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 1922 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 1923 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 1924 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
|
|---|
| 1925 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 1926 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 1927 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 1928 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 1929 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 1930 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 1931 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 1932 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 1933 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 1934 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 1935 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 1936 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 1937 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 1938 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 1939 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 1940 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
|
|---|
| 1941 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1942 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-string-l1-1-0'
|
|---|
| 1943 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
|
|---|
| 1944 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 1945 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
|
|---|
| 1946 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 1947 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
|
|---|
| 1948 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 1949 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
|
|---|
| 1950 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 1951 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
|
|---|
| 1952 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 1953 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
|
|---|
| 1954 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 1955 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
|
|---|
| 1956 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 1957 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
|
|---|
| 1958 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 1959 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
|
|---|
| 1960 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 1961 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 1962 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 1963 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 1964 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 1965 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
|
|---|
| 1966 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 1967 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 1968 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 1969 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 1970 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 1971 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 1972 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 1973 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 1974 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 1975 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 1976 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 1977 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 1978 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 1979 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 1980 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 1981 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
|
|---|
| 1982 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 1983 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
|
|---|
| 1984 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 1985 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
|
|---|
| 1986 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 1987 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
|
|---|
| 1988 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 1989 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
|
|---|
| 1990 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 1991 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
|
|---|
| 1992 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 1993 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
|
|---|
| 1994 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 1995 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
|
|---|
| 1996 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 1997 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
|
|---|
| 1998 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 1999 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 2000 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2001 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 2002 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2003 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
|
|---|
| 2004 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2005 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2006 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2007 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 2008 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2009 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 2010 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2011 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 2012 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2013 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 2014 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2015 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 2016 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2017 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 2018 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2019 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 2020 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2021 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-datetime-l1-1-1'
|
|---|
| 2022 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
|
|---|
| 2023 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2024 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2025 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2026 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
|
|---|
| 2027 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2028 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
|
|---|
| 2029 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2030 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
|
|---|
| 2031 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2032 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
|
|---|
| 2033 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2034 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2035 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2036 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
|
|---|
| 2037 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2038 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
|
|---|
| 2039 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2040 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 2041 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2042 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 2043 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2044 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
|
|---|
| 2045 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2046 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2047 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2048 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 2049 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2050 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 2051 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2052 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 2053 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2054 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 2055 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2056 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 2057 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2058 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 2059 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2060 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
|
|---|
| 2061 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2062 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2063 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2064 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
|
|---|
| 2065 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2066 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
|
|---|
| 2067 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2068 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
|
|---|
| 2069 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2070 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
|
|---|
| 2071 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2072 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2073 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2074 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
|
|---|
| 2075 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2076 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
|
|---|
| 2077 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2078 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 2079 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2080 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 2081 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2082 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
|
|---|
| 2083 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2084 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2085 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2086 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 2087 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2088 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 2089 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2090 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 2091 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2092 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 2093 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2094 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 2095 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2096 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 2097 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2098 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 2099 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2100 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-localization-obsolete-l1-2-0'
|
|---|
| 2101 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
|
|---|
| 2102 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2103 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2104 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2105 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
|
|---|
| 2106 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2107 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
|
|---|
| 2108 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2109 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
|
|---|
| 2110 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2111 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
|
|---|
| 2112 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2113 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2114 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2115 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
|
|---|
| 2116 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2117 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
|
|---|
| 2118 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2119 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 2120 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2121 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 2122 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2123 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
|
|---|
| 2124 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2125 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2126 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2127 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 2128 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2129 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 2130 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2131 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 2132 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2133 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 2134 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2135 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 2136 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2137 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 2138 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2139 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
|
|---|
| 2140 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2141 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2142 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2143 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
|
|---|
| 2144 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2145 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
|
|---|
| 2146 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2147 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
|
|---|
| 2148 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2149 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
|
|---|
| 2150 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2151 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2152 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2153 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
|
|---|
| 2154 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2155 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
|
|---|
| 2156 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2157 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 2158 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2159 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 2160 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2161 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
|
|---|
| 2162 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2163 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2164 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2165 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 2166 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2167 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 2168 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2169 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 2170 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2171 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 2172 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2173 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 2174 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2175 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 2176 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2177 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
|
|---|
| 2178 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
|
|---|
| 2179 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
|
|---|
| 2180 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
|
|---|
| 2181 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
|
|---|
| 2182 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2183 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2184 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
|
|---|
| 2185 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 2186 | 3660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
|
|---|
| 2187 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2188 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2189 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
|
|---|
| 2190 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 2191 | 3660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 2192 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2193 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff162d0000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
|
|---|
| 2194 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
|
|---|
| 2195 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff162d0000 'C:\WINDOWS\system32\IMM32.DLL'
|
|---|
| 2196 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
|
|---|
| 2197 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
|
|---|
| 2198 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
|
|---|
| 2199 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2200 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2201 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2202 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
|
|---|
| 2203 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2204 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
|
|---|
| 2205 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2206 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
|
|---|
| 2207 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2208 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
|
|---|
| 2209 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2210 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2211 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2212 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
|
|---|
| 2213 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2214 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
|
|---|
| 2215 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2216 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 2217 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2218 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 2219 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2220 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
|
|---|
| 2221 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2222 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2223 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2224 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 2225 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2226 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 2227 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2228 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 2229 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2230 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 2231 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2232 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 2233 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2234 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 2235 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2236 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
|
|---|
| 2237 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
|
|---|
| 2238 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
|
|---|
| 2239 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2240 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2241 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2242 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
|
|---|
| 2243 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2244 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
|
|---|
| 2245 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2246 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
|
|---|
| 2247 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2248 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
|
|---|
| 2249 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2250 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2251 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2252 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
|
|---|
| 2253 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2254 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
|
|---|
| 2255 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2256 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 2257 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2258 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 2259 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2260 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
|
|---|
| 2261 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2262 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2263 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2264 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 2265 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2266 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 2267 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2268 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 2269 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2270 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 2271 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2272 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 2273 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2274 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 2275 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2276 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 2277 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2278 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff172e0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
|
|---|
| 2279 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
|
|---|
| 2280 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
|
|---|
| 2281 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
|
|---|
| 2282 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2283 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2284 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2285 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
|
|---|
| 2286 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2287 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
|
|---|
| 2288 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2289 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
|
|---|
| 2290 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2291 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
|
|---|
| 2292 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2293 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2294 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2295 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
|
|---|
| 2296 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2297 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
|
|---|
| 2298 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2299 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 2300 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2301 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 2302 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2303 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
|
|---|
| 2304 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2305 | 3660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2306 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2307 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 2308 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2309 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 2310 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2311 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 2312 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2313 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 2314 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2315 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 2316 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2317 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 2318 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2319 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8c30000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
|
|---|
| 2320 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2321 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2322 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
|
|---|
| 2323 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2324 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2325 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
|
|---|
| 2326 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2327 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2328 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'
|
|---|
| 2329 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2330 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2331 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
|
|---|
| 2332 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2333 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2334 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'
|
|---|
| 2335 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2336 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2337 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'
|
|---|
| 2338 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2339 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2340 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
|
|---|
| 2341 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2342 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2343 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
|
|---|
| 2344 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2345 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2346 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'
|
|---|
| 2347 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2348 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2349 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'
|
|---|
| 2350 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000040c pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
|
|---|
| 2351 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
|
|---|
| 2352 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
|
|---|
| 2353 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F356C86D0A2DBA0570D09B39D4AF818DFCB17010
|
|---|
| 2354 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2355 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2356 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll'
|
|---|
| 2357 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2358 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll'
|
|---|
| 2359 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2360 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2361 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll'
|
|---|
| 2362 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2363 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2364 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
|
|---|
| 2365 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2366 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
|
|---|
| 2367 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2368 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2369 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
|
|---|
| 2370 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2371 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2372 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
|
|---|
| 2373 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2374 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2375 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
|
|---|
| 2376 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2377 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2378 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
|
|---|
| 2379 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2380 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2381 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
|
|---|
| 2382 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
|
|---|
| 2383 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2384 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2385 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2386 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
|
|---|
| 2387 | 3660.3664: SUPR3HardenedMain: Calling TrustedMain (00007ffec8c316c0)...
|
|---|
| 2388 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2389 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 2390 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
|
|---|
| 2391 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 2392 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
|
|---|
| 2393 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
|
|---|
| 2394 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
|
|---|
| 2395 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
|
|---|
| 2396 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
|
|---|
| 2397 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
|
|---|
| 2398 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
|
|---|
| 2399 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
|
|---|
| 2400 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
|
|---|
| 2401 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
|
|---|
| 2402 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2403 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2404 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 2405 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2406 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 2407 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 2408 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2409 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 2410 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2411 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2412 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 2413 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 2414 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2415 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 2416 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2417 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2418 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 2419 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 2420 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2421 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 2422 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 2423 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2424 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
|
|---|
| 2425 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2426 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2427 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2428 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2429 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 2430 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2431 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2432 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2433 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
|
|---|
| 2434 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007ffecb8a0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
|
|---|
| 2435 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
|
|---|
| 2436 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb8a0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
|
|---|
| 2437 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005ec pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
|
|---|
| 2438 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
|
|---|
| 2439 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
|
|---|
| 2440 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=286AD1CEC16EFDCA5718925D19E68A486A5851A0
|
|---|
| 2441 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2442 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2443 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
|
|---|
| 2444 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2445 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2446 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
|
|---|
| 2447 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
|
|---|
| 2448 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
|
|---|
| 2449 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
|
|---|
| 2450 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2451 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2452 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2453 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2454 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2455 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2456 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2457 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
|
|---|
| 2458 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff0f820000 LB 0x00099000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
|
|---|
| 2459 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
|
|---|
| 2460 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0f820000 'C:\WINDOWS\system32\uxtheme.dll'
|
|---|
| 2461 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16130000 'C:\WINDOWS\system32\user32.dll'
|
|---|
| 2462 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 2463 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2464 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2465 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 2466 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2467 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16cf0000 'C:\WINDOWS\system32\SHCore.dll'
|
|---|
| 2468 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
|
|---|
| 2469 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
|
|---|
| 2470 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 2471 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2472 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff08dd0000 'C:\WINDOWS\system32\winmm.dll'
|
|---|
| 2473 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 2474 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2475 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff08dd0000 'C:\WINDOWS\system32\winmm.dll'
|
|---|
| 2476 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 2477 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2478 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2479 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
|
|---|
| 2480 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2481 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0f820000 'C:\WINDOWS\system32\uxtheme.dll'
|
|---|
| 2482 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 2483 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2484 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff172e0000 'C:\WINDOWS\system32\advapi32.dll'
|
|---|
| 2485 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2486 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2487 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
|
|---|
| 2488 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'.
|
|---|
| 2489 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
|
|---|
| 2490 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
|
|---|
| 2491 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
|
|---|
| 2492 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2493 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
|
|---|
| 2494 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2495 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2496 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2497 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
|
|---|
| 2498 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff14e70000 LB 0x00025000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
|
|---|
| 2499 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
|
|---|
| 2500 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff14e70000 'C:\WINDOWS\system32\userenv.dll'
|
|---|
| 2501 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 2502 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2503 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17700000 'C:\WINDOWS\System32\kernel32.dll'
|
|---|
| 2504 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff17490000 LB 0x000a2000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
|
|---|
| 2505 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2506 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
|
|---|
| 2507 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
|
|---|
| 2508 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
|
|---|
| 2509 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2510 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2511 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2512 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2513 | 3660.3b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2514 | 3660.3b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2515 | 3660.3b94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
|
|---|
| 2516 | 3660.3b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2517 | 3660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2518 | 3660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 2519 | 3660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2520 | 3660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 2521 | 3660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
|
|---|
| 2522 | 3660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
|
|---|
| 2523 | 3660.3b94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
|
|---|
| 2524 | 3660.3b94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 2525 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2526 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2527 | 3660.3b94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 2528 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2529 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2530 | 3660.3b94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 2531 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2532 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2533 | 3660.3b94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 2534 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2535 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2536 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 2537 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2538 | 3660.3b94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 2539 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2540 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2541 | 3660.3b94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2542 | 3660.3b94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 2543 | 3660.3b94: supR3HardenedDllNotificationCallback: load 00007ffecb400000 LB 0x003b0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
|
|---|
| 2544 | 3660.3b94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 2545 | 3660.3b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb400000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
|
|---|
| 2546 | 3660.3b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2547 | 3660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2548 | 3660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 2549 | 3660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 2550 | 3660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
|
|---|
| 2551 | 3660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
|
|---|
| 2552 | 3660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
|
|---|
| 2553 | 3660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
|
|---|
| 2554 | 3660.3b94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
|
|---|
| 2555 | 3660.3b94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
|
|---|
| 2556 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2557 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2558 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2559 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2560 | 3660.3b94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 2561 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2562 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2563 | 3660.3b94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 2564 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 2565 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2566 | 3660.3b94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
|
|---|
| 2567 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2568 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2569 | 3660.3b94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 2570 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2571 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2572 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2573 | 3660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2574 | 3660.3b94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2575 | 3660.3b94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
|
|---|
| 2576 | 3660.3b94: supR3HardenedDllNotificationCallback: load 00007ffecb7b0000 LB 0x000ed000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
|
|---|
| 2577 | 3660.3b94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
|
|---|
| 2578 | 3660.3b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb7b0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
|
|---|
| 2579 | 3660.3b94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 2580 | 3660.3b94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2581 | 3660.3b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17190000 'C:\Windows\System32\oleaut32.dll'
|
|---|
| 2582 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17ee0000 'C:\WINDOWS\system32\gdi32.dll'
|
|---|
| 2583 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 2584 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2585 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2586 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff16bb0000 LB 0x00135000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
|
|---|
| 2587 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2588 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
|
|---|
| 2589 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
|
|---|
| 2590 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
|
|---|
| 2591 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
|
|---|
| 2592 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'advapi32.dll'.
|
|---|
| 2593 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
|
|---|
| 2594 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
|
|---|
| 2595 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2596 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2597 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 2598 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2599 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
|
|---|
| 2600 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2601 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2602 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2603 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2604 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 2605 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2606 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2607 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 2608 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2609 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2610 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2611 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2612 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
|
|---|
| 2613 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000095c pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
|
|---|
| 2614 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
|
|---|
| 2615 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
|
|---|
| 2616 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3632E0380EF7C400BBC7C4B0B9ED8D9F9860503B
|
|---|
| 2617 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2618 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2619 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
|
|---|
| 2620 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2621 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2622 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
|
|---|
| 2623 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
|
|---|
| 2624 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
|
|---|
| 2625 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
|
|---|
| 2626 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
|
|---|
| 2627 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
|
|---|
| 2628 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
|
|---|
| 2629 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2630 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2631 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2632 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
|
|---|
| 2633 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
|
|---|
| 2634 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
|
|---|
| 2635 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
|
|---|
| 2636 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
|
|---|
| 2637 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2638 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 2639 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2640 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
|
|---|
| 2641 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2642 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2643 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
|
|---|
| 2644 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2645 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2646 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2647 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'dxgi.dll'.
|
|---|
| 2648 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'win32u.dll'.
|
|---|
| 2649 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
|
|---|
| 2650 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
|
|---|
| 2651 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 2652 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2653 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 2654 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 2655 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2656 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 2657 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2658 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2659 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2660 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2661 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
|
|---|
| 2662 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
|
|---|
| 2663 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2664 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2665 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2666 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2667 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
|
|---|
| 2668 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll) WinVerifyTrust
|
|---|
| 2669 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
|
|---|
| 2670 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2671 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2672 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 2673 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2674 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2675 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2676 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2677 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2678 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
|
|---|
| 2679 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
|
|---|
| 2680 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
|
|---|
| 2681 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
|
|---|
| 2682 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff13ae0000 LB 0x000eb000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
|
|---|
| 2683 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
|
|---|
| 2684 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff0e160000 LB 0x0025b000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
|
|---|
| 2685 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
|
|---|
| 2686 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff0ea90000 LB 0x001db000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
|
|---|
| 2687 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
|
|---|
| 2688 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007ffee1e60000 LB 0x0003a000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
|
|---|
| 2689 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
|
|---|
| 2690 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17ee0000 'C:\WINDOWS\System32\gdi32.dll'
|
|---|
| 2691 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee1e60000 'C:\WINDOWS\system32\dataexchange.dll'
|
|---|
| 2692 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rmclient.dll'.
|
|---|
| 2693 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
|
|---|
| 2694 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
|
|---|
| 2695 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'msvcp_win.dll'.
|
|---|
| 2696 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
|
|---|
| 2697 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
|
|---|
| 2698 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2699 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
|
|---|
| 2700 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll)
|
|---|
| 2701 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll
|
|---|
| 2702 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff131f0000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
|
|---|
| 2703 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
|
|---|
| 2704 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff12e70000 LB 0x0025a000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
|
|---|
| 2705 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
|
|---|
| 2706 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2707 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2708 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2709 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2710 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 2711 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2712 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
|
|---|
| 2713 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 2714 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2715 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 2716 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2717 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2718 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
|
|---|
| 2719 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2720 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
|
|---|
| 2721 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2722 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2723 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll'
|
|---|
| 2724 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2725 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
|
|---|
| 2726 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2727 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2728 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
|
|---|
| 2729 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 2730 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2731 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16cf0000 'C:\WINDOWS\system32\Shcore.dll'
|
|---|
| 2732 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2733 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
|
|---|
| 2734 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'coreuicomponents.dll'.
|
|---|
| 2735 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coremessaging.dll'.
|
|---|
| 2736 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
|
|---|
| 2737 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
|
|---|
| 2738 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2739 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
|
|---|
| 2740 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'shcore.dll'.
|
|---|
| 2741 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
|
|---|
| 2742 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
|
|---|
| 2743 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2744 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
|
|---|
| 2745 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
|
|---|
| 2746 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
|
|---|
| 2747 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
|
|---|
| 2748 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
|
|---|
| 2749 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
|
|---|
| 2750 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
|
|---|
| 2751 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
|
|---|
| 2752 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
|
|---|
| 2753 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff13db0000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
|
|---|
| 2754 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
|
|---|
| 2755 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff0e840000 LB 0x000d4000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
|
|---|
| 2756 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
|
|---|
| 2757 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff0d1e0000 LB 0x00153000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
|
|---|
| 2758 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
|
|---|
| 2759 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff07c10000 LB 0x0032a000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
|
|---|
| 2760 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
|
|---|
| 2761 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff02120000 LB 0x0009e000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
|
|---|
| 2762 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
|
|---|
| 2763 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
|
|---|
| 2764 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2765 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
|
|---|
| 2766 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2767 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2768 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 2769 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2770 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 2771 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2772 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2773 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 2774 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2775 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 2776 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
|
|---|
| 2777 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2778 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
|
|---|
| 2779 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2780 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2781 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
|
|---|
| 2782 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2783 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
|
|---|
| 2784 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
|
|---|
| 2785 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2786 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
|
|---|
| 2787 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2788 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2789 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2790 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2791 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2792 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2793 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
|
|---|
| 2794 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2795 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2796 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
|
|---|
| 2797 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2798 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2799 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
|
|---|
| 2800 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2801 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2802 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
|
|---|
| 2803 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2804 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2805 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
|
|---|
| 2806 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2807 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2808 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16130000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
|
|---|
| 2809 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2810 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2811 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16130000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
|
|---|
| 2812 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2813 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2814 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16da0000 'api-ms-win-core-com-l1-1-0.dll'
|
|---|
| 2815 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2816 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\iertutil.dll)
|
|---|
| 2817 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\iertutil.dll
|
|---|
| 2818 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff01e40000 LB 0x002a6000 C:\WINDOWS\System32\iertutil.dll [fFlags=0x0]
|
|---|
| 2819 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
|
|---|
| 2820 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2821 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2822 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2823 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2824 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\iertutil.dll'
|
|---|
| 2825 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
|
|---|
| 2826 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2827 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16bb0000 'C:\WINDOWS\System32\MSCTF.dll'
|
|---|
| 2828 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 2829 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2830 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17540000 'C:\WINDOWS\System32\ole32.dll'
|
|---|
| 2831 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 2832 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2833 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17190000 'C:\WINDOWS\System32\OLEAUT32.dll'
|
|---|
| 2834 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aa8 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
|
|---|
| 2835 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
|
|---|
| 2836 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
|
|---|
| 2837 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB1AA7E2E4704C908EC9382E1F9E64808B9E5E1D
|
|---|
| 2838 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2839 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2840 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
|
|---|
| 2841 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2842 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2843 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 2844 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
|
|---|
| 2845 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
|
|---|
| 2846 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
|
|---|
| 2847 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
|
|---|
| 2848 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2849 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009f0 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
|
|---|
| 2850 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
|
|---|
| 2851 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
|
|---|
| 2852 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=22EAF38FA276D7A374D3945ACD556FA0953D3440
|
|---|
| 2853 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2854 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2855 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
|
|---|
| 2856 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2857 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2858 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
|
|---|
| 2859 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
|
|---|
| 2860 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
|
|---|
| 2861 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
|
|---|
| 2862 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 2863 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2864 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 2865 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2866 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2867 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 2868 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2869 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 2870 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 2871 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2872 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
|
|---|
| 2873 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2874 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2875 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2876 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
|
|---|
| 2877 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
|
|---|
| 2878 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff03370000 LB 0x00084000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
|
|---|
| 2879 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
|
|---|
| 2880 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff031b0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
|
|---|
| 2881 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
|
|---|
| 2882 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2883 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2884 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
|
|---|
| 2885 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff031b0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
|
|---|
| 2886 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000adc pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 2887 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
|
|---|
| 2888 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
|
|---|
| 2889 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=00C864D7F76A7AD25E7D0DA164B0B66188F5B7FF
|
|---|
| 2890 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2891 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2892 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
|
|---|
| 2893 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2894 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2895 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
|
|---|
| 2896 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
|
|---|
| 2897 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 2898 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2899 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2900 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2901 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2902 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2903 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 2904 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff02b80000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
|
|---|
| 2905 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 2906 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff02b80000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
|
|---|
| 2907 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
|
|---|
| 2908 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2909 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-localization-l1-2-0.dll'
|
|---|
| 2910 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2911 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2912 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
|
|---|
| 2913 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae0 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
|
|---|
| 2914 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
|
|---|
| 2915 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
|
|---|
| 2916 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0708A64F48237CD4D5092546CE9C373F20B30CA1
|
|---|
| 2917 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2918 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2919 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
|
|---|
| 2920 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2921 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2922 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
|
|---|
| 2923 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
|
|---|
| 2924 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
|
|---|
| 2925 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
|
|---|
| 2926 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2927 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
|
|---|
| 2928 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2929 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2930 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2931 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
|
|---|
| 2932 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff02ba0000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
|
|---|
| 2933 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
|
|---|
| 2934 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff02ba0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
|
|---|
| 2935 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b64 pwszName=\Device\HarddiskVolume3\Windows\System32\amsi.dll
|
|---|
| 2936 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
|
|---|
| 2937 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
|
|---|
| 2938 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5D4D58A583ACAD5AA76D7DD0F2DB8ADE903942B
|
|---|
| 2939 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2940 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2941 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\amsi.dll'
|
|---|
| 2942 | 3660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2943 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2944 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
|
|---|
| 2945 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'userenv.dll'.
|
|---|
| 2946 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amsi.dll) WinVerifyTrust
|
|---|
| 2947 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amsi.dll
|
|---|
| 2948 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
|
|---|
| 2949 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2950 | 3660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
|
|---|
| 2951 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2952 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2953 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2954 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2955 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2956 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
|
|---|
| 2957 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff028d0000 LB 0x00015000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
|
|---|
| 2958 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
|
|---|
| 2959 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff028d0000 'C:\WINDOWS\System32\amsi.dll'
|
|---|
| 2960 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2961 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2962 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
|
|---|
| 2963 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
|
|---|
| 2964 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
|
|---|
| 2965 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MpOAV.dll) WinVerifyTrust
|
|---|
| 2966 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MpOAV.dll
|
|---|
| 2967 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2968 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2969 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2970 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2971 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2972 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2973 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2974 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MpOAV.dll
|
|---|
| 2975 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff027f0000 LB 0x00078000 C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpOav.dll [fFlags=0x0]
|
|---|
| 2976 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MpOAV.dll
|
|---|
| 2977 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 2978 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2979 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 2980 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 2981 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2982 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 2983 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 2984 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2985 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 2986 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 2987 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2988 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 2989 | 3660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
|
|---|
| 2990 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2991 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-localization-l1-2-1'
|
|---|
| 2992 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
|
|---|
| 2993 | 3660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2994 | 3660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll)
|
|---|
| 2995 | 3660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll
|
|---|
| 2996 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2997 | 3660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2998 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2999 | 3660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
|
|---|
| 3000 | 3660.3664: supR3HardenedDllNotificationCallback: load 00007fff140e0000 LB 0x0000a000 C:\WINDOWS\system32\version.dll [fFlags=0x0]
|
|---|
| 3001 | 3660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
|
|---|
| 3002 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff140e0000 'C:\WINDOWS\system32\version.dll'
|
|---|
| 3003 | 3660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
|
|---|
| 3004 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\version.dll' [rescheduled]
|
|---|
| 3005 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff027f0000 'C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpOav.dll'
|
|---|
| 3006 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3007 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3008 | 3660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\version.dll'
|
|---|
| 3009 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff172e0000 'C:\WINDOWS\System32\ADVAPI32.dll'
|
|---|
| 3010 | 3660.3860: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3011 | 3660.3860: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3012 | 3660.3860: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 3013 | 3660.3860: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
|
|---|
| 3014 | 3660.3860: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3015 | 3660.3860: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3016 | 3660.3860: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3017 | 3660.3860: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3018 | 3660.3860: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3019 | 3660.3860: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3020 | 3660.3860: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3021 | 3660.3860: supR3HardenedDllNotificationCallback: load 00007ffec8770000 LB 0x0037d000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
|
|---|
| 3022 | 3660.3860: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3023 | 3660.3860: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8770000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
|
|---|
| 3024 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3025 | 3660.3a04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3026 | 3660.3a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3027 | 3660.3a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 3028 | 3660.3a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
|
|---|
| 3029 | 3660.3a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
|
|---|
| 3030 | 3660.3a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
|
|---|
| 3031 | 3660.3a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
|
|---|
| 3032 | 3660.3a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
|
|---|
| 3033 | 3660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3034 | 3660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3035 | 3660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3036 | 3660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3037 | 3660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 3038 | 3660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3039 | 3660.3a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3040 | 3660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 3041 | 3660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3042 | 3660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3043 | 3660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3044 | 3660.3a04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3045 | 3660.3a04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
|
|---|
| 3046 | 3660.3a04: supR3HardenedDllNotificationCallback: load 00007ffee7230000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
|
|---|
| 3047 | 3660.3a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
|
|---|
| 3048 | 3660.3a04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee7230000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
|
|---|
| 3049 | 3660.39f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3050 | 3660.39f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3051 | 3660.39f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 3052 | 3660.39f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 3053 | 3660.39f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
|
|---|
| 3054 | 3660.39f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
|
|---|
| 3055 | 3660.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3056 | 3660.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3057 | 3660.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 3058 | 3660.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3059 | 3660.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3060 | 3660.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3061 | 3660.39f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3062 | 3660.39f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
|
|---|
| 3063 | 3660.39f8: supR3HardenedDllNotificationCallback: load 00007ffee71e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
|
|---|
| 3064 | 3660.39f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
|
|---|
| 3065 | 3660.39f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee71e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
|
|---|
| 3066 | 3660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 3067 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3068 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\Shell32.dll'
|
|---|
| 3069 | 3660.3828: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bdc pwszName=\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
|
|---|
| 3070 | 3660.3828: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
|
|---|
| 3071 | 3660.3828: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
|
|---|
| 3072 | 3660.3828: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F44CBC4BAFE3CCCC07F920C1E6C13E8202CB0B4C
|
|---|
| 3073 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3074 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3075 | 3660.3828: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll'
|
|---|
| 3076 | 3660.3828: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3077 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
|
|---|
| 3078 | 3660.3828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
|
|---|
| 3079 | 3660.3828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
|
|---|
| 3080 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
|
|---|
| 3081 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume3\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3082 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3083 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3084 | 3660.3828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vid.dll) WinVerifyTrust
|
|---|
| 3085 | 3660.3828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vid.dll
|
|---|
| 3086 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3087 | 3660.3828: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
|
|---|
| 3088 | 3660.3828: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
|
|---|
| 3089 | 3660.3828: supR3HardenedDllNotificationCallback: load 00007ffef6c10000 LB 0x00019000 C:\WINDOWS\SYSTEM32\vid.dll [fFlags=0x0]
|
|---|
| 3090 | 3660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
|
|---|
| 3091 | 3660.3828: supR3HardenedDllNotificationCallback: load 00007ffec8e70000 LB 0x00024000 C:\WINDOWS\system32\WinHvPlatform.dll [fFlags=0x0]
|
|---|
| 3092 | 3660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
|
|---|
| 3093 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8e70000 'C:\WINDOWS\system32\WinHvPlatform.dll'
|
|---|
| 3094 | 3660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
|
|---|
| 3095 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3096 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef6c10000 'C:\WINDOWS\system32\vid.dll'
|
|---|
| 3097 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3098 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3099 | 3660.3828: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
|
|---|
| 3100 | 3660.3828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) WinVerifyTrust
|
|---|
| 3101 | 3660.3828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 3102 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3103 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff18080000 'C:\WINDOWS\system32\NTDLL.DLL'
|
|---|
| 3104 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3105 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3106 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3107 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
|
|---|
| 3108 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 3109 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
|
|---|
| 3110 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
|
|---|
| 3111 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 3112 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
|
|---|
| 3113 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
|
|---|
| 3114 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
|
|---|
| 3115 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
|
|---|
| 3116 | 3660.3828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
|
|---|
| 3117 | 3660.3828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
|
|---|
| 3118 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
|
|---|
| 3119 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3120 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3121 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3122 | 3660.3828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
|
|---|
| 3123 | 3660.3828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
|
|---|
| 3124 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 3125 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3126 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 3127 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3128 | 3660.3828: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 3129 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 3130 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3131 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3132 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3133 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3134 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
|
|---|
| 3135 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cfgmgr32.dll'.
|
|---|
| 3136 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
|
|---|
| 3137 | 3660.3828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
|
|---|
| 3138 | 3660.3828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
|
|---|
| 3139 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3140 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3141 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
|
|---|
| 3142 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3143 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 3144 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3145 | 3660.3828: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
|
|---|
| 3146 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
|
|---|
| 3147 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3148 | 3660.3828: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
|
|---|
| 3149 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3150 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3151 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3152 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3153 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3154 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3155 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 3156 | 3660.3828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
|
|---|
| 3157 | 3660.3828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
|
|---|
| 3158 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
|
|---|
| 3159 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3160 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3161 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3162 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3163 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3164 | 3660.3828: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 3165 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3166 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3167 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 3168 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 3169 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
|
|---|
| 3170 | 3660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
|
|---|
| 3171 | 3660.3828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
|
|---|
| 3172 | 3660.3828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
|
|---|
| 3173 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3174 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3175 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 3176 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3177 | 3660.3828: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3178 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3179 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3180 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3181 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3182 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 3183 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3184 | 3660.3828: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
|
|---|
| 3185 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3186 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3187 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3188 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3189 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3190 | 3660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3191 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3192 | 3660.3828: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
|
|---|
| 3193 | 3660.3828: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
|
|---|
| 3194 | 3660.3828: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
|
|---|
| 3195 | 3660.3828: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
|
|---|
| 3196 | 3660.3828: supR3HardenedDllNotificationCallback: load 00007fff16740000 LB 0x00470000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
|
|---|
| 3197 | 3660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
|
|---|
| 3198 | 3660.3828: supR3HardenedDllNotificationCallback: load 00007ffecb2a0000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
|
|---|
| 3199 | 3660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
|
|---|
| 3200 | 3660.3828: supR3HardenedDllNotificationCallback: load 00007ffec7520000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
|
|---|
| 3201 | 3660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
|
|---|
| 3202 | 3660.3828: supR3HardenedDllNotificationCallback: load 00007fff14490000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
|
|---|
| 3203 | 3660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
|
|---|
| 3204 | 3660.3828: supR3HardenedDllNotificationCallback: load 00007ffec7d80000 LB 0x009e6000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
|
|---|
| 3205 | 3660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
|
|---|
| 3206 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec7d80000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
|
|---|
| 3207 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3208 | 3660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 3209 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3210 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb400000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
|
|---|
| 3211 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3212 | 3660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
|
|---|
| 3213 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3214 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec7520000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
|
|---|
| 3215 | 3660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3216 | 3660.32ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3217 | 3660.32ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3218 | 3660.32ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
|
|---|
| 3219 | 3660.32ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 3220 | 3660.32ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
|
|---|
| 3221 | 3660.32ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
|
|---|
| 3222 | 3660.32ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3223 | 3660.32ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3224 | 3660.32ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 3225 | 3660.32ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3226 | 3660.32ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3227 | 3660.32ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3228 | 3660.32ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3229 | 3660.32ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3230 | 3660.32ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
|
|---|
| 3231 | 3660.32ac: supR3HardenedDllNotificationCallback: load 00007ffee5830000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
|
|---|
| 3232 | 3660.32ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
|
|---|
| 3233 | 3660.32ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee5830000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
|
|---|
| 3234 | 3660.3330: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3235 | 3660.3330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3236 | 3660.3330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 3237 | 3660.3330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
|
|---|
| 3238 | 3660.3330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
|
|---|
| 3239 | 3660.3330: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
|
|---|
| 3240 | 3660.3330: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
|
|---|
| 3241 | 3660.3330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3242 | 3660.3330: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3243 | 3660.3330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 3244 | 3660.3330: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3245 | 3660.3330: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 3246 | 3660.3330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 3247 | 3660.3330: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3248 | 3660.3330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3249 | 3660.3330: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3250 | 3660.3330: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3251 | 3660.3330: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
|
|---|
| 3252 | 3660.3330: supR3HardenedDllNotificationCallback: load 00007ffee71d0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
|
|---|
| 3253 | 3660.3330: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
|
|---|
| 3254 | 3660.3330: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee71d0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
|
|---|
| 3255 | 3660.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3256 | 3660.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3257 | 3660.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 3258 | 3660.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 3259 | 3660.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
|
|---|
| 3260 | 3660.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
|
|---|
| 3261 | 3660.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3262 | 3660.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3263 | 3660.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 3264 | 3660.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3265 | 3660.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3266 | 3660.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3267 | 3660.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3268 | 3660.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
|
|---|
| 3269 | 3660.48c: supR3HardenedDllNotificationCallback: load 00007ffee56e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
|
|---|
| 3270 | 3660.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
|
|---|
| 3271 | 3660.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee56e0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
|
|---|
| 3272 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 3273 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 3274 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 3275 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 3276 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 3277 | 3660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 3278 | 3660.48c: supR3HardenedDllNotificationCallback: Unload 00007ffee56e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
|
|---|
| 3279 | 3660.3330: supR3HardenedDllNotificationCallback: Unload 00007ffee71d0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
|
|---|
| 3280 | 3660.32ac: supR3HardenedDllNotificationCallback: Unload 00007ffee5830000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
|
|---|
| 3281 | 3660.39f8: supR3HardenedDllNotificationCallback: Unload 00007ffee71e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
|
|---|
| 3282 | 3660.3a04: supR3HardenedDllNotificationCallback: Unload 00007ffee7230000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
|
|---|
| 3283 | 3660.3828: supR3HardenedDllNotificationCallback: Unload 00007ffec7d80000 LB 0x009e6000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
|
|---|
| 3284 | 3660.3828: supR3HardenedDllNotificationCallback: Unload 00007ffecb2a0000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
|
|---|
| 3285 | 3660.3828: supR3HardenedDllNotificationCallback: Unload 00007ffec7520000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
|
|---|
| 3286 | 3660.3828: supR3HardenedDllNotificationCallback: Unload 00007fff16740000 LB 0x00470000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
|
|---|
| 3287 | 3660.3828: supR3HardenedDllNotificationCallback: Unload 00007fff14490000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [flags=0x0]
|
|---|
| 3288 | 3660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff02b80000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
|
|---|
| 3289 | 3660.3664: supR3HardenedDllNotificationCallback: Unload 00007ffee1e60000 LB 0x0003a000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
|
|---|
| 3290 | 3660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff0e160000 LB 0x0025b000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
|
|---|
| 3291 | 3660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff13ae0000 LB 0x000eb000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
|
|---|
| 3292 | 3660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff0ea90000 LB 0x001db000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
|
|---|
| 3293 | 3660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff12e70000 LB 0x0025a000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
|
|---|
| 3294 | 3660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff131f0000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [flags=0x0]
|
|---|
| 3295 | 3660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff02ba0000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
|
|---|
| 3296 | 3660.3664: supR3HardenedDllNotificationCallback: Unload 00007ffecb7b0000 LB 0x000ed000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
|
|---|
| 3297 | 3660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff031b0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
|
|---|
| 3298 | 3660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff03370000 LB 0x00084000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
|
|---|
| 3299 | 3660.3664: supR3HardenedDllNotificationCallback: Unload 00007ffecb400000 LB 0x003b0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
|
|---|
| 3300 | 3660.3664: Terminating the normal way: rcExit=0
|
|---|
| 3301 | 3b98.3b9c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 352031 ms, the end);
|
|---|
| 3302 | 3a60.3a64: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 352781 ms, the end);
|
|---|