| 1 | 32c0.2260: Log file opened: 6.1.26r145957 g_hStartupLog=000000000000032c g_uNtVerCombined=0xa047bb00
|
|---|
| 2 | 32c0.2260: \SystemRoot\System32\ntdll.dll:
|
|---|
| 3 | 32c0.2260: CreationTime: 2021-05-18T03:33:49.382474100Z
|
|---|
| 4 | 32c0.2260: LastWriteTime: 2021-05-18T03:33:49.420509300Z
|
|---|
| 5 | 32c0.2260: ChangeTime: 2021-05-18T11:10:36.444488900Z
|
|---|
| 6 | 32c0.2260: FileAttributes: 0x20
|
|---|
| 7 | 32c0.2260: Size: 0x1e8068
|
|---|
| 8 | 32c0.2260: NT Headers: 0xd8
|
|---|
| 9 | 32c0.2260: Timestamp: 0xd6055cfe
|
|---|
| 10 | 32c0.2260: Machine: 0x8664 - amd64
|
|---|
| 11 | 32c0.2260: Timestamp: 0xd6055cfe
|
|---|
| 12 | 32c0.2260: Image Version: 10.0
|
|---|
| 13 | 32c0.2260: SizeOfImage: 0x1f0000 (2031616)
|
|---|
| 14 | 32c0.2260: Resource Dir: 0x17f000 LB 0x6f310
|
|---|
| 15 | 32c0.2260: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 16 | 32c0.2260: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 17 | 32c0.2260: ProductName: Microsoft® Windows® Operating System
|
|---|
| 18 | 32c0.2260: ProductVersion: 10.0.18362.1533
|
|---|
| 19 | 32c0.2260: FileVersion: 10.0.18362.1533 (WinBuild.160101.0800)
|
|---|
| 20 | 32c0.2260: FileDescription: NT Layer DLL
|
|---|
| 21 | 32c0.2260: \SystemRoot\System32\kernel32.dll:
|
|---|
| 22 | 32c0.2260: CreationTime: 2021-04-14T05:23:20.244557900Z
|
|---|
| 23 | 32c0.2260: LastWriteTime: 2021-04-14T05:23:20.262528100Z
|
|---|
| 24 | 32c0.2260: ChangeTime: 2021-05-18T03:34:44.587413300Z
|
|---|
| 25 | 32c0.2260: FileAttributes: 0x20
|
|---|
| 26 | 32c0.2260: Size: 0xb04a8
|
|---|
| 27 | 32c0.2260: NT Headers: 0xf8
|
|---|
| 28 | 32c0.2260: Timestamp: 0x95d197ef
|
|---|
| 29 | 32c0.2260: Machine: 0x8664 - amd64
|
|---|
| 30 | 32c0.2260: Timestamp: 0x95d197ef
|
|---|
| 31 | 32c0.2260: Image Version: 10.0
|
|---|
| 32 | 32c0.2260: SizeOfImage: 0xb2000 (729088)
|
|---|
| 33 | 32c0.2260: Resource Dir: 0xb0000 LB 0x520
|
|---|
| 34 | 32c0.2260: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 35 | 32c0.2260: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 36 | 32c0.2260: ProductName: Microsoft® Windows® Operating System
|
|---|
| 37 | 32c0.2260: ProductVersion: 10.0.18362.1500
|
|---|
| 38 | 32c0.2260: FileVersion: 10.0.18362.1500 (WinBuild.160101.0800)
|
|---|
| 39 | 32c0.2260: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 40 | 32c0.2260: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 41 | 32c0.2260: CreationTime: 2021-04-14T05:23:35.396646700Z
|
|---|
| 42 | 32c0.2260: LastWriteTime: 2021-04-14T05:23:35.466459500Z
|
|---|
| 43 | 32c0.2260: ChangeTime: 2021-05-18T03:34:44.914821000Z
|
|---|
| 44 | 32c0.2260: FileAttributes: 0x20
|
|---|
| 45 | 32c0.2260: Size: 0x2a5888
|
|---|
| 46 | 32c0.2260: NT Headers: 0x100
|
|---|
| 47 | 32c0.2260: Timestamp: 0x5ae7af90
|
|---|
| 48 | 32c0.2260: Machine: 0x8664 - amd64
|
|---|
| 49 | 32c0.2260: Timestamp: 0x5ae7af90
|
|---|
| 50 | 32c0.2260: Image Version: 10.0
|
|---|
| 51 | 32c0.2260: SizeOfImage: 0x2a5000 (2772992)
|
|---|
| 52 | 32c0.2260: Resource Dir: 0x27f000 LB 0x548
|
|---|
| 53 | 32c0.2260: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 54 | 32c0.2260: [Raw version resource data: 0x27f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 55 | 32c0.2260: ProductName: Microsoft® Windows® Operating System
|
|---|
| 56 | 32c0.2260: ProductVersion: 10.0.18362.1474
|
|---|
| 57 | 32c0.2260: FileVersion: 10.0.18362.1474 (WinBuild.160101.0800)
|
|---|
| 58 | 32c0.2260: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 59 | 32c0.2260: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 60 | 32c0.2260: CreationTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 61 | 32c0.2260: LastWriteTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 62 | 32c0.2260: ChangeTime: 2021-05-18T03:34:44.560409000Z
|
|---|
| 63 | 32c0.2260: FileAttributes: 0x20
|
|---|
| 64 | 32c0.2260: Size: 0x1d028
|
|---|
| 65 | 32c0.2260: NT Headers: 0xc8
|
|---|
| 66 | 32c0.2260: Timestamp: 0xd6ced080
|
|---|
| 67 | 32c0.2260: Machine: 0x8664 - amd64
|
|---|
| 68 | 32c0.2260: Timestamp: 0xd6ced080
|
|---|
| 69 | 32c0.2260: Image Version: 10.0
|
|---|
| 70 | 32c0.2260: SizeOfImage: 0x1e000 (122880)
|
|---|
| 71 | 32c0.2260: Resource Dir: 0x1d000 LB 0x408
|
|---|
| 72 | 32c0.2260: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 73 | 32c0.2260: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 74 | 32c0.2260: ProductName: Microsoft® Windows® Operating System
|
|---|
| 75 | 32c0.2260: ProductVersion: 10.0.18362.1
|
|---|
| 76 | 32c0.2260: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
|
|---|
| 77 | 32c0.2260: FileDescription: ApiSet Schema DLL
|
|---|
| 78 | 32c0.2260: NtOpenDirectoryObject failed on \Driver: 0xc0000022
|
|---|
| 79 | 32c0.2260: supR3HardenedWinFindAdversaries: 0x0
|
|---|
| 80 | 32c0.2260: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox'
|
|---|
| 81 | 32c0.2260: Calling main()
|
|---|
| 82 | 32c0.2260: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
|
|---|
| 83 | 32c0.2260: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox'
|
|---|
| 84 | 32c0.2260: SUPR3HardenedMain: Respawn #1
|
|---|
| 85 | 32c0.2260: System32: \Device\HarddiskVolume7\Windows\System32
|
|---|
| 86 | 32c0.2260: WinSxS: \Device\HarddiskVolume7\Windows\WinSxS
|
|---|
| 87 | 32c0.2260: KnownDllPath: C:\Windows\System32
|
|---|
| 88 | 32c0.2260: supR3HardenedWinInit: Performing a limited self purification...
|
|---|
| 89 | 32c0.2260: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
|
|---|
| 90 | 32c0.2260: *0000000000000000-000000000097ffff 0x0001/0x0000 0x0000000
|
|---|
| 91 | 32c0.2260: *0000000000980000-000000000098ffff 0x0004/0x0004 0x0040000
|
|---|
| 92 | 32c0.2260: *0000000000990000-0000000000990fff 0x0002/0x0002 0x0040000
|
|---|
| 93 | 32c0.2260: 0000000000991000-000000000099ffff 0x0001/0x0000 0x0000000
|
|---|
| 94 | 32c0.2260: *00000000009a0000-00000000009bafff 0x0002/0x0002 0x0040000
|
|---|
| 95 | 32c0.2260: 00000000009bb000-00000000009bffff 0x0001/0x0000 0x0000000
|
|---|
| 96 | 32c0.2260: *00000000009c0000-00000000009c3fff 0x0002/0x0002 0x0040000
|
|---|
| 97 | 32c0.2260: 00000000009c4000-00000000009cffff 0x0001/0x0000 0x0000000
|
|---|
| 98 | 32c0.2260: *00000000009d0000-00000000009d1fff 0x0004/0x0004 0x0020000
|
|---|
| 99 | 32c0.2260: 00000000009d2000-00000000009dffff 0x0001/0x0000 0x0000000
|
|---|
| 100 | 32c0.2260: *00000000009e0000-00000000009e0fff 0x0040/0x0040 0x0020000 !!
|
|---|
| 101 | 32c0.2260: 00000000009e1000-00000000009effff 0x0001/0x0000 0x0000000
|
|---|
| 102 | 32c0.2260: *00000000009f0000-00000000009f1fff 0x0002/0x0002 0x0040000
|
|---|
| 103 | 32c0.2260: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000
|
|---|
| 104 | 32c0.2260: *0000000000a00000-0000000000b49fff 0x0000/0x0004 0x0020000
|
|---|
| 105 | 32c0.2260: 0000000000b4a000-0000000000b52fff 0x0004/0x0004 0x0020000
|
|---|
| 106 | 32c0.2260: 0000000000b53000-0000000000b54fff 0x0000/0x0004 0x0020000
|
|---|
| 107 | 32c0.2260: 0000000000b55000-0000000000b5afff 0x0004/0x0004 0x0020000
|
|---|
| 108 | 32c0.2260: 0000000000b5b000-0000000000bfffff 0x0000/0x0004 0x0020000
|
|---|
| 109 | 32c0.2260: *0000000000c00000-0000000000cb8fff 0x0000/0x0004 0x0020000
|
|---|
| 110 | 32c0.2260: 0000000000cb9000-0000000000cbbfff 0x0104/0x0004 0x0020000
|
|---|
| 111 | 32c0.2260: 0000000000cbc000-0000000000cfffff 0x0004/0x0004 0x0020000
|
|---|
| 112 | 32c0.2260: *0000000000d00000-0000000000d03fff 0x0002/0x0002 0x0040000
|
|---|
| 113 | 32c0.2260: 0000000000d04000-0000000000d07fff 0x0000/0x0002 0x0040000
|
|---|
| 114 | 32c0.2260: 0000000000d08000-0000000000d0ffff 0x0001/0x0000 0x0000000
|
|---|
| 115 | 32c0.2260: *0000000000d10000-0000000000d11fff 0x0002/0x0002 0x0040000
|
|---|
| 116 | 32c0.2260: 0000000000d12000-0000000000d1ffff 0x0001/0x0000 0x0000000
|
|---|
| 117 | 32c0.2260: *0000000000d20000-0000000000d20fff 0x0004/0x0004 0x0040000
|
|---|
| 118 | 32c0.2260: 0000000000d21000-0000000000d2ffff 0x0001/0x0000 0x0000000
|
|---|
| 119 | 32c0.2260: *0000000000d30000-0000000000d45fff 0x0004/0x0004 0x0020000
|
|---|
| 120 | 32c0.2260: 0000000000d46000-0000000000d47fff 0x0040/0x0004 0x0020000 !!
|
|---|
| 121 | 32c0.2260: 0000000000d48000-0000000000d59fff 0x0004/0x0004 0x0020000
|
|---|
| 122 | 32c0.2260: 0000000000d5a000-0000000000d5bfff 0x0040/0x0004 0x0020000 !!
|
|---|
| 123 | 32c0.2260: 0000000000d5c000-0000000000d6cfff 0x0004/0x0004 0x0020000
|
|---|
| 124 | 32c0.2260: 0000000000d6d000-0000000000d6efff 0x0040/0x0004 0x0020000 !!
|
|---|
| 125 | 32c0.2260: 0000000000d6f000-0000000000d72fff 0x0004/0x0004 0x0020000
|
|---|
| 126 | 32c0.2260: 0000000000d73000-0000000000d74fff 0x0040/0x0004 0x0020000 !!
|
|---|
| 127 | 32c0.2260: 0000000000d75000-0000000000d77fff 0x0004/0x0004 0x0020000
|
|---|
| 128 | 32c0.2260: 0000000000d78000-0000000000d86fff 0x0000/0x0004 0x0020000
|
|---|
| 129 | 32c0.2260: 0000000000d87000-0000000000dc7fff 0x0004/0x0004 0x0020000
|
|---|
| 130 | 32c0.2260: 0000000000dc8000-0000000000dd4fff 0x0000/0x0004 0x0020000
|
|---|
| 131 | 32c0.2260: 0000000000dd5000-0000000000dd5fff 0x0004/0x0004 0x0020000
|
|---|
| 132 | 32c0.2260: 0000000000dd6000-0000000000e2ffff 0x0000/0x0004 0x0020000
|
|---|
| 133 | 32c0.2260: *0000000000e30000-0000000000ef6fff 0x0002/0x0002 0x0040000
|
|---|
| 134 | 32c0.2260: 0000000000ef7000-0000000000efffff 0x0001/0x0000 0x0000000
|
|---|
| 135 | 32c0.2260: *0000000000f00000-0000000000ffafff 0x0000/0x0004 0x0020000
|
|---|
| 136 | 32c0.2260: 0000000000ffb000-0000000000ffdfff 0x0104/0x0004 0x0020000
|
|---|
| 137 | 32c0.2260: 0000000000ffe000-0000000000ffffff 0x0004/0x0004 0x0020000
|
|---|
| 138 | 32c0.2260: *0000000001000000-00000000010f9fff 0x0000/0x0004 0x0020000
|
|---|
| 139 | 32c0.2260: 00000000010fa000-00000000010fcfff 0x0104/0x0004 0x0020000
|
|---|
| 140 | 32c0.2260: 00000000010fd000-00000000010fffff 0x0004/0x0004 0x0020000
|
|---|
| 141 | 32c0.2260: *0000000001100000-0000000001101fff 0x0004/0x0004 0x0020000
|
|---|
| 142 | 32c0.2260: 0000000001102000-0000000001131fff 0x0000/0x0004 0x0020000
|
|---|
| 143 | 32c0.2260: 0000000001132000-000000000113ffff 0x0001/0x0000 0x0000000
|
|---|
| 144 | 32c0.2260: *0000000001140000-0000000001239fff 0x0000/0x0004 0x0020000
|
|---|
| 145 | 32c0.2260: 000000000123a000-000000000123cfff 0x0104/0x0004 0x0020000
|
|---|
| 146 | 32c0.2260: 000000000123d000-000000000123ffff 0x0004/0x0004 0x0020000
|
|---|
| 147 | 32c0.2260: *0000000001240000-0000000001254fff 0x0002/0x0002 0x0040000
|
|---|
| 148 | 32c0.2260: 0000000001255000-000000000143ffff 0x0000/0x0002 0x0040000
|
|---|
| 149 | 32c0.2260: *0000000001440000-00000000015c0fff 0x0002/0x0002 0x0040000
|
|---|
| 150 | 32c0.2260: 00000000015c1000-00000000015cffff 0x0001/0x0000 0x0000000
|
|---|
| 151 | 32c0.2260: *00000000015d0000-0000000001698fff 0x0002/0x0002 0x0040000
|
|---|
| 152 | 32c0.2260: 0000000001699000-00000000029d0fff 0x0000/0x0002 0x0040000
|
|---|
| 153 | 32c0.2260: 00000000029d1000-00000000029dffff 0x0001/0x0000 0x0000000
|
|---|
| 154 | 32c0.2260: *00000000029e0000-00000000029e0fff 0x0004/0x0004 0x0020000
|
|---|
| 155 | 32c0.2260: 00000000029e1000-0000000002a11fff 0x0000/0x0004 0x0020000
|
|---|
| 156 | 32c0.2260: 0000000002a12000-0000000002a1ffff 0x0001/0x0000 0x0000000
|
|---|
| 157 | 32c0.2260: *0000000002a20000-0000000002a21fff 0x0004/0x0004 0x0020000
|
|---|
| 158 | 32c0.2260: 0000000002a22000-0000000002a51fff 0x0000/0x0004 0x0020000
|
|---|
| 159 | 32c0.2260: 0000000002a52000-0000000002a5ffff 0x0001/0x0000 0x0000000
|
|---|
| 160 | 32c0.2260: *0000000002a60000-0000000002a66fff 0x0004/0x0004 0x0020000
|
|---|
| 161 | 32c0.2260: 0000000002a67000-0000000002a6ffff 0x0000/0x0004 0x0020000
|
|---|
| 162 | 32c0.2260: *0000000002a70000-0000000002b6efff 0x0004/0x0004 0x0020000
|
|---|
| 163 | 32c0.2260: 0000000002b6f000-0000000002b6ffff 0x0000/0x0004 0x0020000
|
|---|
| 164 | 32c0.2260: 0000000002b70000-0000000002b7ffff 0x0001/0x0000 0x0000000
|
|---|
| 165 | 32c0.2260: *0000000002b80000-0000000002b8efff 0x0004/0x0004 0x0020000
|
|---|
| 166 | 32c0.2260: 0000000002b8f000-0000000002b8ffff 0x0000/0x0004 0x0020000
|
|---|
| 167 | 32c0.2260: *0000000002b90000-0000000002ec6fff 0x0002/0x0002 0x0040000
|
|---|
| 168 | 32c0.2260: 0000000002ec7000-0000000002ecffff 0x0001/0x0000 0x0000000
|
|---|
| 169 | 32c0.2260: *0000000002ed0000-0000000002f18fff 0x0004/0x0004 0x0020000
|
|---|
| 170 | 32c0.2260: 0000000002f19000-0000000002f19fff 0x0001/0x0004 0x0020000
|
|---|
| 171 | 32c0.2260: 0000000002f1a000-0000000002fc6fff 0x0004/0x0004 0x0020000
|
|---|
| 172 | 32c0.2260: 0000000002fc7000-00000000030cffff 0x0000/0x0004 0x0020000
|
|---|
| 173 | 32c0.2260: *00000000030d0000-00000000031d0fff 0x0002/0x0002 0x0040000
|
|---|
| 174 | 32c0.2260: 00000000031d1000-00000000031dffff 0x0001/0x0000 0x0000000
|
|---|
| 175 | 32c0.2260: *00000000031e0000-00000000032dbfff 0x0000/0x0004 0x0020000
|
|---|
| 176 | 32c0.2260: 00000000032dc000-00000000032defff 0x0104/0x0004 0x0020000
|
|---|
| 177 | 32c0.2260: 00000000032df000-00000000032dffff 0x0004/0x0004 0x0020000
|
|---|
| 178 | 32c0.2260: *00000000032e0000-00000000033effff 0x0004/0x0004 0x0040000
|
|---|
| 179 | 32c0.2260: *00000000033f0000-0000000003bfffff 0x0004/0x0004 0x0040000
|
|---|
| 180 | 32c0.2260: *0000000003c00000-00000000045fffff 0x0002/0x0002 0x0040000
|
|---|
| 181 | 32c0.2260: *0000000004600000-00000000065fffff 0x0002/0x0002 0x0040000
|
|---|
| 182 | 32c0.2260: *0000000006600000-00000000066fafff 0x0000/0x0004 0x0020000
|
|---|
| 183 | 32c0.2260: 00000000066fb000-00000000066fdfff 0x0104/0x0004 0x0020000
|
|---|
| 184 | 32c0.2260: 00000000066fe000-00000000066fffff 0x0004/0x0004 0x0020000
|
|---|
| 185 | 32c0.2260: *0000000006700000-00000000067fbfff 0x0000/0x0004 0x0020000
|
|---|
| 186 | 32c0.2260: 00000000067fc000-00000000067fefff 0x0104/0x0004 0x0020000
|
|---|
| 187 | 32c0.2260: 00000000067ff000-00000000067fffff 0x0004/0x0004 0x0020000
|
|---|
| 188 | 32c0.2260: *0000000006800000-0000000006801fff 0x0004/0x0004 0x0020000
|
|---|
| 189 | 32c0.2260: 0000000006802000-0000000006831fff 0x0000/0x0004 0x0020000
|
|---|
| 190 | 32c0.2260: 0000000006832000-000000000683ffff 0x0001/0x0000 0x0000000
|
|---|
| 191 | 32c0.2260: *0000000006840000-0000000006864fff 0x0004/0x0004 0x0020000
|
|---|
| 192 | 32c0.2260: 0000000006865000-000000000693ffff 0x0000/0x0004 0x0020000
|
|---|
| 193 | 32c0.2260: *0000000006940000-000000000694efff 0x0004/0x0004 0x0020000
|
|---|
| 194 | 32c0.2260: 000000000694f000-000000000694ffff 0x0000/0x0004 0x0020000
|
|---|
| 195 | 32c0.2260: *0000000006950000-0000000006957fff 0x0000/0x0004 0x0020000
|
|---|
| 196 | 32c0.2260: 0000000006958000-0000000006b48fff 0x0004/0x0004 0x0020000
|
|---|
| 197 | 32c0.2260: 0000000006b49000-0000000006b49fff 0x0000/0x0004 0x0020000
|
|---|
| 198 | 32c0.2260: 0000000006b4a000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 199 | 32c0.2260: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 200 | 32c0.2260: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
|
|---|
| 201 | 32c0.2260: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
|
|---|
| 202 | 32c0.2260: 000000007ffea000-000000017fffffff 0x0001/0x0000 0x0000000
|
|---|
| 203 | 32c0.2260: *0000000180000000-0000000180000fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 204 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000180000000 LB 0x1000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 205 | 32c0.2260: 0000000180001000-00000001805f9fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 206 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000180001000 LB 0x5f9000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 207 | 32c0.2260: 00000001805fa000-00000001807f4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 208 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00000001805fa000 LB 0x1fb000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 209 | 32c0.2260: 00000001807f5000-0000000180806fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 210 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00000001807f5000 LB 0x12000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 211 | 32c0.2260: 0000000180807000-0000000180807fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 212 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000180807000 LB 0x1000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 213 | 32c0.2260: 0000000180808000-000000018080bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 214 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000180808000 LB 0x4000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 215 | 32c0.2260: 000000018080c000-000000018080efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 216 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000000018080c000 LB 0x3000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 217 | 32c0.2260: 000000018080f000-0000000180817fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 218 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000000018080f000 LB 0x9000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 219 | 32c0.2260: 0000000180818000-0000000180818fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 220 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000180818000 LB 0x1000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 221 | 32c0.2260: 0000000180819000-000000018081dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 222 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000180819000 LB 0x5000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 223 | 32c0.2260: 000000018081e000-0000000180820fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 224 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000000018081e000 LB 0x3000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 225 | 32c0.2260: 0000000180821000-000000018082ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 226 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000180821000 LB 0xf000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 227 | 32c0.2260: 0000000180830000-0000000180832fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 228 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000180830000 LB 0x3000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 229 | 32c0.2260: 0000000180833000-0000000180833fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 230 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000180833000 LB 0x1000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 231 | 32c0.2260: 0000000180834000-000000018084efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 232 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000180834000 LB 0x1b000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 233 | 32c0.2260: 000000018084f000-0000000180918fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 234 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000000018084f000 LB 0xca000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 235 | 32c0.2260: 0000000180919000-0000000180935fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 236 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000180919000 LB 0x1d000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 237 | 32c0.2260: 0000000180936000-0000000180936fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 238 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000180936000 LB 0x1000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 239 | 32c0.2260: 0000000180937000-000000018093bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 240 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000180937000 LB 0x5000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 241 | 32c0.2260: 000000018093c000-00000001809a1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 242 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000000018093c000 LB 0x66000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 243 | 32c0.2260: 00000001809a2000-00000001809a2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 244 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00000001809a2000 LB 0x1000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 245 | 32c0.2260: 00000001809a3000-0000000180a1afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sdckern.dll
|
|---|
| 246 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00000001809a3000 LB 0x78000 (base 0000000180000000) - 'sdckern.dll'
|
|---|
| 247 | 32c0.2260: 0000000180a1b000-00007ff490c2ffff 0x0001/0x0000 0x0000000
|
|---|
| 248 | 32c0.2260: *00007ff490c30000-00007ff490c34fff 0x0002/0x0002 0x0040000
|
|---|
| 249 | 32c0.2260: 00007ff490c35000-00007ff490d2ffff 0x0000/0x0002 0x0040000
|
|---|
| 250 | 32c0.2260: *00007ff490d30000-00007ff590d4ffff 0x0000/0x0004 0x0020000
|
|---|
| 251 | 32c0.2260: *00007ff590d50000-00007ff592d4ffff 0x0000/0x0004 0x0020000
|
|---|
| 252 | 32c0.2260: 00007ff592d50000-00007ff592d50fff 0x0004/0x0004 0x0020000
|
|---|
| 253 | 32c0.2260: 00007ff592d51000-00007ff592d5ffff 0x0001/0x0000 0x0000000
|
|---|
| 254 | 32c0.2260: *00007ff592d60000-00007ff592d60fff 0x0002/0x0002 0x0040000
|
|---|
| 255 | 32c0.2260: 00007ff592d61000-00007ff592d6ffff 0x0001/0x0000 0x0000000
|
|---|
| 256 | 32c0.2260: *00007ff592d70000-00007ff592da2fff 0x0002/0x0002 0x0040000
|
|---|
| 257 | 32c0.2260: 00007ff592da3000-00007ff69a9affff 0x0001/0x0000 0x0000000
|
|---|
| 258 | 32c0.2260: *00007ff69a9b0000-00007ff69a9b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 259 | 32c0.2260: 00007ff69a9b1000-00007ff69aa27fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 260 | 32c0.2260: 00007ff69aa28000-00007ff69aa28fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 261 | 32c0.2260: 00007ff69aa29000-00007ff69aa71fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 262 | 32c0.2260: 00007ff69aa72000-00007ff69aa74fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 263 | 32c0.2260: 00007ff69aa75000-00007ff69aa77fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 264 | 32c0.2260: 00007ff69aa78000-00007ff69aa7afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 265 | 32c0.2260: 00007ff69aa7b000-00007ff69aa7bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 266 | 32c0.2260: 00007ff69aa7c000-00007ff69aa7dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 267 | 32c0.2260: 00007ff69aa7e000-00007ff69aa7efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 268 | 32c0.2260: 00007ff69aa7f000-00007ff69aac7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 269 | 32c0.2260: 00007ff69aac8000-00007ff9a603ffff 0x0001/0x0000 0x0000000
|
|---|
| 270 | 32c0.2260: *00007ff9a6040000-00007ff9a6040fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\netapi32.dll
|
|---|
| 271 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9a6040000 LB 0x1000 (base 00007ff9a6040000) - 'netapi32.dll'
|
|---|
| 272 | 32c0.2260: 00007ff9a6041000-00007ff9a604afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\netapi32.dll
|
|---|
| 273 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9a6041000 LB 0xa000 (base 00007ff9a6040000) - 'netapi32.dll'
|
|---|
| 274 | 32c0.2260: 00007ff9a604b000-00007ff9a6051fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\netapi32.dll
|
|---|
| 275 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9a604b000 LB 0x7000 (base 00007ff9a6040000) - 'netapi32.dll'
|
|---|
| 276 | 32c0.2260: 00007ff9a6052000-00007ff9a6052fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\netapi32.dll
|
|---|
| 277 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9a6052000 LB 0x1000 (base 00007ff9a6040000) - 'netapi32.dll'
|
|---|
| 278 | 32c0.2260: 00007ff9a6053000-00007ff9a6056fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\netapi32.dll
|
|---|
| 279 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9a6053000 LB 0x4000 (base 00007ff9a6040000) - 'netapi32.dll'
|
|---|
| 280 | 32c0.2260: 00007ff9a6057000-00007ff9a61fffff 0x0001/0x0000 0x0000000
|
|---|
| 281 | 32c0.2260: *00007ff9a6200000-00007ff9a6200fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.1556_none_cf692a153ef0bba3\GdiPlus.dll
|
|---|
| 282 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9a6200000 LB 0x1000 (base 00007ff9a6200000) - 'GdiPlus.dll'
|
|---|
| 283 | 32c0.2260: 00007ff9a6201000-00007ff9a6345fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.1556_none_cf692a153ef0bba3\GdiPlus.dll
|
|---|
| 284 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9a6201000 LB 0x145000 (base 00007ff9a6200000) - 'GdiPlus.dll'
|
|---|
| 285 | 32c0.2260: 00007ff9a6346000-00007ff9a637ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.1556_none_cf692a153ef0bba3\GdiPlus.dll
|
|---|
| 286 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9a6346000 LB 0x3a000 (base 00007ff9a6200000) - 'GdiPlus.dll'
|
|---|
| 287 | 32c0.2260: 00007ff9a6380000-00007ff9a6381fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.1556_none_cf692a153ef0bba3\GdiPlus.dll
|
|---|
| 288 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9a6380000 LB 0x2000 (base 00007ff9a6200000) - 'GdiPlus.dll'
|
|---|
| 289 | 32c0.2260: 00007ff9a6382000-00007ff9a63a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.1556_none_cf692a153ef0bba3\GdiPlus.dll
|
|---|
| 290 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9a6382000 LB 0x24000 (base 00007ff9a6200000) - 'GdiPlus.dll'
|
|---|
| 291 | 32c0.2260: 00007ff9a63a6000-00007ff9a63affff 0x0001/0x0000 0x0000000
|
|---|
| 292 | 32c0.2260: *00007ff9a63b0000-00007ff9a63b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msi.dll
|
|---|
| 293 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9a63b0000 LB 0x1000 (base 00007ff9a63b0000) - 'msi.dll'
|
|---|
| 294 | 32c0.2260: 00007ff9a63b1000-00007ff9a6741fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msi.dll
|
|---|
| 295 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9a63b1000 LB 0x391000 (base 00007ff9a63b0000) - 'msi.dll'
|
|---|
| 296 | 32c0.2260: 00007ff9a6742000-00007ff9a67e7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msi.dll
|
|---|
| 297 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9a6742000 LB 0xa6000 (base 00007ff9a63b0000) - 'msi.dll'
|
|---|
| 298 | 32c0.2260: 00007ff9a67e8000-00007ff9a67edfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msi.dll
|
|---|
| 299 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9a67e8000 LB 0x6000 (base 00007ff9a63b0000) - 'msi.dll'
|
|---|
| 300 | 32c0.2260: 00007ff9a67ee000-00007ff9a67eefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msi.dll
|
|---|
| 301 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9a67ee000 LB 0x1000 (base 00007ff9a63b0000) - 'msi.dll'
|
|---|
| 302 | 32c0.2260: 00007ff9a67ef000-00007ff9a6811fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msi.dll
|
|---|
| 303 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9a67ef000 LB 0x23000 (base 00007ff9a63b0000) - 'msi.dll'
|
|---|
| 304 | 32c0.2260: 00007ff9a6812000-00007ff9ac89ffff 0x0001/0x0000 0x0000000
|
|---|
| 305 | 32c0.2260: *00007ff9ac8a0000-00007ff9ac8a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\oleacc.dll
|
|---|
| 306 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ac8a0000 LB 0x1000 (base 00007ff9ac8a0000) - 'oleacc.dll'
|
|---|
| 307 | 32c0.2260: 00007ff9ac8a1000-00007ff9ac8ddfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\oleacc.dll
|
|---|
| 308 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ac8a1000 LB 0x3d000 (base 00007ff9ac8a0000) - 'oleacc.dll'
|
|---|
| 309 | 32c0.2260: 00007ff9ac8de000-00007ff9ac8f6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\oleacc.dll
|
|---|
| 310 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ac8de000 LB 0x19000 (base 00007ff9ac8a0000) - 'oleacc.dll'
|
|---|
| 311 | 32c0.2260: 00007ff9ac8f7000-00007ff9ac8f7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\oleacc.dll
|
|---|
| 312 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ac8f7000 LB 0x1000 (base 00007ff9ac8a0000) - 'oleacc.dll'
|
|---|
| 313 | 32c0.2260: 00007ff9ac8f8000-00007ff9ac904fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\oleacc.dll
|
|---|
| 314 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ac8f8000 LB 0xd000 (base 00007ff9ac8a0000) - 'oleacc.dll'
|
|---|
| 315 | 32c0.2260: 00007ff9ac905000-00007ff9ac90ffff 0x0001/0x0000 0x0000000
|
|---|
| 316 | 32c0.2260: *00007ff9ac910000-00007ff9ac910fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\winspool.drv
|
|---|
| 317 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ac910000 LB 0x1000 (base 00007ff9ac910000) - 'winspool.drv'
|
|---|
| 318 | 32c0.2260: 00007ff9ac911000-00007ff9ac95afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\winspool.drv
|
|---|
| 319 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ac911000 LB 0x4a000 (base 00007ff9ac910000) - 'winspool.drv'
|
|---|
| 320 | 32c0.2260: 00007ff9ac95b000-00007ff9ac979fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\winspool.drv
|
|---|
| 321 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ac95b000 LB 0x1f000 (base 00007ff9ac910000) - 'winspool.drv'
|
|---|
| 322 | 32c0.2260: 00007ff9ac97a000-00007ff9ac97bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\winspool.drv
|
|---|
| 323 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ac97a000 LB 0x2000 (base 00007ff9ac910000) - 'winspool.drv'
|
|---|
| 324 | 32c0.2260: 00007ff9ac97c000-00007ff9ac998fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\winspool.drv
|
|---|
| 325 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ac97c000 LB 0x1d000 (base 00007ff9ac910000) - 'winspool.drv'
|
|---|
| 326 | 32c0.2260: 00007ff9ac999000-00007ff9ac99ffff 0x0001/0x0000 0x0000000
|
|---|
| 327 | 32c0.2260: *00007ff9ac9a0000-00007ff9ac9a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msimg32.dll
|
|---|
| 328 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ac9a0000 LB 0x1000 (base 00007ff9ac9a0000) - 'msimg32.dll'
|
|---|
| 329 | 32c0.2260: 00007ff9ac9a1000-00007ff9ac9a1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msimg32.dll
|
|---|
| 330 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ac9a1000 LB 0x1000 (base 00007ff9ac9a0000) - 'msimg32.dll'
|
|---|
| 331 | 32c0.2260: 00007ff9ac9a2000-00007ff9ac9a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msimg32.dll
|
|---|
| 332 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ac9a2000 LB 0x1000 (base 00007ff9ac9a0000) - 'msimg32.dll'
|
|---|
| 333 | 32c0.2260: 00007ff9ac9a3000-00007ff9ac9a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msimg32.dll
|
|---|
| 334 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ac9a3000 LB 0x1000 (base 00007ff9ac9a0000) - 'msimg32.dll'
|
|---|
| 335 | 32c0.2260: 00007ff9ac9a4000-00007ff9ac9a6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msimg32.dll
|
|---|
| 336 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ac9a4000 LB 0x3000 (base 00007ff9ac9a0000) - 'msimg32.dll'
|
|---|
| 337 | 32c0.2260: 00007ff9ac9a7000-00007ff9ac9fffff 0x0001/0x0000 0x0000000
|
|---|
| 338 | 32c0.2260: *00007ff9aca00000-00007ff9aca00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\fltLib.dll
|
|---|
| 339 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9aca00000 LB 0x1000 (base 00007ff9aca00000) - 'fltLib.dll'
|
|---|
| 340 | 32c0.2260: 00007ff9aca01000-00007ff9aca03fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\fltLib.dll
|
|---|
| 341 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9aca01000 LB 0x3000 (base 00007ff9aca00000) - 'fltLib.dll'
|
|---|
| 342 | 32c0.2260: 00007ff9aca04000-00007ff9aca05fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\fltLib.dll
|
|---|
| 343 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9aca04000 LB 0x2000 (base 00007ff9aca00000) - 'fltLib.dll'
|
|---|
| 344 | 32c0.2260: 00007ff9aca06000-00007ff9aca06fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\fltLib.dll
|
|---|
| 345 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9aca06000 LB 0x1000 (base 00007ff9aca00000) - 'fltLib.dll'
|
|---|
| 346 | 32c0.2260: 00007ff9aca07000-00007ff9aca09fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\fltLib.dll
|
|---|
| 347 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9aca07000 LB 0x3000 (base 00007ff9aca00000) - 'fltLib.dll'
|
|---|
| 348 | 32c0.2260: 00007ff9aca0a000-00007ff9ae2fffff 0x0001/0x0000 0x0000000
|
|---|
| 349 | 32c0.2260: *00007ff9ae300000-00007ff9ae300fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wininet.dll
|
|---|
| 350 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ae300000 LB 0x1000 (base 00007ff9ae300000) - 'wininet.dll'
|
|---|
| 351 | 32c0.2260: 00007ff9ae301000-00007ff9ae4f0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wininet.dll
|
|---|
| 352 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ae301000 LB 0x1f0000 (base 00007ff9ae300000) - 'wininet.dll'
|
|---|
| 353 | 32c0.2260: 00007ff9ae4f1000-00007ff9ae795fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wininet.dll
|
|---|
| 354 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ae4f1000 LB 0x2a5000 (base 00007ff9ae300000) - 'wininet.dll'
|
|---|
| 355 | 32c0.2260: 00007ff9ae796000-00007ff9ae799fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wininet.dll
|
|---|
| 356 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ae796000 LB 0x4000 (base 00007ff9ae300000) - 'wininet.dll'
|
|---|
| 357 | 32c0.2260: 00007ff9ae79a000-00007ff9ae79afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wininet.dll
|
|---|
| 358 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ae79a000 LB 0x1000 (base 00007ff9ae300000) - 'wininet.dll'
|
|---|
| 359 | 32c0.2260: 00007ff9ae79b000-00007ff9ae7d6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wininet.dll
|
|---|
| 360 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ae79b000 LB 0x3c000 (base 00007ff9ae300000) - 'wininet.dll'
|
|---|
| 361 | 32c0.2260: 00007ff9ae7d7000-00007ff9b51affff 0x0001/0x0000 0x0000000
|
|---|
| 362 | 32c0.2260: *00007ff9b51b0000-00007ff9b51b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\secur32.dll
|
|---|
| 363 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9b51b0000 LB 0x1000 (base 00007ff9b51b0000) - 'secur32.dll'
|
|---|
| 364 | 32c0.2260: 00007ff9b51b1000-00007ff9b51b3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\secur32.dll
|
|---|
| 365 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9b51b1000 LB 0x3000 (base 00007ff9b51b0000) - 'secur32.dll'
|
|---|
| 366 | 32c0.2260: 00007ff9b51b4000-00007ff9b51b6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\secur32.dll
|
|---|
| 367 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9b51b4000 LB 0x3000 (base 00007ff9b51b0000) - 'secur32.dll'
|
|---|
| 368 | 32c0.2260: 00007ff9b51b7000-00007ff9b51b7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\secur32.dll
|
|---|
| 369 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9b51b7000 LB 0x1000 (base 00007ff9b51b0000) - 'secur32.dll'
|
|---|
| 370 | 32c0.2260: 00007ff9b51b8000-00007ff9b51bbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\secur32.dll
|
|---|
| 371 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9b51b8000 LB 0x4000 (base 00007ff9b51b0000) - 'secur32.dll'
|
|---|
| 372 | 32c0.2260: 00007ff9b51bc000-00007ff9b932ffff 0x0001/0x0000 0x0000000
|
|---|
| 373 | 32c0.2260: *00007ff9b9330000-00007ff9b9330fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\version.dll
|
|---|
| 374 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9b9330000 LB 0x1000 (base 00007ff9b9330000) - 'version.dll'
|
|---|
| 375 | 32c0.2260: 00007ff9b9331000-00007ff9b9333fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\version.dll
|
|---|
| 376 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9b9331000 LB 0x3000 (base 00007ff9b9330000) - 'version.dll'
|
|---|
| 377 | 32c0.2260: 00007ff9b9334000-00007ff9b9335fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\version.dll
|
|---|
| 378 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9b9334000 LB 0x2000 (base 00007ff9b9330000) - 'version.dll'
|
|---|
| 379 | 32c0.2260: 00007ff9b9336000-00007ff9b9336fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\version.dll
|
|---|
| 380 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9b9336000 LB 0x1000 (base 00007ff9b9330000) - 'version.dll'
|
|---|
| 381 | 32c0.2260: 00007ff9b9337000-00007ff9b9339fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\version.dll
|
|---|
| 382 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9b9337000 LB 0x3000 (base 00007ff9b9330000) - 'version.dll'
|
|---|
| 383 | 32c0.2260: 00007ff9b933a000-00007ff9c0e5ffff 0x0001/0x0000 0x0000000
|
|---|
| 384 | 32c0.2260: *00007ff9c0e60000-00007ff9c0e60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wkscli.dll
|
|---|
| 385 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c0e60000 LB 0x1000 (base 00007ff9c0e60000) - 'wkscli.dll'
|
|---|
| 386 | 32c0.2260: 00007ff9c0e61000-00007ff9c0e6afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wkscli.dll
|
|---|
| 387 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c0e61000 LB 0xa000 (base 00007ff9c0e60000) - 'wkscli.dll'
|
|---|
| 388 | 32c0.2260: 00007ff9c0e6b000-00007ff9c0e71fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wkscli.dll
|
|---|
| 389 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c0e6b000 LB 0x7000 (base 00007ff9c0e60000) - 'wkscli.dll'
|
|---|
| 390 | 32c0.2260: 00007ff9c0e72000-00007ff9c0e72fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wkscli.dll
|
|---|
| 391 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c0e72000 LB 0x1000 (base 00007ff9c0e60000) - 'wkscli.dll'
|
|---|
| 392 | 32c0.2260: 00007ff9c0e73000-00007ff9c0e76fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wkscli.dll
|
|---|
| 393 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c0e73000 LB 0x4000 (base 00007ff9c0e60000) - 'wkscli.dll'
|
|---|
| 394 | 32c0.2260: 00007ff9c0e77000-00007ff9c21cffff 0x0001/0x0000 0x0000000
|
|---|
| 395 | 32c0.2260: *00007ff9c21d0000-00007ff9c21d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\winhttp.dll
|
|---|
| 396 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c21d0000 LB 0x1000 (base 00007ff9c21d0000) - 'winhttp.dll'
|
|---|
| 397 | 32c0.2260: 00007ff9c21d1000-00007ff9c2290fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\winhttp.dll
|
|---|
| 398 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c21d1000 LB 0xc0000 (base 00007ff9c21d0000) - 'winhttp.dll'
|
|---|
| 399 | 32c0.2260: 00007ff9c2291000-00007ff9c22b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\winhttp.dll
|
|---|
| 400 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c2291000 LB 0x23000 (base 00007ff9c21d0000) - 'winhttp.dll'
|
|---|
| 401 | 32c0.2260: 00007ff9c22b4000-00007ff9c22b5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\winhttp.dll
|
|---|
| 402 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c22b4000 LB 0x2000 (base 00007ff9c21d0000) - 'winhttp.dll'
|
|---|
| 403 | 32c0.2260: 00007ff9c22b6000-00007ff9c22c9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\winhttp.dll
|
|---|
| 404 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c22b6000 LB 0x14000 (base 00007ff9c21d0000) - 'winhttp.dll'
|
|---|
| 405 | 32c0.2260: 00007ff9c22ca000-00007ff9c33effff 0x0001/0x0000 0x0000000
|
|---|
| 406 | 32c0.2260: *00007ff9c33f0000-00007ff9c33f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wtsapi32.dll
|
|---|
| 407 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c33f0000 LB 0x1000 (base 00007ff9c33f0000) - 'wtsapi32.dll'
|
|---|
| 408 | 32c0.2260: 00007ff9c33f1000-00007ff9c33f9fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wtsapi32.dll
|
|---|
| 409 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c33f1000 LB 0x9000 (base 00007ff9c33f0000) - 'wtsapi32.dll'
|
|---|
| 410 | 32c0.2260: 00007ff9c33fa000-00007ff9c33fdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wtsapi32.dll
|
|---|
| 411 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c33fa000 LB 0x4000 (base 00007ff9c33f0000) - 'wtsapi32.dll'
|
|---|
| 412 | 32c0.2260: 00007ff9c33fe000-00007ff9c33fefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wtsapi32.dll
|
|---|
| 413 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c33fe000 LB 0x1000 (base 00007ff9c33f0000) - 'wtsapi32.dll'
|
|---|
| 414 | 32c0.2260: 00007ff9c33ff000-00007ff9c3402fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wtsapi32.dll
|
|---|
| 415 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c33ff000 LB 0x4000 (base 00007ff9c33f0000) - 'wtsapi32.dll'
|
|---|
| 416 | 32c0.2260: 00007ff9c3403000-00007ff9c4d6ffff 0x0001/0x0000 0x0000000
|
|---|
| 417 | 32c0.2260: *00007ff9c4d70000-00007ff9c4d70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\propsys.dll
|
|---|
| 418 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c4d70000 LB 0x1000 (base 00007ff9c4d70000) - 'propsys.dll'
|
|---|
| 419 | 32c0.2260: 00007ff9c4d71000-00007ff9c4e04fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\propsys.dll
|
|---|
| 420 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c4d71000 LB 0x94000 (base 00007ff9c4d70000) - 'propsys.dll'
|
|---|
| 421 | 32c0.2260: 00007ff9c4e05000-00007ff9c4e4bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\propsys.dll
|
|---|
| 422 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c4e05000 LB 0x47000 (base 00007ff9c4d70000) - 'propsys.dll'
|
|---|
| 423 | 32c0.2260: 00007ff9c4e4c000-00007ff9c4e4dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\propsys.dll
|
|---|
| 424 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c4e4c000 LB 0x2000 (base 00007ff9c4d70000) - 'propsys.dll'
|
|---|
| 425 | 32c0.2260: 00007ff9c4e4e000-00007ff9c4e5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\propsys.dll
|
|---|
| 426 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c4e4e000 LB 0x11000 (base 00007ff9c4d70000) - 'propsys.dll'
|
|---|
| 427 | 32c0.2260: 00007ff9c4e5f000-00007ff9c96dffff 0x0001/0x0000 0x0000000
|
|---|
| 428 | 32c0.2260: *00007ff9c96e0000-00007ff9c96e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\IPHLPAPI.DLL
|
|---|
| 429 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c96e0000 LB 0x1000 (base 00007ff9c96e0000) - 'IPHLPAPI.DLL'
|
|---|
| 430 | 32c0.2260: 00007ff9c96e1000-00007ff9c9709fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\IPHLPAPI.DLL
|
|---|
| 431 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c96e1000 LB 0x29000 (base 00007ff9c96e0000) - 'IPHLPAPI.DLL'
|
|---|
| 432 | 32c0.2260: 00007ff9c970a000-00007ff9c9713fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\IPHLPAPI.DLL
|
|---|
| 433 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c970a000 LB 0xa000 (base 00007ff9c96e0000) - 'IPHLPAPI.DLL'
|
|---|
| 434 | 32c0.2260: 00007ff9c9714000-00007ff9c9714fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\IPHLPAPI.DLL
|
|---|
| 435 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c9714000 LB 0x1000 (base 00007ff9c96e0000) - 'IPHLPAPI.DLL'
|
|---|
| 436 | 32c0.2260: 00007ff9c9715000-00007ff9c9719fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\IPHLPAPI.DLL
|
|---|
| 437 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c9715000 LB 0x5000 (base 00007ff9c96e0000) - 'IPHLPAPI.DLL'
|
|---|
| 438 | 32c0.2260: 00007ff9c971a000-00007ff9c971ffff 0x0001/0x0000 0x0000000
|
|---|
| 439 | 32c0.2260: *00007ff9c9720000-00007ff9c9720fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\dnsapi.dll
|
|---|
| 440 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c9720000 LB 0x1000 (base 00007ff9c9720000) - 'dnsapi.dll'
|
|---|
| 441 | 32c0.2260: 00007ff9c9721000-00007ff9c97b3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\dnsapi.dll
|
|---|
| 442 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c9721000 LB 0x93000 (base 00007ff9c9720000) - 'dnsapi.dll'
|
|---|
| 443 | 32c0.2260: 00007ff9c97b4000-00007ff9c97d5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\dnsapi.dll
|
|---|
| 444 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c97b4000 LB 0x22000 (base 00007ff9c9720000) - 'dnsapi.dll'
|
|---|
| 445 | 32c0.2260: 00007ff9c97d6000-00007ff9c97d7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\dnsapi.dll
|
|---|
| 446 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c97d6000 LB 0x2000 (base 00007ff9c9720000) - 'dnsapi.dll'
|
|---|
| 447 | 32c0.2260: 00007ff9c97d8000-00007ff9c97eafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\dnsapi.dll
|
|---|
| 448 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c97d8000 LB 0x13000 (base 00007ff9c9720000) - 'dnsapi.dll'
|
|---|
| 449 | 32c0.2260: 00007ff9c97eb000-00007ff9c97effff 0x0001/0x0000 0x0000000
|
|---|
| 450 | 32c0.2260: *00007ff9c97f0000-00007ff9c97f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\netutils.dll
|
|---|
| 451 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c97f0000 LB 0x1000 (base 00007ff9c97f0000) - 'netutils.dll'
|
|---|
| 452 | 32c0.2260: 00007ff9c97f1000-00007ff9c97f5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\netutils.dll
|
|---|
| 453 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c97f1000 LB 0x5000 (base 00007ff9c97f0000) - 'netutils.dll'
|
|---|
| 454 | 32c0.2260: 00007ff9c97f6000-00007ff9c97f7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\netutils.dll
|
|---|
| 455 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c97f6000 LB 0x2000 (base 00007ff9c97f0000) - 'netutils.dll'
|
|---|
| 456 | 32c0.2260: 00007ff9c97f8000-00007ff9c97f8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\netutils.dll
|
|---|
| 457 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c97f8000 LB 0x1000 (base 00007ff9c97f0000) - 'netutils.dll'
|
|---|
| 458 | 32c0.2260: 00007ff9c97f9000-00007ff9c97fbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\netutils.dll
|
|---|
| 459 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c97f9000 LB 0x3000 (base 00007ff9c97f0000) - 'netutils.dll'
|
|---|
| 460 | 32c0.2260: 00007ff9c97fc000-00007ff9c980ffff 0x0001/0x0000 0x0000000
|
|---|
| 461 | 32c0.2260: *00007ff9c9810000-00007ff9c9810fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\logoncli.dll
|
|---|
| 462 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c9810000 LB 0x1000 (base 00007ff9c9810000) - 'logoncli.dll'
|
|---|
| 463 | 32c0.2260: 00007ff9c9811000-00007ff9c982ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\logoncli.dll
|
|---|
| 464 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c9811000 LB 0x1f000 (base 00007ff9c9810000) - 'logoncli.dll'
|
|---|
| 465 | 32c0.2260: 00007ff9c9830000-00007ff9c984afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\logoncli.dll
|
|---|
| 466 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c9830000 LB 0x1b000 (base 00007ff9c9810000) - 'logoncli.dll'
|
|---|
| 467 | 32c0.2260: 00007ff9c984b000-00007ff9c984cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\logoncli.dll
|
|---|
| 468 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c984b000 LB 0x2000 (base 00007ff9c9810000) - 'logoncli.dll'
|
|---|
| 469 | 32c0.2260: 00007ff9c984d000-00007ff9c9851fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\logoncli.dll
|
|---|
| 470 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c984d000 LB 0x5000 (base 00007ff9c9810000) - 'logoncli.dll'
|
|---|
| 471 | 32c0.2260: 00007ff9c9852000-00007ff9c99cffff 0x0001/0x0000 0x0000000
|
|---|
| 472 | 32c0.2260: *00007ff9c99d0000-00007ff9c99d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\mswsock.dll
|
|---|
| 473 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c99d0000 LB 0x1000 (base 00007ff9c99d0000) - 'mswsock.dll'
|
|---|
| 474 | 32c0.2260: 00007ff9c99d1000-00007ff9c9a20fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\mswsock.dll
|
|---|
| 475 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c99d1000 LB 0x50000 (base 00007ff9c99d0000) - 'mswsock.dll'
|
|---|
| 476 | 32c0.2260: 00007ff9c9a21000-00007ff9c9a2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\mswsock.dll
|
|---|
| 477 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c9a21000 LB 0xe000 (base 00007ff9c99d0000) - 'mswsock.dll'
|
|---|
| 478 | 32c0.2260: 00007ff9c9a2f000-00007ff9c9a30fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\mswsock.dll
|
|---|
| 479 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c9a2f000 LB 0x2000 (base 00007ff9c99d0000) - 'mswsock.dll'
|
|---|
| 480 | 32c0.2260: 00007ff9c9a31000-00007ff9c9a36fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\mswsock.dll
|
|---|
| 481 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9c9a31000 LB 0x6000 (base 00007ff9c99d0000) - 'mswsock.dll'
|
|---|
| 482 | 32c0.2260: 00007ff9c9a37000-00007ff9ca07ffff 0x0001/0x0000 0x0000000
|
|---|
| 483 | 32c0.2260: *00007ff9ca080000-00007ff9ca080fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\userenv.dll
|
|---|
| 484 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca080000 LB 0x1000 (base 00007ff9ca080000) - 'userenv.dll'
|
|---|
| 485 | 32c0.2260: 00007ff9ca081000-00007ff9ca093fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\userenv.dll
|
|---|
| 486 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca081000 LB 0x13000 (base 00007ff9ca080000) - 'userenv.dll'
|
|---|
| 487 | 32c0.2260: 00007ff9ca094000-00007ff9ca09cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\userenv.dll
|
|---|
| 488 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca094000 LB 0x9000 (base 00007ff9ca080000) - 'userenv.dll'
|
|---|
| 489 | 32c0.2260: 00007ff9ca09d000-00007ff9ca09dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\userenv.dll
|
|---|
| 490 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca09d000 LB 0x1000 (base 00007ff9ca080000) - 'userenv.dll'
|
|---|
| 491 | 32c0.2260: 00007ff9ca09e000-00007ff9ca0a4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\userenv.dll
|
|---|
| 492 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca09e000 LB 0x7000 (base 00007ff9ca080000) - 'userenv.dll'
|
|---|
| 493 | 32c0.2260: 00007ff9ca0a5000-00007ff9ca0affff 0x0001/0x0000 0x0000000
|
|---|
| 494 | 32c0.2260: *00007ff9ca0b0000-00007ff9ca0b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sspicli.dll
|
|---|
| 495 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca0b0000 LB 0x1000 (base 00007ff9ca0b0000) - 'sspicli.dll'
|
|---|
| 496 | 32c0.2260: 00007ff9ca0b1000-00007ff9ca0cdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sspicli.dll
|
|---|
| 497 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca0b1000 LB 0x1d000 (base 00007ff9ca0b0000) - 'sspicli.dll'
|
|---|
| 498 | 32c0.2260: 00007ff9ca0ce000-00007ff9ca0d7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sspicli.dll
|
|---|
| 499 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca0ce000 LB 0xa000 (base 00007ff9ca0b0000) - 'sspicli.dll'
|
|---|
| 500 | 32c0.2260: 00007ff9ca0d8000-00007ff9ca0d8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sspicli.dll
|
|---|
| 501 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca0d8000 LB 0x1000 (base 00007ff9ca0b0000) - 'sspicli.dll'
|
|---|
| 502 | 32c0.2260: 00007ff9ca0d9000-00007ff9ca0d9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sspicli.dll
|
|---|
| 503 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca0d9000 LB 0x1000 (base 00007ff9ca0b0000) - 'sspicli.dll'
|
|---|
| 504 | 32c0.2260: 00007ff9ca0da000-00007ff9ca0defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sspicli.dll
|
|---|
| 505 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca0da000 LB 0x5000 (base 00007ff9ca0b0000) - 'sspicli.dll'
|
|---|
| 506 | 32c0.2260: 00007ff9ca0df000-00007ff9ca18ffff 0x0001/0x0000 0x0000000
|
|---|
| 507 | 32c0.2260: *00007ff9ca190000-00007ff9ca190fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\umpdc.dll
|
|---|
| 508 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca190000 LB 0x1000 (base 00007ff9ca190000) - 'umpdc.dll'
|
|---|
| 509 | 32c0.2260: 00007ff9ca191000-00007ff9ca198fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\umpdc.dll
|
|---|
| 510 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca191000 LB 0x8000 (base 00007ff9ca190000) - 'umpdc.dll'
|
|---|
| 511 | 32c0.2260: 00007ff9ca199000-00007ff9ca19bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\umpdc.dll
|
|---|
| 512 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca199000 LB 0x3000 (base 00007ff9ca190000) - 'umpdc.dll'
|
|---|
| 513 | 32c0.2260: 00007ff9ca19c000-00007ff9ca19cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\umpdc.dll
|
|---|
| 514 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca19c000 LB 0x1000 (base 00007ff9ca190000) - 'umpdc.dll'
|
|---|
| 515 | 32c0.2260: 00007ff9ca19d000-00007ff9ca19ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\umpdc.dll
|
|---|
| 516 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca19d000 LB 0x3000 (base 00007ff9ca190000) - 'umpdc.dll'
|
|---|
| 517 | 32c0.2260: *00007ff9ca1a0000-00007ff9ca1a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msasn1.dll
|
|---|
| 518 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca1a0000 LB 0x1000 (base 00007ff9ca1a0000) - 'msasn1.dll'
|
|---|
| 519 | 32c0.2260: 00007ff9ca1a1000-00007ff9ca1a9fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msasn1.dll
|
|---|
| 520 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca1a1000 LB 0x9000 (base 00007ff9ca1a0000) - 'msasn1.dll'
|
|---|
| 521 | 32c0.2260: 00007ff9ca1aa000-00007ff9ca1adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msasn1.dll
|
|---|
| 522 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca1aa000 LB 0x4000 (base 00007ff9ca1a0000) - 'msasn1.dll'
|
|---|
| 523 | 32c0.2260: 00007ff9ca1ae000-00007ff9ca1aefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msasn1.dll
|
|---|
| 524 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca1ae000 LB 0x1000 (base 00007ff9ca1a0000) - 'msasn1.dll'
|
|---|
| 525 | 32c0.2260: 00007ff9ca1af000-00007ff9ca1b1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msasn1.dll
|
|---|
| 526 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca1af000 LB 0x3000 (base 00007ff9ca1a0000) - 'msasn1.dll'
|
|---|
| 527 | 32c0.2260: 00007ff9ca1b2000-00007ff9ca1bffff 0x0001/0x0000 0x0000000
|
|---|
| 528 | 32c0.2260: *00007ff9ca1c0000-00007ff9ca1c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\powrprof.dll
|
|---|
| 529 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca1c0000 LB 0x1000 (base 00007ff9ca1c0000) - 'powrprof.dll'
|
|---|
| 530 | 32c0.2260: 00007ff9ca1c1000-00007ff9ca1d1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\powrprof.dll
|
|---|
| 531 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca1c1000 LB 0x11000 (base 00007ff9ca1c0000) - 'powrprof.dll'
|
|---|
| 532 | 32c0.2260: 00007ff9ca1d2000-00007ff9ca1dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\powrprof.dll
|
|---|
| 533 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca1d2000 LB 0xa000 (base 00007ff9ca1c0000) - 'powrprof.dll'
|
|---|
| 534 | 32c0.2260: 00007ff9ca1dc000-00007ff9ca1dcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\powrprof.dll
|
|---|
| 535 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca1dc000 LB 0x1000 (base 00007ff9ca1c0000) - 'powrprof.dll'
|
|---|
| 536 | 32c0.2260: 00007ff9ca1dd000-00007ff9ca209fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\powrprof.dll
|
|---|
| 537 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca1dd000 LB 0x2d000 (base 00007ff9ca1c0000) - 'powrprof.dll'
|
|---|
| 538 | 32c0.2260: 00007ff9ca20a000-00007ff9ca20ffff 0x0001/0x0000 0x0000000
|
|---|
| 539 | 32c0.2260: *00007ff9ca210000-00007ff9ca210fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll
|
|---|
| 540 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca210000 LB 0x1000 (base 00007ff9ca210000) - 'kernel.appcore.dll'
|
|---|
| 541 | 32c0.2260: 00007ff9ca211000-00007ff9ca214fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll
|
|---|
| 542 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca211000 LB 0x4000 (base 00007ff9ca210000) - 'kernel.appcore.dll'
|
|---|
| 543 | 32c0.2260: 00007ff9ca215000-00007ff9ca21bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll
|
|---|
| 544 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca215000 LB 0x7000 (base 00007ff9ca210000) - 'kernel.appcore.dll'
|
|---|
| 545 | 32c0.2260: 00007ff9ca21c000-00007ff9ca21cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll
|
|---|
| 546 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca21c000 LB 0x1000 (base 00007ff9ca210000) - 'kernel.appcore.dll'
|
|---|
| 547 | 32c0.2260: 00007ff9ca21d000-00007ff9ca220fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll
|
|---|
| 548 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca21d000 LB 0x4000 (base 00007ff9ca210000) - 'kernel.appcore.dll'
|
|---|
| 549 | 32c0.2260: 00007ff9ca221000-00007ff9ca22ffff 0x0001/0x0000 0x0000000
|
|---|
| 550 | 32c0.2260: *00007ff9ca230000-00007ff9ca230fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\profapi.dll
|
|---|
| 551 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca230000 LB 0x1000 (base 00007ff9ca230000) - 'profapi.dll'
|
|---|
| 552 | 32c0.2260: 00007ff9ca231000-00007ff9ca240fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\profapi.dll
|
|---|
| 553 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca231000 LB 0x10000 (base 00007ff9ca230000) - 'profapi.dll'
|
|---|
| 554 | 32c0.2260: 00007ff9ca241000-00007ff9ca247fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\profapi.dll
|
|---|
| 555 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca241000 LB 0x7000 (base 00007ff9ca230000) - 'profapi.dll'
|
|---|
| 556 | 32c0.2260: 00007ff9ca248000-00007ff9ca248fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\profapi.dll
|
|---|
| 557 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca248000 LB 0x1000 (base 00007ff9ca230000) - 'profapi.dll'
|
|---|
| 558 | 32c0.2260: 00007ff9ca249000-00007ff9ca24dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\profapi.dll
|
|---|
| 559 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca249000 LB 0x5000 (base 00007ff9ca230000) - 'profapi.dll'
|
|---|
| 560 | 32c0.2260: 00007ff9ca24e000-00007ff9ca24ffff 0x0001/0x0000 0x0000000
|
|---|
| 561 | 32c0.2260: *00007ff9ca250000-00007ff9ca250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll
|
|---|
| 562 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca250000 LB 0x1000 (base 00007ff9ca250000) - 'bcryptprimitives.dll'
|
|---|
| 563 | 32c0.2260: 00007ff9ca251000-00007ff9ca2b6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll
|
|---|
| 564 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca251000 LB 0x66000 (base 00007ff9ca250000) - 'bcryptprimitives.dll'
|
|---|
| 565 | 32c0.2260: 00007ff9ca2b7000-00007ff9ca2cafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll
|
|---|
| 566 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca2b7000 LB 0x14000 (base 00007ff9ca250000) - 'bcryptprimitives.dll'
|
|---|
| 567 | 32c0.2260: 00007ff9ca2cb000-00007ff9ca2cbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll
|
|---|
| 568 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca2cb000 LB 0x1000 (base 00007ff9ca250000) - 'bcryptprimitives.dll'
|
|---|
| 569 | 32c0.2260: 00007ff9ca2cc000-00007ff9ca2d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll
|
|---|
| 570 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca2cc000 LB 0x5000 (base 00007ff9ca250000) - 'bcryptprimitives.dll'
|
|---|
| 571 | 32c0.2260: 00007ff9ca2d1000-00007ff9ca2dffff 0x0001/0x0000 0x0000000
|
|---|
| 572 | 32c0.2260: *00007ff9ca2e0000-00007ff9ca2e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\gdi32full.dll
|
|---|
| 573 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca2e0000 LB 0x1000 (base 00007ff9ca2e0000) - 'gdi32full.dll'
|
|---|
| 574 | 32c0.2260: 00007ff9ca2e1000-00007ff9ca3b3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\gdi32full.dll
|
|---|
| 575 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca2e1000 LB 0xd3000 (base 00007ff9ca2e0000) - 'gdi32full.dll'
|
|---|
| 576 | 32c0.2260: 00007ff9ca3b4000-00007ff9ca455fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\gdi32full.dll
|
|---|
| 577 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca3b4000 LB 0xa2000 (base 00007ff9ca2e0000) - 'gdi32full.dll'
|
|---|
| 578 | 32c0.2260: 00007ff9ca456000-00007ff9ca459fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\gdi32full.dll
|
|---|
| 579 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca456000 LB 0x4000 (base 00007ff9ca2e0000) - 'gdi32full.dll'
|
|---|
| 580 | 32c0.2260: 00007ff9ca45a000-00007ff9ca45afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\gdi32full.dll
|
|---|
| 581 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca45a000 LB 0x1000 (base 00007ff9ca2e0000) - 'gdi32full.dll'
|
|---|
| 582 | 32c0.2260: 00007ff9ca45b000-00007ff9ca477fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\gdi32full.dll
|
|---|
| 583 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca45b000 LB 0x1d000 (base 00007ff9ca2e0000) - 'gdi32full.dll'
|
|---|
| 584 | 32c0.2260: 00007ff9ca478000-00007ff9ca47ffff 0x0001/0x0000 0x0000000
|
|---|
| 585 | 32c0.2260: *00007ff9ca480000-00007ff9ca480fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\KernelBase.dll
|
|---|
| 586 | 32c0.2260: 00007ff9ca481000-00007ff9ca586fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\KernelBase.dll
|
|---|
| 587 | 32c0.2260: 00007ff9ca587000-00007ff9ca6e9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\KernelBase.dll
|
|---|
| 588 | 32c0.2260: 00007ff9ca6ea000-00007ff9ca6edfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\KernelBase.dll
|
|---|
| 589 | 32c0.2260: 00007ff9ca6ee000-00007ff9ca6eefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\KernelBase.dll
|
|---|
| 590 | 32c0.2260: 00007ff9ca6ef000-00007ff9ca724fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\KernelBase.dll
|
|---|
| 591 | 32c0.2260: 00007ff9ca725000-00007ff9ca72ffff 0x0001/0x0000 0x0000000
|
|---|
| 592 | 32c0.2260: *00007ff9ca730000-00007ff9ca730fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wintrust.dll
|
|---|
| 593 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca730000 LB 0x1000 (base 00007ff9ca730000) - 'wintrust.dll'
|
|---|
| 594 | 32c0.2260: 00007ff9ca731000-00007ff9ca76efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wintrust.dll
|
|---|
| 595 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca731000 LB 0x3e000 (base 00007ff9ca730000) - 'wintrust.dll'
|
|---|
| 596 | 32c0.2260: 00007ff9ca76f000-00007ff9ca781fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wintrust.dll
|
|---|
| 597 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca76f000 LB 0x13000 (base 00007ff9ca730000) - 'wintrust.dll'
|
|---|
| 598 | 32c0.2260: 00007ff9ca782000-00007ff9ca782fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wintrust.dll
|
|---|
| 599 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca782000 LB 0x1000 (base 00007ff9ca730000) - 'wintrust.dll'
|
|---|
| 600 | 32c0.2260: 00007ff9ca783000-00007ff9ca783fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wintrust.dll
|
|---|
| 601 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca783000 LB 0x1000 (base 00007ff9ca730000) - 'wintrust.dll'
|
|---|
| 602 | 32c0.2260: 00007ff9ca784000-00007ff9ca78bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\wintrust.dll
|
|---|
| 603 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca784000 LB 0x8000 (base 00007ff9ca730000) - 'wintrust.dll'
|
|---|
| 604 | 32c0.2260: 00007ff9ca78c000-00007ff9ca78ffff 0x0001/0x0000 0x0000000
|
|---|
| 605 | 32c0.2260: *00007ff9ca790000-00007ff9ca790fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\bcrypt.dll
|
|---|
| 606 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca790000 LB 0x1000 (base 00007ff9ca790000) - 'bcrypt.dll'
|
|---|
| 607 | 32c0.2260: 00007ff9ca791000-00007ff9ca7a9fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\bcrypt.dll
|
|---|
| 608 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca791000 LB 0x19000 (base 00007ff9ca790000) - 'bcrypt.dll'
|
|---|
| 609 | 32c0.2260: 00007ff9ca7aa000-00007ff9ca7affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\bcrypt.dll
|
|---|
| 610 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca7aa000 LB 0x6000 (base 00007ff9ca790000) - 'bcrypt.dll'
|
|---|
| 611 | 32c0.2260: 00007ff9ca7b0000-00007ff9ca7b0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\bcrypt.dll
|
|---|
| 612 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca7b0000 LB 0x1000 (base 00007ff9ca790000) - 'bcrypt.dll'
|
|---|
| 613 | 32c0.2260: 00007ff9ca7b1000-00007ff9ca7b5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\bcrypt.dll
|
|---|
| 614 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca7b1000 LB 0x5000 (base 00007ff9ca790000) - 'bcrypt.dll'
|
|---|
| 615 | 32c0.2260: 00007ff9ca7b6000-00007ff9ca7bffff 0x0001/0x0000 0x0000000
|
|---|
| 616 | 32c0.2260: *00007ff9ca7c0000-00007ff9ca7c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\windows.storage.dll
|
|---|
| 617 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca7c0000 LB 0x1000 (base 00007ff9ca7c0000) - 'windows.storage.dll'
|
|---|
| 618 | 32c0.2260: 00007ff9ca7c1000-00007ff9cad01fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\windows.storage.dll
|
|---|
| 619 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ca7c1000 LB 0x541000 (base 00007ff9ca7c0000) - 'windows.storage.dll'
|
|---|
| 620 | 32c0.2260: 00007ff9cad02000-00007ff9caebcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\windows.storage.dll
|
|---|
| 621 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cad02000 LB 0x1bb000 (base 00007ff9ca7c0000) - 'windows.storage.dll'
|
|---|
| 622 | 32c0.2260: 00007ff9caebd000-00007ff9caec9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\windows.storage.dll
|
|---|
| 623 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9caebd000 LB 0xd000 (base 00007ff9ca7c0000) - 'windows.storage.dll'
|
|---|
| 624 | 32c0.2260: 00007ff9caeca000-00007ff9caecafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\windows.storage.dll
|
|---|
| 625 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9caeca000 LB 0x1000 (base 00007ff9ca7c0000) - 'windows.storage.dll'
|
|---|
| 626 | 32c0.2260: 00007ff9caecb000-00007ff9caf3afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\windows.storage.dll
|
|---|
| 627 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9caecb000 LB 0x70000 (base 00007ff9ca7c0000) - 'windows.storage.dll'
|
|---|
| 628 | 32c0.2260: 00007ff9caf3b000-00007ff9caf3ffff 0x0001/0x0000 0x0000000
|
|---|
| 629 | 32c0.2260: *00007ff9caf40000-00007ff9caf40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\cryptsp.dll
|
|---|
| 630 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9caf40000 LB 0x1000 (base 00007ff9caf40000) - 'cryptsp.dll'
|
|---|
| 631 | 32c0.2260: 00007ff9caf41000-00007ff9caf4bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\cryptsp.dll
|
|---|
| 632 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9caf41000 LB 0xb000 (base 00007ff9caf40000) - 'cryptsp.dll'
|
|---|
| 633 | 32c0.2260: 00007ff9caf4c000-00007ff9caf51fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\cryptsp.dll
|
|---|
| 634 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9caf4c000 LB 0x6000 (base 00007ff9caf40000) - 'cryptsp.dll'
|
|---|
| 635 | 32c0.2260: 00007ff9caf52000-00007ff9caf52fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\cryptsp.dll
|
|---|
| 636 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9caf52000 LB 0x1000 (base 00007ff9caf40000) - 'cryptsp.dll'
|
|---|
| 637 | 32c0.2260: 00007ff9caf53000-00007ff9caf56fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\cryptsp.dll
|
|---|
| 638 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9caf53000 LB 0x4000 (base 00007ff9caf40000) - 'cryptsp.dll'
|
|---|
| 639 | 32c0.2260: 00007ff9caf57000-00007ff9caf5ffff 0x0001/0x0000 0x0000000
|
|---|
| 640 | 32c0.2260: *00007ff9caf60000-00007ff9caf60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
|
|---|
| 641 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9caf60000 LB 0x1000 (base 00007ff9caf60000) - 'msvcp_win.dll'
|
|---|
| 642 | 32c0.2260: 00007ff9caf61000-00007ff9cafb4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
|
|---|
| 643 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9caf61000 LB 0x54000 (base 00007ff9caf60000) - 'msvcp_win.dll'
|
|---|
| 644 | 32c0.2260: 00007ff9cafb5000-00007ff9caff1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
|
|---|
| 645 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cafb5000 LB 0x3d000 (base 00007ff9caf60000) - 'msvcp_win.dll'
|
|---|
| 646 | 32c0.2260: 00007ff9caff2000-00007ff9caff2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
|
|---|
| 647 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9caff2000 LB 0x1000 (base 00007ff9caf60000) - 'msvcp_win.dll'
|
|---|
| 648 | 32c0.2260: 00007ff9caff3000-00007ff9caff5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
|
|---|
| 649 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9caff3000 LB 0x3000 (base 00007ff9caf60000) - 'msvcp_win.dll'
|
|---|
| 650 | 32c0.2260: 00007ff9caff6000-00007ff9caffdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
|
|---|
| 651 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9caff6000 LB 0x8000 (base 00007ff9caf60000) - 'msvcp_win.dll'
|
|---|
| 652 | 32c0.2260: 00007ff9caffe000-00007ff9caffffff 0x0001/0x0000 0x0000000
|
|---|
| 653 | 32c0.2260: *00007ff9cb000000-00007ff9cb000fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll
|
|---|
| 654 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb000000 LB 0x1000 (base 00007ff9cb000000) - 'cfgmgr32.dll'
|
|---|
| 655 | 32c0.2260: 00007ff9cb001000-00007ff9cb033fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll
|
|---|
| 656 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb001000 LB 0x33000 (base 00007ff9cb000000) - 'cfgmgr32.dll'
|
|---|
| 657 | 32c0.2260: 00007ff9cb034000-00007ff9cb041fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll
|
|---|
| 658 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb034000 LB 0xe000 (base 00007ff9cb000000) - 'cfgmgr32.dll'
|
|---|
| 659 | 32c0.2260: 00007ff9cb042000-00007ff9cb042fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll
|
|---|
| 660 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb042000 LB 0x1000 (base 00007ff9cb000000) - 'cfgmgr32.dll'
|
|---|
| 661 | 32c0.2260: 00007ff9cb043000-00007ff9cb043fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll
|
|---|
| 662 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb043000 LB 0x1000 (base 00007ff9cb000000) - 'cfgmgr32.dll'
|
|---|
| 663 | 32c0.2260: 00007ff9cb044000-00007ff9cb049fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll
|
|---|
| 664 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb044000 LB 0x6000 (base 00007ff9cb000000) - 'cfgmgr32.dll'
|
|---|
| 665 | 32c0.2260: 00007ff9cb04a000-00007ff9cb04ffff 0x0001/0x0000 0x0000000
|
|---|
| 666 | 32c0.2260: *00007ff9cb050000-00007ff9cb050fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\crypt32.dll
|
|---|
| 667 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb050000 LB 0x1000 (base 00007ff9cb050000) - 'crypt32.dll'
|
|---|
| 668 | 32c0.2260: 00007ff9cb051000-00007ff9cb150fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\crypt32.dll
|
|---|
| 669 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb051000 LB 0x100000 (base 00007ff9cb050000) - 'crypt32.dll'
|
|---|
| 670 | 32c0.2260: 00007ff9cb151000-00007ff9cb188fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\crypt32.dll
|
|---|
| 671 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb151000 LB 0x38000 (base 00007ff9cb050000) - 'crypt32.dll'
|
|---|
| 672 | 32c0.2260: 00007ff9cb189000-00007ff9cb18ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\crypt32.dll
|
|---|
| 673 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb189000 LB 0x7000 (base 00007ff9cb050000) - 'crypt32.dll'
|
|---|
| 674 | 32c0.2260: 00007ff9cb190000-00007ff9cb1a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\crypt32.dll
|
|---|
| 675 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb190000 LB 0x11000 (base 00007ff9cb050000) - 'crypt32.dll'
|
|---|
| 676 | 32c0.2260: 00007ff9cb1a1000-00007ff9cb25ffff 0x0001/0x0000 0x0000000
|
|---|
| 677 | 32c0.2260: *00007ff9cb260000-00007ff9cb260fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ucrtbase.dll
|
|---|
| 678 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb260000 LB 0x1000 (base 00007ff9cb260000) - 'ucrtbase.dll'
|
|---|
| 679 | 32c0.2260: 00007ff9cb261000-00007ff9cb311fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ucrtbase.dll
|
|---|
| 680 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb261000 LB 0xb1000 (base 00007ff9cb260000) - 'ucrtbase.dll'
|
|---|
| 681 | 32c0.2260: 00007ff9cb312000-00007ff9cb349fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ucrtbase.dll
|
|---|
| 682 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb312000 LB 0x38000 (base 00007ff9cb260000) - 'ucrtbase.dll'
|
|---|
| 683 | 32c0.2260: 00007ff9cb34a000-00007ff9cb34cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ucrtbase.dll
|
|---|
| 684 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb34a000 LB 0x3000 (base 00007ff9cb260000) - 'ucrtbase.dll'
|
|---|
| 685 | 32c0.2260: 00007ff9cb34d000-00007ff9cb359fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ucrtbase.dll
|
|---|
| 686 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb34d000 LB 0xd000 (base 00007ff9cb260000) - 'ucrtbase.dll'
|
|---|
| 687 | 32c0.2260: 00007ff9cb35a000-00007ff9cb35ffff 0x0001/0x0000 0x0000000
|
|---|
| 688 | 32c0.2260: *00007ff9cb360000-00007ff9cb360fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\win32u.dll
|
|---|
| 689 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb360000 LB 0x1000 (base 00007ff9cb360000) - 'win32u.dll'
|
|---|
| 690 | 32c0.2260: 00007ff9cb361000-00007ff9cb36afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\win32u.dll
|
|---|
| 691 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb361000 LB 0xa000 (base 00007ff9cb360000) - 'win32u.dll'
|
|---|
| 692 | 32c0.2260: 00007ff9cb36b000-00007ff9cb379fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\win32u.dll
|
|---|
| 693 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb36b000 LB 0xf000 (base 00007ff9cb360000) - 'win32u.dll'
|
|---|
| 694 | 32c0.2260: 00007ff9cb37a000-00007ff9cb37afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\win32u.dll
|
|---|
| 695 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb37a000 LB 0x1000 (base 00007ff9cb360000) - 'win32u.dll'
|
|---|
| 696 | 32c0.2260: 00007ff9cb37b000-00007ff9cb380fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\win32u.dll
|
|---|
| 697 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb37b000 LB 0x6000 (base 00007ff9cb360000) - 'win32u.dll'
|
|---|
| 698 | 32c0.2260: 00007ff9cb381000-00007ff9cb38ffff 0x0001/0x0000 0x0000000
|
|---|
| 699 | 32c0.2260: *00007ff9cb390000-00007ff9cb390fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\shlwapi.dll
|
|---|
| 700 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb390000 LB 0x1000 (base 00007ff9cb390000) - 'shlwapi.dll'
|
|---|
| 701 | 32c0.2260: 00007ff9cb391000-00007ff9cb3bafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\shlwapi.dll
|
|---|
| 702 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb391000 LB 0x2a000 (base 00007ff9cb390000) - 'shlwapi.dll'
|
|---|
| 703 | 32c0.2260: 00007ff9cb3bb000-00007ff9cb3dafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\shlwapi.dll
|
|---|
| 704 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb3bb000 LB 0x20000 (base 00007ff9cb390000) - 'shlwapi.dll'
|
|---|
| 705 | 32c0.2260: 00007ff9cb3db000-00007ff9cb3dbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\shlwapi.dll
|
|---|
| 706 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb3db000 LB 0x1000 (base 00007ff9cb390000) - 'shlwapi.dll'
|
|---|
| 707 | 32c0.2260: 00007ff9cb3dc000-00007ff9cb3e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\shlwapi.dll
|
|---|
| 708 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb3dc000 LB 0x6000 (base 00007ff9cb390000) - 'shlwapi.dll'
|
|---|
| 709 | 32c0.2260: 00007ff9cb3e2000-00007ff9cb3effff 0x0001/0x0000 0x0000000
|
|---|
| 710 | 32c0.2260: *00007ff9cb3f0000-00007ff9cb3f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\nsi.dll
|
|---|
| 711 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb3f0000 LB 0x1000 (base 00007ff9cb3f0000) - 'nsi.dll'
|
|---|
| 712 | 32c0.2260: 00007ff9cb3f1000-00007ff9cb3f2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\nsi.dll
|
|---|
| 713 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb3f1000 LB 0x2000 (base 00007ff9cb3f0000) - 'nsi.dll'
|
|---|
| 714 | 32c0.2260: 00007ff9cb3f3000-00007ff9cb3f3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\nsi.dll
|
|---|
| 715 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb3f3000 LB 0x1000 (base 00007ff9cb3f0000) - 'nsi.dll'
|
|---|
| 716 | 32c0.2260: 00007ff9cb3f4000-00007ff9cb3f4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\nsi.dll
|
|---|
| 717 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb3f4000 LB 0x1000 (base 00007ff9cb3f0000) - 'nsi.dll'
|
|---|
| 718 | 32c0.2260: 00007ff9cb3f5000-00007ff9cb3f7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\nsi.dll
|
|---|
| 719 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb3f5000 LB 0x3000 (base 00007ff9cb3f0000) - 'nsi.dll'
|
|---|
| 720 | 32c0.2260: 00007ff9cb3f8000-00007ff9cb3fffff 0x0001/0x0000 0x0000000
|
|---|
| 721 | 32c0.2260: *00007ff9cb400000-00007ff9cb400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
|
|---|
| 722 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb400000 LB 0x1000 (base 00007ff9cb400000) - 'msvcrt.dll'
|
|---|
| 723 | 32c0.2260: 00007ff9cb401000-00007ff9cb475fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
|
|---|
| 724 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb401000 LB 0x75000 (base 00007ff9cb400000) - 'msvcrt.dll'
|
|---|
| 725 | 32c0.2260: 00007ff9cb476000-00007ff9cb48efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
|
|---|
| 726 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb476000 LB 0x19000 (base 00007ff9cb400000) - 'msvcrt.dll'
|
|---|
| 727 | 32c0.2260: 00007ff9cb48f000-00007ff9cb490fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
|
|---|
| 728 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb48f000 LB 0x2000 (base 00007ff9cb400000) - 'msvcrt.dll'
|
|---|
| 729 | 32c0.2260: 00007ff9cb491000-00007ff9cb493fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
|
|---|
| 730 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb491000 LB 0x3000 (base 00007ff9cb400000) - 'msvcrt.dll'
|
|---|
| 731 | 32c0.2260: 00007ff9cb494000-00007ff9cb495fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
|
|---|
| 732 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb494000 LB 0x2000 (base 00007ff9cb400000) - 'msvcrt.dll'
|
|---|
| 733 | 32c0.2260: 00007ff9cb496000-00007ff9cb496fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
|
|---|
| 734 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb496000 LB 0x1000 (base 00007ff9cb400000) - 'msvcrt.dll'
|
|---|
| 735 | 32c0.2260: 00007ff9cb497000-00007ff9cb49dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
|
|---|
| 736 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb497000 LB 0x7000 (base 00007ff9cb400000) - 'msvcrt.dll'
|
|---|
| 737 | 32c0.2260: 00007ff9cb49e000-00007ff9cb53ffff 0x0001/0x0000 0x0000000
|
|---|
| 738 | 32c0.2260: *00007ff9cb540000-00007ff9cb540fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\imm32.dll
|
|---|
| 739 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb540000 LB 0x1000 (base 00007ff9cb540000) - 'imm32.dll'
|
|---|
| 740 | 32c0.2260: 00007ff9cb541000-00007ff9cb55cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\imm32.dll
|
|---|
| 741 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb541000 LB 0x1c000 (base 00007ff9cb540000) - 'imm32.dll'
|
|---|
| 742 | 32c0.2260: 00007ff9cb55d000-00007ff9cb563fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\imm32.dll
|
|---|
| 743 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb55d000 LB 0x7000 (base 00007ff9cb540000) - 'imm32.dll'
|
|---|
| 744 | 32c0.2260: 00007ff9cb564000-00007ff9cb564fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\imm32.dll
|
|---|
| 745 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb564000 LB 0x1000 (base 00007ff9cb540000) - 'imm32.dll'
|
|---|
| 746 | 32c0.2260: 00007ff9cb565000-00007ff9cb56dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\imm32.dll
|
|---|
| 747 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb565000 LB 0x9000 (base 00007ff9cb540000) - 'imm32.dll'
|
|---|
| 748 | 32c0.2260: 00007ff9cb56e000-00007ff9cb56ffff 0x0001/0x0000 0x0000000
|
|---|
| 749 | 32c0.2260: *00007ff9cb570000-00007ff9cb570fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\setupapi.dll
|
|---|
| 750 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb570000 LB 0x1000 (base 00007ff9cb570000) - 'setupapi.dll'
|
|---|
| 751 | 32c0.2260: 00007ff9cb571000-00007ff9cb648fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\setupapi.dll
|
|---|
| 752 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb571000 LB 0xd8000 (base 00007ff9cb570000) - 'setupapi.dll'
|
|---|
| 753 | 32c0.2260: 00007ff9cb649000-00007ff9cb683fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\setupapi.dll
|
|---|
| 754 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb649000 LB 0x3b000 (base 00007ff9cb570000) - 'setupapi.dll'
|
|---|
| 755 | 32c0.2260: 00007ff9cb684000-00007ff9cb685fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\setupapi.dll
|
|---|
| 756 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb684000 LB 0x2000 (base 00007ff9cb570000) - 'setupapi.dll'
|
|---|
| 757 | 32c0.2260: 00007ff9cb686000-00007ff9cb9dffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\setupapi.dll
|
|---|
| 758 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb686000 LB 0x35a000 (base 00007ff9cb570000) - 'setupapi.dll'
|
|---|
| 759 | 32c0.2260: *00007ff9cb9e0000-00007ff9cb9e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\gdi32.dll
|
|---|
| 760 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb9e0000 LB 0x1000 (base 00007ff9cb9e0000) - 'gdi32.dll'
|
|---|
| 761 | 32c0.2260: 00007ff9cb9e1000-00007ff9cb9ecfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\gdi32.dll
|
|---|
| 762 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb9e1000 LB 0xc000 (base 00007ff9cb9e0000) - 'gdi32.dll'
|
|---|
| 763 | 32c0.2260: 00007ff9cb9ed000-00007ff9cb9fffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\gdi32.dll
|
|---|
| 764 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cb9ed000 LB 0x13000 (base 00007ff9cb9e0000) - 'gdi32.dll'
|
|---|
| 765 | 32c0.2260: 00007ff9cba00000-00007ff9cba00fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\gdi32.dll
|
|---|
| 766 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cba00000 LB 0x1000 (base 00007ff9cb9e0000) - 'gdi32.dll'
|
|---|
| 767 | 32c0.2260: 00007ff9cba01000-00007ff9cba05fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\gdi32.dll
|
|---|
| 768 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cba01000 LB 0x5000 (base 00007ff9cb9e0000) - 'gdi32.dll'
|
|---|
| 769 | 32c0.2260: 00007ff9cba06000-00007ff9cba0ffff 0x0001/0x0000 0x0000000
|
|---|
| 770 | 32c0.2260: *00007ff9cba10000-00007ff9cba10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\psapi.dll
|
|---|
| 771 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cba10000 LB 0x1000 (base 00007ff9cba10000) - 'psapi.dll'
|
|---|
| 772 | 32c0.2260: 00007ff9cba11000-00007ff9cba11fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\psapi.dll
|
|---|
| 773 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cba11000 LB 0x1000 (base 00007ff9cba10000) - 'psapi.dll'
|
|---|
| 774 | 32c0.2260: 00007ff9cba12000-00007ff9cba13fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\psapi.dll
|
|---|
| 775 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cba12000 LB 0x2000 (base 00007ff9cba10000) - 'psapi.dll'
|
|---|
| 776 | 32c0.2260: 00007ff9cba14000-00007ff9cba14fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\psapi.dll
|
|---|
| 777 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cba14000 LB 0x1000 (base 00007ff9cba10000) - 'psapi.dll'
|
|---|
| 778 | 32c0.2260: 00007ff9cba15000-00007ff9cba17fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\psapi.dll
|
|---|
| 779 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cba15000 LB 0x3000 (base 00007ff9cba10000) - 'psapi.dll'
|
|---|
| 780 | 32c0.2260: 00007ff9cba18000-00007ff9cbb4ffff 0x0001/0x0000 0x0000000
|
|---|
| 781 | 32c0.2260: *00007ff9cbb50000-00007ff9cbb50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\shell32.dll
|
|---|
| 782 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cbb50000 LB 0x1000 (base 00007ff9cbb50000) - 'shell32.dll'
|
|---|
| 783 | 32c0.2260: 00007ff9cbb51000-00007ff9cc0aefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\shell32.dll
|
|---|
| 784 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cbb51000 LB 0x55e000 (base 00007ff9cbb50000) - 'shell32.dll'
|
|---|
| 785 | 32c0.2260: 00007ff9cc0af000-00007ff9cc1c8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\shell32.dll
|
|---|
| 786 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cc0af000 LB 0x11a000 (base 00007ff9cbb50000) - 'shell32.dll'
|
|---|
| 787 | 32c0.2260: 00007ff9cc1c9000-00007ff9cc1cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\shell32.dll
|
|---|
| 788 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cc1c9000 LB 0x7000 (base 00007ff9cbb50000) - 'shell32.dll'
|
|---|
| 789 | 32c0.2260: 00007ff9cc1d0000-00007ff9cc1d1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\shell32.dll
|
|---|
| 790 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cc1d0000 LB 0x2000 (base 00007ff9cbb50000) - 'shell32.dll'
|
|---|
| 791 | 32c0.2260: 00007ff9cc1d2000-00007ff9cc236fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\shell32.dll
|
|---|
| 792 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cc1d2000 LB 0x65000 (base 00007ff9cbb50000) - 'shell32.dll'
|
|---|
| 793 | 32c0.2260: 00007ff9cc237000-00007ff9cc2effff 0x0001/0x0000 0x0000000
|
|---|
| 794 | 32c0.2260: *00007ff9cc2f0000-00007ff9cc2f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll
|
|---|
| 795 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cc2f0000 LB 0x1000 (base 00007ff9cc2f0000) - 'rpcrt4.dll'
|
|---|
| 796 | 32c0.2260: 00007ff9cc2f1000-00007ff9cc3cefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll
|
|---|
| 797 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cc2f1000 LB 0xde000 (base 00007ff9cc2f0000) - 'rpcrt4.dll'
|
|---|
| 798 | 32c0.2260: 00007ff9cc3cf000-00007ff9cc3f8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll
|
|---|
| 799 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cc3cf000 LB 0x2a000 (base 00007ff9cc2f0000) - 'rpcrt4.dll'
|
|---|
| 800 | 32c0.2260: 00007ff9cc3f9000-00007ff9cc3fafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll
|
|---|
| 801 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cc3f9000 LB 0x2000 (base 00007ff9cc2f0000) - 'rpcrt4.dll'
|
|---|
| 802 | 32c0.2260: 00007ff9cc3fb000-00007ff9cc40efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll
|
|---|
| 803 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cc3fb000 LB 0x14000 (base 00007ff9cc2f0000) - 'rpcrt4.dll'
|
|---|
| 804 | 32c0.2260: 00007ff9cc40f000-00007ff9cc40ffff 0x0001/0x0000 0x0000000
|
|---|
| 805 | 32c0.2260: *00007ff9cc410000-00007ff9cc410fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ws2_32.dll
|
|---|
| 806 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cc410000 LB 0x1000 (base 00007ff9cc410000) - 'ws2_32.dll'
|
|---|
| 807 | 32c0.2260: 00007ff9cc411000-00007ff9cc457fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ws2_32.dll
|
|---|
| 808 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cc411000 LB 0x47000 (base 00007ff9cc410000) - 'ws2_32.dll'
|
|---|
| 809 | 32c0.2260: 00007ff9cc458000-00007ff9cc465fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ws2_32.dll
|
|---|
| 810 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cc458000 LB 0xe000 (base 00007ff9cc410000) - 'ws2_32.dll'
|
|---|
| 811 | 32c0.2260: 00007ff9cc466000-00007ff9cc466fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ws2_32.dll
|
|---|
| 812 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cc466000 LB 0x1000 (base 00007ff9cc410000) - 'ws2_32.dll'
|
|---|
| 813 | 32c0.2260: 00007ff9cc467000-00007ff9cc47efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ws2_32.dll
|
|---|
| 814 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cc467000 LB 0x18000 (base 00007ff9cc410000) - 'ws2_32.dll'
|
|---|
| 815 | 32c0.2260: 00007ff9cc47f000-00007ff9cc4fffff 0x0001/0x0000 0x0000000
|
|---|
| 816 | 32c0.2260: *00007ff9cc500000-00007ff9cc500fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel32.dll
|
|---|
| 817 | 32c0.2260: 00007ff9cc501000-00007ff9cc575fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel32.dll
|
|---|
| 818 | 32c0.2260: 00007ff9cc576000-00007ff9cc5a7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel32.dll
|
|---|
| 819 | 32c0.2260: 00007ff9cc5a8000-00007ff9cc5a8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel32.dll
|
|---|
| 820 | 32c0.2260: 00007ff9cc5a9000-00007ff9cc5a9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel32.dll
|
|---|
| 821 | 32c0.2260: 00007ff9cc5aa000-00007ff9cc5b1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel32.dll
|
|---|
| 822 | 32c0.2260: 00007ff9cc5b2000-00007ff9cc8affff 0x0001/0x0000 0x0000000
|
|---|
| 823 | 32c0.2260: *00007ff9cc8b0000-00007ff9cc8b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\user32.dll
|
|---|
| 824 | 32c0.2260: 00007ff9cc8b1000-00007ff9cc936fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\user32.dll
|
|---|
| 825 | 32c0.2260: 00007ff9cc937000-00007ff9cc956fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\user32.dll
|
|---|
| 826 | 32c0.2260: 00007ff9cc957000-00007ff9cc958fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\user32.dll
|
|---|
| 827 | 32c0.2260: 00007ff9cc959000-00007ff9cca43fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\user32.dll
|
|---|
| 828 | 32c0.2260: 00007ff9cca44000-00007ff9cca4ffff 0x0001/0x0000 0x0000000
|
|---|
| 829 | 32c0.2260: *00007ff9cca50000-00007ff9cca50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 830 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cca50000 LB 0x1000 (base 00007ff9cca50000) - 'advapi32.dll'
|
|---|
| 831 | 32c0.2260: 00007ff9cca51000-00007ff9ccaaffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 832 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cca51000 LB 0x5f000 (base 00007ff9cca50000) - 'advapi32.dll'
|
|---|
| 833 | 32c0.2260: 00007ff9ccab0000-00007ff9ccae4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 834 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccab0000 LB 0x35000 (base 00007ff9cca50000) - 'advapi32.dll'
|
|---|
| 835 | 32c0.2260: 00007ff9ccae5000-00007ff9ccae5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 836 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccae5000 LB 0x1000 (base 00007ff9cca50000) - 'advapi32.dll'
|
|---|
| 837 | 32c0.2260: 00007ff9ccae6000-00007ff9ccae6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 838 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccae6000 LB 0x1000 (base 00007ff9cca50000) - 'advapi32.dll'
|
|---|
| 839 | 32c0.2260: 00007ff9ccae7000-00007ff9ccae8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 840 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccae7000 LB 0x2000 (base 00007ff9cca50000) - 'advapi32.dll'
|
|---|
| 841 | 32c0.2260: 00007ff9ccae9000-00007ff9ccae9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 842 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccae9000 LB 0x1000 (base 00007ff9cca50000) - 'advapi32.dll'
|
|---|
| 843 | 32c0.2260: 00007ff9ccaea000-00007ff9ccaf2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 844 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccaea000 LB 0x9000 (base 00007ff9cca50000) - 'advapi32.dll'
|
|---|
| 845 | 32c0.2260: 00007ff9ccaf3000-00007ff9ccafffff 0x0001/0x0000 0x0000000
|
|---|
| 846 | 32c0.2260: *00007ff9ccb00000-00007ff9ccb00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ole32.dll
|
|---|
| 847 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccb00000 LB 0x1000 (base 00007ff9ccb00000) - 'ole32.dll'
|
|---|
| 848 | 32c0.2260: 00007ff9ccb01000-00007ff9ccbcafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ole32.dll
|
|---|
| 849 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccb01000 LB 0xca000 (base 00007ff9ccb00000) - 'ole32.dll'
|
|---|
| 850 | 32c0.2260: 00007ff9ccbcb000-00007ff9ccc27fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ole32.dll
|
|---|
| 851 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccbcb000 LB 0x5d000 (base 00007ff9ccb00000) - 'ole32.dll'
|
|---|
| 852 | 32c0.2260: 00007ff9ccc28000-00007ff9ccc29fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ole32.dll
|
|---|
| 853 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccc28000 LB 0x2000 (base 00007ff9ccb00000) - 'ole32.dll'
|
|---|
| 854 | 32c0.2260: 00007ff9ccc2a000-00007ff9ccc56fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ole32.dll
|
|---|
| 855 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccc2a000 LB 0x2d000 (base 00007ff9ccb00000) - 'ole32.dll'
|
|---|
| 856 | 32c0.2260: 00007ff9ccc57000-00007ff9ccc5ffff 0x0001/0x0000 0x0000000
|
|---|
| 857 | 32c0.2260: *00007ff9ccc60000-00007ff9ccc60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sechost.dll
|
|---|
| 858 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccc60000 LB 0x1000 (base 00007ff9ccc60000) - 'sechost.dll'
|
|---|
| 859 | 32c0.2260: 00007ff9ccc61000-00007ff9cccc1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sechost.dll
|
|---|
| 860 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccc61000 LB 0x61000 (base 00007ff9ccc60000) - 'sechost.dll'
|
|---|
| 861 | 32c0.2260: 00007ff9cccc2000-00007ff9ccce8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sechost.dll
|
|---|
| 862 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cccc2000 LB 0x27000 (base 00007ff9ccc60000) - 'sechost.dll'
|
|---|
| 863 | 32c0.2260: 00007ff9ccce9000-00007ff9ccce9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sechost.dll
|
|---|
| 864 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccce9000 LB 0x1000 (base 00007ff9ccc60000) - 'sechost.dll'
|
|---|
| 865 | 32c0.2260: 00007ff9cccea000-00007ff9ccceafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sechost.dll
|
|---|
| 866 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cccea000 LB 0x1000 (base 00007ff9ccc60000) - 'sechost.dll'
|
|---|
| 867 | 32c0.2260: 00007ff9ccceb000-00007ff9cccecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sechost.dll
|
|---|
| 868 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccceb000 LB 0x2000 (base 00007ff9ccc60000) - 'sechost.dll'
|
|---|
| 869 | 32c0.2260: 00007ff9ccced000-00007ff9cccf6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\sechost.dll
|
|---|
| 870 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccced000 LB 0xa000 (base 00007ff9ccc60000) - 'sechost.dll'
|
|---|
| 871 | 32c0.2260: 00007ff9cccf7000-00007ff9ccdcffff 0x0001/0x0000 0x0000000
|
|---|
| 872 | 32c0.2260: *00007ff9ccdd0000-00007ff9ccdd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\SHCore.dll
|
|---|
| 873 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccdd0000 LB 0x1000 (base 00007ff9ccdd0000) - 'SHCore.dll'
|
|---|
| 874 | 32c0.2260: 00007ff9ccdd1000-00007ff9cce40fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\SHCore.dll
|
|---|
| 875 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccdd1000 LB 0x70000 (base 00007ff9ccdd0000) - 'SHCore.dll'
|
|---|
| 876 | 32c0.2260: 00007ff9cce41000-00007ff9cce66fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\SHCore.dll
|
|---|
| 877 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cce41000 LB 0x26000 (base 00007ff9ccdd0000) - 'SHCore.dll'
|
|---|
| 878 | 32c0.2260: 00007ff9cce67000-00007ff9cce68fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\SHCore.dll
|
|---|
| 879 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cce67000 LB 0x2000 (base 00007ff9ccdd0000) - 'SHCore.dll'
|
|---|
| 880 | 32c0.2260: 00007ff9cce69000-00007ff9cce77fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\SHCore.dll
|
|---|
| 881 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cce69000 LB 0xf000 (base 00007ff9ccdd0000) - 'SHCore.dll'
|
|---|
| 882 | 32c0.2260: 00007ff9cce78000-00007ff9cce7ffff 0x0001/0x0000 0x0000000
|
|---|
| 883 | 32c0.2260: *00007ff9cce80000-00007ff9cce80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
|
|---|
| 884 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cce80000 LB 0x1000 (base 00007ff9cce80000) - 'oleaut32.dll'
|
|---|
| 885 | 32c0.2260: 00007ff9cce81000-00007ff9ccf0dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
|
|---|
| 886 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cce81000 LB 0x8d000 (base 00007ff9cce80000) - 'oleaut32.dll'
|
|---|
| 887 | 32c0.2260: 00007ff9ccf0e000-00007ff9ccf33fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
|
|---|
| 888 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccf0e000 LB 0x26000 (base 00007ff9cce80000) - 'oleaut32.dll'
|
|---|
| 889 | 32c0.2260: 00007ff9ccf34000-00007ff9ccf36fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
|
|---|
| 890 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccf34000 LB 0x3000 (base 00007ff9cce80000) - 'oleaut32.dll'
|
|---|
| 891 | 32c0.2260: 00007ff9ccf37000-00007ff9ccf44fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
|
|---|
| 892 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccf37000 LB 0xe000 (base 00007ff9cce80000) - 'oleaut32.dll'
|
|---|
| 893 | 32c0.2260: 00007ff9ccf45000-00007ff9ccf4ffff 0x0001/0x0000 0x0000000
|
|---|
| 894 | 32c0.2260: *00007ff9ccf50000-00007ff9ccf50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\combase.dll
|
|---|
| 895 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccf50000 LB 0x1000 (base 00007ff9ccf50000) - 'combase.dll'
|
|---|
| 896 | 32c0.2260: 00007ff9ccf51000-00007ff9cd16ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\combase.dll
|
|---|
| 897 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9ccf51000 LB 0x21f000 (base 00007ff9ccf50000) - 'combase.dll'
|
|---|
| 898 | 32c0.2260: 00007ff9cd170000-00007ff9cd232fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\combase.dll
|
|---|
| 899 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cd170000 LB 0xc3000 (base 00007ff9ccf50000) - 'combase.dll'
|
|---|
| 900 | 32c0.2260: 00007ff9cd233000-00007ff9cd238fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\combase.dll
|
|---|
| 901 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cd233000 LB 0x6000 (base 00007ff9ccf50000) - 'combase.dll'
|
|---|
| 902 | 32c0.2260: 00007ff9cd239000-00007ff9cd285fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\combase.dll
|
|---|
| 903 | 32c0.2260: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ff9cd239000 LB 0x4d000 (base 00007ff9ccf50000) - 'combase.dll'
|
|---|
| 904 | 32c0.2260: 00007ff9cd286000-00007ff9cd2dffff 0x0001/0x0000 0x0000000
|
|---|
| 905 | 32c0.2260: *00007ff9cd2e0000-00007ff9cd2e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 906 | 32c0.2260: 00007ff9cd2e1000-00007ff9cd3f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 907 | 32c0.2260: 00007ff9cd3f8000-00007ff9cd43efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 908 | 32c0.2260: 00007ff9cd43f000-00007ff9cd43ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 909 | 32c0.2260: 00007ff9cd440000-00007ff9cd441fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 910 | 32c0.2260: 00007ff9cd442000-00007ff9cd44afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 911 | 32c0.2260: 00007ff9cd44b000-00007ff9cd4cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 912 | 32c0.2260: *00007ff9cd4d0000-00007ff9cd4dffff 0x0040/0x0040 0x0020000 !!
|
|---|
| 913 | 32c0.2260: 00007ff9cd4e0000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 914 | 32c0.2260: user32.dll: timestamp 0xe196962b (rc=VINF_SUCCESS)
|
|---|
| 915 | 32c0.2260: kernel32.dll: timestamp 0x95d197ef (rc=VINF_SUCCESS)
|
|---|
| 916 | 32c0.2260: kernelbase.dll: timestamp 0x5ae7af90 (rc=VINF_SUCCESS)
|
|---|
| 917 | 32c0.2260: VirtualBoxVM.exe: timestamp 0x61018314 (rc=VINF_SUCCESS)
|
|---|
| 918 | 32c0.2260: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 919 | 32c0.2260: '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 920 | 32c0.2260: '\Device\HarddiskVolume7\Windows\System32\ntdll.dll' has no imports
|
|---|
| 921 | 32c0.2260: ntdll.dll: Differences in section #1 (.text) between file and memory:
|
|---|
| 922 | 32c0.2260: 00007ff9cd37cf50 / 0x009cf50: 4c != e9
|
|---|
| 923 | 32c0.2260: 00007ff9cd37cf51 / 0x009cf51: 8b != 2b
|
|---|
| 924 | 32c0.2260: 00007ff9cd37cf52 / 0x009cf52: d1 != 36
|
|---|
| 925 | 32c0.2260: 00007ff9cd37cf53 / 0x009cf53: b8 != 15
|
|---|
| 926 | 32c0.2260: 00007ff9cd37cf54 / 0x009cf54: 06 != 00
|
|---|
| 927 | 32c0.2260: 00007ff9cd37cf70 / 0x009cf70: 4c != e9
|
|---|
| 928 | 32c0.2260: 00007ff9cd37cf71 / 0x009cf71: 8b != 4b
|
|---|
| 929 | 32c0.2260: 00007ff9cd37cf72 / 0x009cf72: d1 != 38
|
|---|
| 930 | 32c0.2260: 00007ff9cd37cf73 / 0x009cf73: b8 != 15
|
|---|
| 931 | 32c0.2260: 00007ff9cd37cf74 / 0x009cf74: 07 != 00
|
|---|
| 932 | 32c0.2260: 00007ff9cd37cf90 / 0x009cf90: 4c != e9
|
|---|
| 933 | 32c0.2260: 00007ff9cd37cf91 / 0x009cf91: 8b != 0b
|
|---|
| 934 | 32c0.2260: 00007ff9cd37cf92 / 0x009cf92: d1 != 36
|
|---|
| 935 | 32c0.2260: 00007ff9cd37cf93 / 0x009cf93: b8 != 15
|
|---|
| 936 | 32c0.2260: 00007ff9cd37cf94 / 0x009cf94: 08 != 00
|
|---|
| 937 | 32c0.2260: 00007ff9cd37d070 / 0x009d070: 4c != e9
|
|---|
| 938 | 32c0.2260: 00007ff9cd37d071 / 0x009d071: 8b != eb
|
|---|
| 939 | 32c0.2260: 00007ff9cd37d072 / 0x009d072: d1 != 34
|
|---|
| 940 | 32c0.2260: 00007ff9cd37d073 / 0x009d073: b8 != 15
|
|---|
| 941 | 32c0.2260: 00007ff9cd37d074 / 0x009d074: 0f != 00
|
|---|
| 942 | 32c0.2260: 00007ff9cd37d0b0 / 0x009d0b0: 4c != e9
|
|---|
| 943 | 32c0.2260: 00007ff9cd37d0b1 / 0x009d0b1: 8b != 0b
|
|---|
| 944 | 32c0.2260: 00007ff9cd37d0b2 / 0x009d0b2: d1 != 35
|
|---|
| 945 | 32c0.2260: 00007ff9cd37d0b3 / 0x009d0b3: b8 != 15
|
|---|
| 946 | 32c0.2260: 00007ff9cd37d0b4 / 0x009d0b4: 11 != 00
|
|---|
| 947 | 32c0.2260: 00007ff9cd37d350 / 0x009d350: 4c != e9
|
|---|
| 948 | 32c0.2260: 00007ff9cd37d351 / 0x009d351: 8b != ab
|
|---|
| 949 | 32c0.2260: 00007ff9cd37d352 / 0x009d352: d1 != 2c
|
|---|
| 950 | 32c0.2260: 00007ff9cd37d353 / 0x009d353: b8 != 15
|
|---|
| 951 | 32c0.2260: 00007ff9cd37d354 / 0x009d354: 26 != 00
|
|---|
| 952 | 32c0.2260: 00007ff9cd37d370 / 0x009d370: 4c != e9
|
|---|
| 953 | 32c0.2260: 00007ff9cd37d371 / 0x009d371: 8b != 6b
|
|---|
| 954 | 32c0.2260: 00007ff9cd37d372 / 0x009d372: d1 != 32
|
|---|
| 955 | 32c0.2260: 00007ff9cd37d373 / 0x009d373: b8 != 15
|
|---|
| 956 | 32c0.2260: 00007ff9cd37d374 / 0x009d374: 27 != 00
|
|---|
| 957 | 32c0.2260: 00007ff9cd37d410 / 0x009d410: 4c != e9
|
|---|
| 958 | 32c0.2260: 00007ff9cd37d411 / 0x009d411: 8b != 0b
|
|---|
| 959 | 32c0.2260: 00007ff9cd37d412 / 0x009d412: d1 != 2c
|
|---|
| 960 | 32c0.2260: 00007ff9cd37d413 / 0x009d413: b8 != 15
|
|---|
| 961 | 32c0.2260: 00007ff9cd37d414 / 0x009d414: 2c != 00
|
|---|
| 962 | 32c0.2260: 00007ff9cd37d4f0 / 0x009d4f0: 4c != e9
|
|---|
| 963 | 32c0.2260: 00007ff9cd37d4f1 / 0x009d4f1: 8b != 4b
|
|---|
| 964 | 32c0.2260: 00007ff9cd37d4f2 / 0x009d4f2: d1 != 30
|
|---|
| 965 | 32c0.2260: 00007ff9cd37d4f3 / 0x009d4f3: b8 != 15
|
|---|
| 966 | 32c0.2260: 00007ff9cd37d4f4 / 0x009d4f4: 33 != 00
|
|---|
| 967 | 32c0.2260: 00007ff9cd37d570 / 0x009d570: 4c != e9
|
|---|
| 968 | 32c0.2260: 00007ff9cd37d571 / 0x009d571: 8b != 6b
|
|---|
| 969 | 32c0.2260: 00007ff9cd37d572 / 0x009d572: d1 != 31
|
|---|
| 970 | 32c0.2260: 00007ff9cd37d573 / 0x009d573: b8 != 15
|
|---|
| 971 | 32c0.2260: 00007ff9cd37d574 / 0x009d574: 37 != 00
|
|---|
| 972 | 32c0.2260: 00007ff9cd37d5b0 / 0x009d5b0: 4c != e9
|
|---|
| 973 | 32c0.2260: 00007ff9cd37d5b1 / 0x009d5b1: 8b != eb
|
|---|
| 974 | 32c0.2260: 00007ff9cd37d5b2 / 0x009d5b2: d1 != 31
|
|---|
| 975 | 32c0.2260: 00007ff9cd37d5b3 / 0x009d5b3: b8 != 15
|
|---|
| 976 | 32c0.2260: 00007ff9cd37d5b4 / 0x009d5b4: 39 != 00
|
|---|
| 977 | 32c0.2260: 00007ff9cd37d7d0 / 0x009d7d0: 4c != e9
|
|---|
| 978 | 32c0.2260: 00007ff9cd37d7d1 / 0x009d7d1: 8b != eb
|
|---|
| 979 | 32c0.2260: 00007ff9cd37d7d2 / 0x009d7d2: d1 != 2e
|
|---|
| 980 | 32c0.2260: 00007ff9cd37d7d3 / 0x009d7d3: b8 != 15
|
|---|
| 981 | 32c0.2260: 00007ff9cd37d7d4 / 0x009d7d4: 4a != 00
|
|---|
| 982 | 32c0.2260: 00007ff9cd37d930 / 0x009d930: 4c != e9
|
|---|
| 983 | 32c0.2260: 00007ff9cd37d931 / 0x009d931: 8b != eb
|
|---|
| 984 | 32c0.2260: 00007ff9cd37d932 / 0x009d932: d1 != 2b
|
|---|
| 985 | 32c0.2260: 00007ff9cd37d933 / 0x009d933: b8 != 15
|
|---|
| 986 | 32c0.2260: 00007ff9cd37d934 / 0x009d934: 55 != 00
|
|---|
| 987 | 32c0.2260: Restored 0x2000 bytes of original file content at 00007ff9cd37c04e
|
|---|
| 988 | 32c0.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
|
|---|
| 989 | 32c0.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
|
|---|
| 990 | 32c0.2260: supHardNtVpGetImport: Failed to find symbol 0xffffffff / 'NtUserRegisterClassExWOW' in 'win32u.dll': Unknown Status -610 (0xfffffd9e)
|
|---|
| 991 | 32c0.2260: Error (rc=-5629):
|
|---|
| 992 | 32c0.2260: RTLdrGetBits failed on image user32.dll: Unknown Status -610 (0xfffffd9e)
|
|---|
| 993 | 32c0.2260: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> Unknown Status -5629 (0xffffea03), cFixes=1
|
|---|
| 994 | 32c0.2260: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 995 | 32c0.2260: '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 996 | 32c0.2260: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 997 | 32c0.2260: supR3HardNtEnableThreadCreationEx:
|
|---|
| 998 | 32c0.2260: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9cd352040 pvNtTerminateThread=00007ff9cd37d8f0
|
|---|
| 999 | 32c0.2260: supR3HardenedWinDoReSpawn(1): New child 3b30.31a8 [kernel32].
|
|---|
| 1000 | 32c0.2260: supR3HardNtChildGatherData: PebBaseAddress=0000000000a57000 cbPeb=0x388
|
|---|
| 1001 | 32c0.2260: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9cd2e0000 uNtDllChildAddr=00007ff9cd2e0000
|
|---|
| 1002 | 32c0.2260: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9cd352040
|
|---|
| 1003 | 32c0.2260: supR3HardenedWinSetupChildInit: Initial context:
|
|---|
| 1004 | rax=0000000000000000 rbx=0000000000000000 rcx=00007ff69a9b7900 rdx=0000000000a57000
|
|---|
| 1005 | rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
|
|---|
| 1006 | r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
|
|---|
| 1007 | r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
|
|---|
| 1008 | rip=00007ff9cd34d700 rsp=0000000000d1fde8 rbp=0000000000000000 ctxflags=0010001b
|
|---|
| 1009 | cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
|
|---|
| 1010 | P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
|
|---|
| 1011 | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
|
|---|
| 1012 | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
|
|---|
| 1013 | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
|
|---|
| 1014 | 32c0.2260: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 1015 | 32c0.2260: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
|
|---|
| 1016 | 32c0.2260: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 30 sleeps
|
|---|
| 1017 | 32c0.2260: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 1018 | 32c0.2260: *0000000000000000-00000000009cffff 0x0001/0x0000 0x0000000
|
|---|
| 1019 | 32c0.2260: *00000000009d0000-00000000009effff 0x0004/0x0004 0x0020000
|
|---|
| 1020 | 32c0.2260: *00000000009f0000-00000000009f3fff 0x0002/0x0002 0x0040000
|
|---|
| 1021 | 32c0.2260: 00000000009f4000-00000000009fffff 0x0001/0x0000 0x0000000
|
|---|
| 1022 | 32c0.2260: *0000000000a00000-0000000000a56fff 0x0000/0x0004 0x0020000
|
|---|
| 1023 | 32c0.2260: 0000000000a57000-0000000000a59fff 0x0004/0x0004 0x0020000
|
|---|
| 1024 | 32c0.2260: 0000000000a5a000-0000000000bfffff 0x0000/0x0004 0x0020000
|
|---|
| 1025 | 32c0.2260: *0000000000c00000-0000000000c1afff 0x0002/0x0002 0x0040000
|
|---|
| 1026 | 32c0.2260: 0000000000c1b000-0000000000c1ffff 0x0001/0x0000 0x0000000
|
|---|
| 1027 | 32c0.2260: *0000000000c20000-0000000000d1afff 0x0000/0x0004 0x0020000
|
|---|
| 1028 | 32c0.2260: 0000000000d1b000-0000000000d1dfff 0x0104/0x0004 0x0020000
|
|---|
| 1029 | 32c0.2260: 0000000000d1e000-0000000000d1ffff 0x0004/0x0004 0x0020000
|
|---|
| 1030 | 32c0.2260: *0000000000d20000-0000000000d21fff 0x0004/0x0004 0x0020000
|
|---|
| 1031 | 32c0.2260: 0000000000d22000-0000000000d2ffff 0x0001/0x0000 0x0000000
|
|---|
| 1032 | 32c0.2260: *0000000000d30000-0000000000d30fff 0x0040/0x0040 0x0020000 !!
|
|---|
| 1033 | 32c0.2260: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000d30000 (LB 0x1000, 0000000000d30000 LB 0x1000)
|
|---|
| 1034 | 32c0.2260: 0000000006893d80/0000: 55 48 83 ec 10 48 8b ec-48 81 ec 00 02 00 00 e8 UH...H..H.......
|
|---|
| 1035 | 0000000006893d90/0010: 00 00 00 00 5e 48 81 c6-ac 00 00 00 4c 8d 4d 00 ....^H......L.M.
|
|---|
| 1036 | 0000000006893da0/0020: 4c 8d 46 10 33 d2 33 c9-ff 16 85 c0 75 1c 4c 8d L.F.3.3.....u.L.
|
|---|
| 1037 | 0000000006893db0/0030: 4d 08 45 33 c0 48 8d 56-20 48 8b 4d 00 ff 56 08 M.E3.H.V H.M..V.
|
|---|
| 1038 | 0000000006893dc0/0040: 85 c0 75 06 48 8b 45 08-ff d0 48 81 c4 10 02 00 ..u.H.E...H.....
|
|---|
| 1039 | 0000000006893dd0/0050: 00 5d c3 66 66 66 90 66-66 66 90 66 66 90 66 90 .].fff.fff.ff.f.
|
|---|
| 1040 | 0000000006893de0/0060: c3 66 66 66 90 66 66 66-90 66 66 66 90 66 66 90 .fff.fff.fff.ff.
|
|---|
| 1041 | 0000000006893df0/0070: 55 8b ec 83 c4 f8 56 e8-00 00 00 00 5e 81 c6 44 U.....V.....^..D
|
|---|
| 1042 | 0000000006893e00/0080: 00 00 00 8d 45 fc 50 8d-46 08 50 6a 00 6a 00 2e ....E.P.F.Pj.j..
|
|---|
| 1043 | 0000000006893e10/0090: ff 16 85 c0 75 18 8d 45-f8 50 6a 00 8d 46 10 50 ....u..E.Pj..F.P
|
|---|
| 1044 | 0000000006893e20/00a0: ff 75 fc 2e ff 56 04 85-c0 75 03 ff 55 f8 5e c9 .u...V...u..U.^.
|
|---|
| 1045 | 0000000006893e30/00b0: c2 0c 00 66 66 66 90 66-66 66 90 66 66 90 66 90 ...fff.fff.ff.f.
|
|---|
| 1046 | 0000000006893e40/00c0: 00 16 30 cd f9 7f 00 00-b0 eb 35 cd f9 7f 00 00 ..0.......5.....
|
|---|
| 1047 | 0000000006893e50/00d0: 3e 00 3e 00 00 00 00 00-f0 00 d3 00 00 00 00 00 >.>.............
|
|---|
| 1048 | 0000000006893e60/00e0: 09 00 09 00 00 00 00 00-2e 01 d3 00 00 00 00 00 ................
|
|---|
| 1049 | 0000000006893e70/00f0: 43 00 3a 00 5c 00 57 00-69 00 6e 00 64 00 6f 00 C.:.\.W.i.n.d.o.
|
|---|
| 1050 | 32c0.2260: 0000000006893e80/0000: 77 00 73 00 5c 00 53 00-79 00 73 00 74 00 65 00 w.s.\.S.y.s.t.e.
|
|---|
| 1051 | 0000000006893e90/0010: 6d 00 33 00 32 00 5c 00-73 00 64 00 63 00 6b 00 m.3.2.\.s.d.c.k.
|
|---|
| 1052 | 0000000006893ea0/0020: 65 00 72 00 6e 00 2e 00-64 00 6c 00 6c 00 45 6e e.r.n...d.l.l.En
|
|---|
| 1053 | 0000000006893eb0/0030: 76 69 72 49 6e 69 74 00-00 00 00 00 00 00 00 00 virInit.........
|
|---|
| 1054 | 0000000006893ec0/0040: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
|
|---|
| 1055 | **************** **** <ditto x 10>
|
|---|
| 1056 | 0000000006893f70/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
|
|---|
| 1057 | 32c0.2260: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000d30000/0000000000d30000 LB 0/0x1000]
|
|---|
| 1058 | 32c0.2260: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000d30000 LB 0x7f2b0000 s=0x10000 ap=0x0 rp=0x00000000000001
|
|---|
| 1059 | 32c0.2260: 0000000000d31000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 1060 | 32c0.2260: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 1061 | 32c0.2260: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
|
|---|
| 1062 | 32c0.2260: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
|
|---|
| 1063 | 32c0.2260: 000000007ffea000-00007ff5e936ffff 0x0001/0x0000 0x0000000
|
|---|
| 1064 | 32c0.2260: *00007ff5e9370000-00007ff5e9370fff 0x0002/0x0002 0x0040000
|
|---|
| 1065 | 32c0.2260: 00007ff5e9371000-00007ff5e937ffff 0x0001/0x0000 0x0000000
|
|---|
| 1066 | 32c0.2260: *00007ff5e9380000-00007ff5e93b2fff 0x0002/0x0002 0x0040000
|
|---|
| 1067 | 32c0.2260: 00007ff5e93b3000-00007ff69a9affff 0x0001/0x0000 0x0000000
|
|---|
| 1068 | 32c0.2260: *00007ff69a9b0000-00007ff69a9b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1069 | 32c0.2260: 00007ff69a9b1000-00007ff69aa27fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1070 | 32c0.2260: 00007ff69aa28000-00007ff69aa28fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1071 | 32c0.2260: 00007ff69aa29000-00007ff69aa71fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1072 | 32c0.2260: 00007ff69aa72000-00007ff69aa72fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1073 | 32c0.2260: 00007ff69aa73000-00007ff69aa73fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1074 | 32c0.2260: 00007ff69aa74000-00007ff69aa78fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1075 | 32c0.2260: 00007ff69aa79000-00007ff69aa79fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1076 | 32c0.2260: 00007ff69aa7a000-00007ff69aa7afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1077 | 32c0.2260: 00007ff69aa7b000-00007ff69aa7efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1078 | 32c0.2260: 00007ff69aa7f000-00007ff69aac7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1079 | 32c0.2260: 00007ff69aac8000-00007ff9cd2dffff 0x0001/0x0000 0x0000000
|
|---|
| 1080 | 32c0.2260: *00007ff9cd2e0000-00007ff9cd2e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1081 | 32c0.2260: 00007ff9cd2e1000-00007ff9cd3f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1082 | 32c0.2260: 00007ff9cd3f8000-00007ff9cd43efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1083 | 32c0.2260: 00007ff9cd43f000-00007ff9cd44afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1084 | 32c0.2260: 00007ff9cd44b000-00007ff9cd459fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1085 | 32c0.2260: 00007ff9cd45a000-00007ff9cd45afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1086 | 32c0.2260: 00007ff9cd45b000-00007ff9cd45dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1087 | 32c0.2260: 00007ff9cd45e000-00007ff9cd4cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1088 | 32c0.2260: 00007ff9cd4d0000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 1089 | 32c0.2260: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
|
|---|
| 1090 | 32c0.2260: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 60 sleeps
|
|---|
| 1091 | 32c0.2260: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 1092 | 32c0.2260: *0000000000000000-00000000009cffff 0x0001/0x0000 0x0000000
|
|---|
| 1093 | 32c0.2260: *00000000009d0000-00000000009effff 0x0004/0x0004 0x0020000
|
|---|
| 1094 | 32c0.2260: *00000000009f0000-00000000009f3fff 0x0002/0x0002 0x0040000
|
|---|
| 1095 | 32c0.2260: 00000000009f4000-00000000009fffff 0x0001/0x0000 0x0000000
|
|---|
| 1096 | 32c0.2260: *0000000000a00000-0000000000a56fff 0x0000/0x0004 0x0020000
|
|---|
| 1097 | 32c0.2260: 0000000000a57000-0000000000a59fff 0x0004/0x0004 0x0020000
|
|---|
| 1098 | 32c0.2260: 0000000000a5a000-0000000000bfffff 0x0000/0x0004 0x0020000
|
|---|
| 1099 | 32c0.2260: *0000000000c00000-0000000000c1afff 0x0002/0x0002 0x0040000
|
|---|
| 1100 | 32c0.2260: 0000000000c1b000-0000000000c1ffff 0x0001/0x0000 0x0000000
|
|---|
| 1101 | 32c0.2260: *0000000000c20000-0000000000d1afff 0x0000/0x0004 0x0020000
|
|---|
| 1102 | 32c0.2260: 0000000000d1b000-0000000000d1dfff 0x0104/0x0004 0x0020000
|
|---|
| 1103 | 32c0.2260: 0000000000d1e000-0000000000d1ffff 0x0004/0x0004 0x0020000
|
|---|
| 1104 | 32c0.2260: *0000000000d20000-0000000000d21fff 0x0004/0x0004 0x0020000
|
|---|
| 1105 | 32c0.2260: 0000000000d22000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 1106 | 32c0.2260: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 1107 | 32c0.2260: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
|
|---|
| 1108 | 32c0.2260: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
|
|---|
| 1109 | 32c0.2260: 000000007ffea000-00007ff5e936ffff 0x0001/0x0000 0x0000000
|
|---|
| 1110 | 32c0.2260: *00007ff5e9370000-00007ff5e9370fff 0x0002/0x0002 0x0040000
|
|---|
| 1111 | 32c0.2260: 00007ff5e9371000-00007ff5e937ffff 0x0001/0x0000 0x0000000
|
|---|
| 1112 | 32c0.2260: *00007ff5e9380000-00007ff5e93b2fff 0x0002/0x0002 0x0040000
|
|---|
| 1113 | 32c0.2260: 00007ff5e93b3000-00007ff69a9affff 0x0001/0x0000 0x0000000
|
|---|
| 1114 | 32c0.2260: *00007ff69a9b0000-00007ff69a9b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1115 | 32c0.2260: 00007ff69a9b1000-00007ff69aa27fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1116 | 32c0.2260: 00007ff69aa28000-00007ff69aa28fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1117 | 32c0.2260: 00007ff69aa29000-00007ff69aa71fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1118 | 32c0.2260: 00007ff69aa72000-00007ff69aa7efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1119 | 32c0.2260: 00007ff69aa7f000-00007ff69aac7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1120 | 32c0.2260: 00007ff69aac8000-00007ff9cd2dffff 0x0001/0x0000 0x0000000
|
|---|
| 1121 | 32c0.2260: *00007ff9cd2e0000-00007ff9cd2e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1122 | 32c0.2260: 00007ff9cd2e1000-00007ff9cd3f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1123 | 32c0.2260: 00007ff9cd3f8000-00007ff9cd43efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1124 | 32c0.2260: 00007ff9cd43f000-00007ff9cd442fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1125 | 32c0.2260: 00007ff9cd443000-00007ff9cd44afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1126 | 32c0.2260: 00007ff9cd44b000-00007ff9cd459fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1127 | 32c0.2260: 00007ff9cd45a000-00007ff9cd45afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1128 | 32c0.2260: 00007ff9cd45b000-00007ff9cd45dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1129 | 32c0.2260: 00007ff9cd45e000-00007ff9cd4cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1130 | 32c0.2260: 00007ff9cd4d0000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 1131 | 32c0.2260: supR3HardNtChildPurify: Done after 884 ms and 1 fixes (loop #1).
|
|---|
| 1132 | 3b30.31a8: Log file opened: 6.1.26r145957 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00
|
|---|
| 1133 | 3b30.31a8: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9cd2e0000 g_uNtVerCombined=0xa047bb00 (stack ~0000000000d1f878)
|
|---|
| 1134 | 3b30.31a8: ntdll.dll: timestamp 0xd6055cfe (rc=VINF_SUCCESS)
|
|---|
| 1135 | 3b30.31a8: New simple heap: #1 0000000000e30000 LB 0x400000 (for 2031616 allocation)
|
|---|
| 1136 | 32c0.2260: supR3HardNtEnableThreadCreationEx:
|
|---|
| 1137 | 3b30.31a8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox'
|
|---|
| 1138 | 3b30.31a8: System32: \Device\HarddiskVolume7\Windows\System32
|
|---|
| 1139 | 3b30.31a8: WinSxS: \Device\HarddiskVolume7\Windows\WinSxS
|
|---|
| 1140 | 3b30.31a8: KnownDllPath: C:\Windows\System32
|
|---|
| 1141 | 3b30.31a8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
|
|---|
| 1142 | 3b30.31a8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
|
|---|
| 1143 | 3b30.31a8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
|
|---|
| 1144 | 3b30.31a8: Registered Dll notification callback with NTDLL.
|
|---|
| 1145 | 3b30.31a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\kernel32.dll)
|
|---|
| 1146 | 3b30.31a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\kernel32.dll
|
|---|
| 1147 | 3b30.31a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 1148 | 3b30.31a8: supR3HardenedDllNotificationCallback: load 00007ff9ca480000 LB 0x002a5000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
|
|---|
| 1149 | 3b30.31a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\KernelBase.dll)
|
|---|
| 1150 | 3b30.31a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\KernelBase.dll
|
|---|
| 1151 | 3b30.31a8: supR3HardenedDllNotificationCallback: load 00007ff9cc500000 LB 0x000b2000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
|
|---|
| 1152 | 3b30.31a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 1153 | 3b30.31a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cc500000 'C:\Windows\System32\KERNEL32.DLL'
|
|---|
| 1154 | 3b30.31a8: supR3HardenedDllNotificationCallback: load 00007ff69a9b0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
|
|---|
| 1155 | 3b30.31a8: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 1156 | 3b30.31a8: '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 1157 | 3b30.31a8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 1158 | 3b30.31a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1159 | 3b30.31a8: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=0000000000d30000 enmState=3 -> supR3HardenedWinDummyApcRoutine
|
|---|
| 1160 | 3b30.31a8: supR3HardenedWinDummyApcRoutine: pvArg1=0000000000000000 pvArg2=0000000000000000 pvArg3=0000000000000000
|
|---|
| 1161 | 3b30.31a8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9cd352040 pvNtTerminateThread=00007ff9cd37d8f0
|
|---|
| 1162 | 32c0.2260: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 225 ms.
|
|---|
| 1163 | 3b30.31a8: \SystemRoot\System32\ntdll.dll:
|
|---|
| 1164 | 3b30.31a8: CreationTime: 2021-05-18T03:33:49.382474100Z
|
|---|
| 1165 | 3b30.31a8: LastWriteTime: 2021-05-18T03:33:49.420509300Z
|
|---|
| 1166 | 3b30.31a8: ChangeTime: 2021-05-18T11:10:36.444488900Z
|
|---|
| 1167 | 3b30.31a8: FileAttributes: 0x20
|
|---|
| 1168 | 3b30.31a8: Size: 0x1e8068
|
|---|
| 1169 | 3b30.31a8: NT Headers: 0xd8
|
|---|
| 1170 | 3b30.31a8: Timestamp: 0xd6055cfe
|
|---|
| 1171 | 3b30.31a8: Machine: 0x8664 - amd64
|
|---|
| 1172 | 3b30.31a8: Timestamp: 0xd6055cfe
|
|---|
| 1173 | 3b30.31a8: Image Version: 10.0
|
|---|
| 1174 | 3b30.31a8: SizeOfImage: 0x1f0000 (2031616)
|
|---|
| 1175 | 3b30.31a8: Resource Dir: 0x17f000 LB 0x6f310
|
|---|
| 1176 | 3b30.31a8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 1177 | 3b30.31a8: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 1178 | 3b30.31a8: ProductName: Microsoft® Windows® Operating System
|
|---|
| 1179 | 3b30.31a8: ProductVersion: 10.0.18362.1533
|
|---|
| 1180 | 3b30.31a8: FileVersion: 10.0.18362.1533 (WinBuild.160101.0800)
|
|---|
| 1181 | 3b30.31a8: FileDescription: NT Layer DLL
|
|---|
| 1182 | 3b30.31a8: \SystemRoot\System32\kernel32.dll:
|
|---|
| 1183 | 3b30.31a8: CreationTime: 2021-04-14T05:23:20.244557900Z
|
|---|
| 1184 | 3b30.31a8: LastWriteTime: 2021-04-14T05:23:20.262528100Z
|
|---|
| 1185 | 3b30.31a8: ChangeTime: 2021-05-18T03:34:44.587413300Z
|
|---|
| 1186 | 3b30.31a8: FileAttributes: 0x20
|
|---|
| 1187 | 3b30.31a8: Size: 0xb04a8
|
|---|
| 1188 | 3b30.31a8: NT Headers: 0xf8
|
|---|
| 1189 | 3b30.31a8: Timestamp: 0x95d197ef
|
|---|
| 1190 | 3b30.31a8: Machine: 0x8664 - amd64
|
|---|
| 1191 | 3b30.31a8: Timestamp: 0x95d197ef
|
|---|
| 1192 | 3b30.31a8: Image Version: 10.0
|
|---|
| 1193 | 3b30.31a8: SizeOfImage: 0xb2000 (729088)
|
|---|
| 1194 | 3b30.31a8: Resource Dir: 0xb0000 LB 0x520
|
|---|
| 1195 | 3b30.31a8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 1196 | 3b30.31a8: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 1197 | 3b30.31a8: ProductName: Microsoft® Windows® Operating System
|
|---|
| 1198 | 3b30.31a8: ProductVersion: 10.0.18362.1500
|
|---|
| 1199 | 3b30.31a8: FileVersion: 10.0.18362.1500 (WinBuild.160101.0800)
|
|---|
| 1200 | 3b30.31a8: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 1201 | 3b30.31a8: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 1202 | 3b30.31a8: CreationTime: 2021-04-14T05:23:35.396646700Z
|
|---|
| 1203 | 3b30.31a8: LastWriteTime: 2021-04-14T05:23:35.466459500Z
|
|---|
| 1204 | 3b30.31a8: ChangeTime: 2021-05-18T03:34:44.914821000Z
|
|---|
| 1205 | 3b30.31a8: FileAttributes: 0x20
|
|---|
| 1206 | 3b30.31a8: Size: 0x2a5888
|
|---|
| 1207 | 3b30.31a8: NT Headers: 0x100
|
|---|
| 1208 | 3b30.31a8: Timestamp: 0x5ae7af90
|
|---|
| 1209 | 3b30.31a8: Machine: 0x8664 - amd64
|
|---|
| 1210 | 3b30.31a8: Timestamp: 0x5ae7af90
|
|---|
| 1211 | 3b30.31a8: Image Version: 10.0
|
|---|
| 1212 | 3b30.31a8: SizeOfImage: 0x2a5000 (2772992)
|
|---|
| 1213 | 3b30.31a8: Resource Dir: 0x27f000 LB 0x548
|
|---|
| 1214 | 3b30.31a8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 1215 | 3b30.31a8: [Raw version resource data: 0x27f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 1216 | 3b30.31a8: ProductName: Microsoft® Windows® Operating System
|
|---|
| 1217 | 3b30.31a8: ProductVersion: 10.0.18362.1474
|
|---|
| 1218 | 3b30.31a8: FileVersion: 10.0.18362.1474 (WinBuild.160101.0800)
|
|---|
| 1219 | 3b30.31a8: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 1220 | 3b30.31a8: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 1221 | 3b30.31a8: CreationTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 1222 | 3b30.31a8: LastWriteTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 1223 | 3b30.31a8: ChangeTime: 2021-05-18T03:34:44.560409000Z
|
|---|
| 1224 | 3b30.31a8: FileAttributes: 0x20
|
|---|
| 1225 | 3b30.31a8: Size: 0x1d028
|
|---|
| 1226 | 3b30.31a8: NT Headers: 0xc8
|
|---|
| 1227 | 3b30.31a8: Timestamp: 0xd6ced080
|
|---|
| 1228 | 3b30.31a8: Machine: 0x8664 - amd64
|
|---|
| 1229 | 3b30.31a8: Timestamp: 0xd6ced080
|
|---|
| 1230 | 3b30.31a8: Image Version: 10.0
|
|---|
| 1231 | 3b30.31a8: SizeOfImage: 0x1e000 (122880)
|
|---|
| 1232 | 3b30.31a8: Resource Dir: 0x1d000 LB 0x408
|
|---|
| 1233 | 3b30.31a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 1234 | 3b30.31a8: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 1235 | 3b30.31a8: ProductName: Microsoft® Windows® Operating System
|
|---|
| 1236 | 3b30.31a8: ProductVersion: 10.0.18362.1
|
|---|
| 1237 | 3b30.31a8: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
|
|---|
| 1238 | 3b30.31a8: FileDescription: ApiSet Schema DLL
|
|---|
| 1239 | 3b30.31a8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
|
|---|
| 1240 | 3b30.31a8: supR3HardenedWinFindAdversaries: 0x0
|
|---|
| 1241 | 3b30.31a8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox'
|
|---|
| 1242 | 3b30.31a8: Calling main()
|
|---|
| 1243 | 3b30.31a8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
|
|---|
| 1244 | 3b30.31a8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox'
|
|---|
| 1245 | 3b30.31a8: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 1246 | 3b30.31a8: '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 1247 | 3b30.31a8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 1248 | 3b30.31a8: SUPR3HardenedMain: Respawn #2
|
|---|
| 1249 | 3b30.31a8: supR3HardNtEnableThreadCreationEx:
|
|---|
| 1250 | 3b30.31a8: supR3HardenedDllNotificationCallback: load 00007ff9cc2f0000 LB 0x0011f000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
|
|---|
| 1251 | 3b30.31a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll)
|
|---|
| 1252 | 3b30.31a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll
|
|---|
| 1253 | 3b30.31a8: supR3HardenedDllNotificationCallback: load 00007ff9ccc60000 LB 0x00097000 C:\Windows\System32\sechost.dll [fFlags=0x0]
|
|---|
| 1254 | 3b30.31a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
|
|---|
| 1255 | 3b30.31a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\sechost.dll)
|
|---|
| 1256 | 3b30.31a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\sechost.dll
|
|---|
| 1257 | 3b30.31a8: '\Device\HarddiskVolume7\Windows\System32\ntdll.dll' has no imports
|
|---|
| 1258 | 3b30.31a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\ntdll.dll)
|
|---|
| 1259 | 3b30.31a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1260 | 3b30.31a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1261 | 3b30.31a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1262 | 3b30.31a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 1263 | 3b30.31a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1264 | 3b30.31a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cd2e0000 'C:\Windows\System32\ntdll.dll'
|
|---|
| 1265 | 3b30.31a8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9cd352040 pvNtTerminateThread=00007ff9cd37d8f0
|
|---|
| 1266 | 3b30.31a8: supR3HardenedWinDoReSpawn(2): New child 4238.25cc [kernel32].
|
|---|
| 1267 | 3b30.31a8: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
|
|---|
| 1268 | 3b30.31a8: supR3HardNtChildGatherData: PebBaseAddress=0000000000f75000 cbPeb=0x388
|
|---|
| 1269 | 3b30.31a8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9cd2e0000 uNtDllChildAddr=00007ff9cd2e0000
|
|---|
| 1270 | 3b30.31a8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9cd352040
|
|---|
| 1271 | 3b30.31a8: supR3HardenedWinSetupChildInit: Initial context:
|
|---|
| 1272 | rax=0000000000000000 rbx=0000000000000000 rcx=00007ff69a9b7900 rdx=0000000000f75000
|
|---|
| 1273 | rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
|
|---|
| 1274 | r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
|
|---|
| 1275 | r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
|
|---|
| 1276 | rip=00007ff9cd34d700 rsp=00000000010ffb38 rbp=0000000000000000 ctxflags=0010001b
|
|---|
| 1277 | cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
|
|---|
| 1278 | P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
|
|---|
| 1279 | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
|
|---|
| 1280 | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
|
|---|
| 1281 | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
|
|---|
| 1282 | 3b30.31a8: kernel32.dll: timestamp 0x95d197ef (rc=VINF_SUCCESS)
|
|---|
| 1283 | 3b30.31a8: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 1284 | 3b30.31a8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 1285 | 3b30.31a8: supR3HardNtChildPurify: Startup delay kludge #1/0: 261 ms, 30 sleeps
|
|---|
| 1286 | 3b30.31a8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 1287 | 3b30.31a8: *0000000000000000-0000000000d8ffff 0x0001/0x0000 0x0000000
|
|---|
| 1288 | 3b30.31a8: *0000000000d90000-0000000000daffff 0x0004/0x0004 0x0020000
|
|---|
| 1289 | 3b30.31a8: *0000000000db0000-0000000000dcafff 0x0002/0x0002 0x0040000
|
|---|
| 1290 | 3b30.31a8: 0000000000dcb000-0000000000dcffff 0x0001/0x0000 0x0000000
|
|---|
| 1291 | 3b30.31a8: *0000000000dd0000-0000000000dd3fff 0x0002/0x0002 0x0040000
|
|---|
| 1292 | 3b30.31a8: 0000000000dd4000-0000000000ddffff 0x0001/0x0000 0x0000000
|
|---|
| 1293 | 3b30.31a8: *0000000000de0000-0000000000de1fff 0x0004/0x0004 0x0020000
|
|---|
| 1294 | 3b30.31a8: 0000000000de2000-0000000000deffff 0x0001/0x0000 0x0000000
|
|---|
| 1295 | 3b30.31a8: *0000000000df0000-0000000000df0fff 0x0040/0x0040 0x0020000 !!
|
|---|
| 1296 | 3b30.31a8: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000df0000 (LB 0x1000, 0000000000df0000 LB 0x1000)
|
|---|
| 1297 | 3b30.31a8: 000000000148db40/0000: 55 48 83 ec 10 48 8b ec-48 81 ec 00 02 00 00 e8 UH...H..H.......
|
|---|
| 1298 | 000000000148db50/0010: 00 00 00 00 5e 48 81 c6-ac 00 00 00 4c 8d 4d 00 ....^H......L.M.
|
|---|
| 1299 | 000000000148db60/0020: 4c 8d 46 10 33 d2 33 c9-ff 16 85 c0 75 1c 4c 8d L.F.3.3.....u.L.
|
|---|
| 1300 | 000000000148db70/0030: 4d 08 45 33 c0 48 8d 56-20 48 8b 4d 00 ff 56 08 M.E3.H.V H.M..V.
|
|---|
| 1301 | 000000000148db80/0040: 85 c0 75 06 48 8b 45 08-ff d0 48 81 c4 10 02 00 ..u.H.E...H.....
|
|---|
| 1302 | 000000000148db90/0050: 00 5d c3 66 66 66 90 66-66 66 90 66 66 90 66 90 .].fff.fff.ff.f.
|
|---|
| 1303 | 000000000148dba0/0060: c3 66 66 66 90 66 66 66-90 66 66 66 90 66 66 90 .fff.fff.fff.ff.
|
|---|
| 1304 | 000000000148dbb0/0070: 55 8b ec 83 c4 f8 56 e8-00 00 00 00 5e 81 c6 44 U.....V.....^..D
|
|---|
| 1305 | 000000000148dbc0/0080: 00 00 00 8d 45 fc 50 8d-46 08 50 6a 00 6a 00 2e ....E.P.F.Pj.j..
|
|---|
| 1306 | 000000000148dbd0/0090: ff 16 85 c0 75 18 8d 45-f8 50 6a 00 8d 46 10 50 ....u..E.Pj..F.P
|
|---|
| 1307 | 000000000148dbe0/00a0: ff 75 fc 2e ff 56 04 85-c0 75 03 ff 55 f8 5e c9 .u...V...u..U.^.
|
|---|
| 1308 | 000000000148dbf0/00b0: c2 0c 00 66 66 66 90 66-66 66 90 66 66 90 66 90 ...fff.fff.ff.f.
|
|---|
| 1309 | 000000000148dc00/00c0: 00 16 30 cd f9 7f 00 00-b0 eb 35 cd f9 7f 00 00 ..0.......5.....
|
|---|
| 1310 | 000000000148dc10/00d0: 3e 00 3e 00 00 00 00 00-f0 00 df 00 00 00 00 00 >.>.............
|
|---|
| 1311 | 000000000148dc20/00e0: 09 00 09 00 00 00 00 00-2e 01 df 00 00 00 00 00 ................
|
|---|
| 1312 | 000000000148dc30/00f0: 43 00 3a 00 5c 00 57 00-69 00 6e 00 64 00 6f 00 C.:.\.W.i.n.d.o.
|
|---|
| 1313 | 3b30.31a8: 000000000148dc40/0000: 77 00 73 00 5c 00 53 00-79 00 73 00 74 00 65 00 w.s.\.S.y.s.t.e.
|
|---|
| 1314 | 000000000148dc50/0010: 6d 00 33 00 32 00 5c 00-73 00 64 00 63 00 6b 00 m.3.2.\.s.d.c.k.
|
|---|
| 1315 | 000000000148dc60/0020: 65 00 72 00 6e 00 2e 00-64 00 6c 00 6c 00 45 6e e.r.n...d.l.l.En
|
|---|
| 1316 | 000000000148dc70/0030: 76 69 72 49 6e 69 74 00-00 00 00 00 00 00 00 00 virInit.........
|
|---|
| 1317 | 000000000148dc80/0040: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
|
|---|
| 1318 | **************** **** <ditto x 10>
|
|---|
| 1319 | 000000000148dd30/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
|
|---|
| 1320 | 3b30.31a8: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000df0000/0000000000df0000 LB 0/0x1000]
|
|---|
| 1321 | 3b30.31a8: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000df0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
|
|---|
| 1322 | 3b30.31a8: 0000000000df1000-0000000000dfffff 0x0001/0x0000 0x0000000
|
|---|
| 1323 | 3b30.31a8: *0000000000e00000-0000000000f74fff 0x0000/0x0004 0x0020000
|
|---|
| 1324 | 3b30.31a8: 0000000000f75000-0000000000f77fff 0x0004/0x0004 0x0020000
|
|---|
| 1325 | 3b30.31a8: 0000000000f78000-0000000000ffffff 0x0000/0x0004 0x0020000
|
|---|
| 1326 | 3b30.31a8: *0000000001000000-00000000010fafff 0x0000/0x0004 0x0020000
|
|---|
| 1327 | 3b30.31a8: 00000000010fb000-00000000010fdfff 0x0104/0x0004 0x0020000
|
|---|
| 1328 | 3b30.31a8: 00000000010fe000-00000000010fffff 0x0004/0x0004 0x0020000
|
|---|
| 1329 | 3b30.31a8: 0000000001100000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 1330 | 3b30.31a8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 1331 | 3b30.31a8: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
|
|---|
| 1332 | 3b30.31a8: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
|
|---|
| 1333 | 3b30.31a8: 000000007ffea000-00007ff52e0effff 0x0001/0x0000 0x0000000
|
|---|
| 1334 | 3b30.31a8: *00007ff52e0f0000-00007ff52e0f0fff 0x0002/0x0002 0x0040000
|
|---|
| 1335 | 3b30.31a8: 00007ff52e0f1000-00007ff52e0fffff 0x0001/0x0000 0x0000000
|
|---|
| 1336 | 3b30.31a8: *00007ff52e100000-00007ff52e132fff 0x0002/0x0002 0x0040000
|
|---|
| 1337 | 3b30.31a8: 00007ff52e133000-00007ff69a9affff 0x0001/0x0000 0x0000000
|
|---|
| 1338 | 3b30.31a8: *00007ff69a9b0000-00007ff69a9b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1339 | 3b30.31a8: 00007ff69a9b1000-00007ff69aa27fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1340 | 3b30.31a8: 00007ff69aa28000-00007ff69aa28fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1341 | 3b30.31a8: 00007ff69aa29000-00007ff69aa71fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1342 | 3b30.31a8: 00007ff69aa72000-00007ff69aa72fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1343 | 3b30.31a8: 00007ff69aa73000-00007ff69aa73fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1344 | 3b30.31a8: 00007ff69aa74000-00007ff69aa78fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1345 | 3b30.31a8: 00007ff69aa79000-00007ff69aa79fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1346 | 3b30.31a8: 00007ff69aa7a000-00007ff69aa7afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1347 | 3b30.31a8: 00007ff69aa7b000-00007ff69aa7efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1348 | 3b30.31a8: 00007ff69aa7f000-00007ff69aac7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1349 | 3b30.31a8: 00007ff69aac8000-00007ff9cd2dffff 0x0001/0x0000 0x0000000
|
|---|
| 1350 | 3b30.31a8: *00007ff9cd2e0000-00007ff9cd2e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1351 | 3b30.31a8: 00007ff9cd2e1000-00007ff9cd3f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1352 | 3b30.31a8: 00007ff9cd3f8000-00007ff9cd43efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1353 | 3b30.31a8: 00007ff9cd43f000-00007ff9cd44afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1354 | 3b30.31a8: 00007ff9cd44b000-00007ff9cd459fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1355 | 3b30.31a8: 00007ff9cd45a000-00007ff9cd45afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1356 | 3b30.31a8: 00007ff9cd45b000-00007ff9cd45dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1357 | 3b30.31a8: 00007ff9cd45e000-00007ff9cd4cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1358 | 3b30.31a8: 00007ff9cd4d0000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 1359 | 3b30.31a8: VirtualBoxVM.exe: timestamp 0x61018314 (rc=VINF_SUCCESS)
|
|---|
| 1360 | 3b30.31a8: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 1361 | 3b30.31a8: '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 1362 | 3b30.31a8: '\Device\HarddiskVolume7\Windows\System32\ntdll.dll' has no imports
|
|---|
| 1363 | 3b30.31a8: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
|
|---|
| 1364 | 3b30.31a8: supR3HardNtChildPurify: Startup delay kludge #1/1: 515 ms, 58 sleeps
|
|---|
| 1365 | 3b30.31a8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 1366 | 3b30.31a8: *0000000000000000-0000000000d8ffff 0x0001/0x0000 0x0000000
|
|---|
| 1367 | 3b30.31a8: *0000000000d90000-0000000000daffff 0x0004/0x0004 0x0020000
|
|---|
| 1368 | 3b30.31a8: *0000000000db0000-0000000000dcafff 0x0002/0x0002 0x0040000
|
|---|
| 1369 | 3b30.31a8: 0000000000dcb000-0000000000dcffff 0x0001/0x0000 0x0000000
|
|---|
| 1370 | 3b30.31a8: *0000000000dd0000-0000000000dd3fff 0x0002/0x0002 0x0040000
|
|---|
| 1371 | 3b30.31a8: 0000000000dd4000-0000000000ddffff 0x0001/0x0000 0x0000000
|
|---|
| 1372 | 3b30.31a8: *0000000000de0000-0000000000de1fff 0x0004/0x0004 0x0020000
|
|---|
| 1373 | 3b30.31a8: 0000000000de2000-0000000000dfffff 0x0001/0x0000 0x0000000
|
|---|
| 1374 | 3b30.31a8: *0000000000e00000-0000000000f74fff 0x0000/0x0004 0x0020000
|
|---|
| 1375 | 3b30.31a8: 0000000000f75000-0000000000f77fff 0x0004/0x0004 0x0020000
|
|---|
| 1376 | 3b30.31a8: 0000000000f78000-0000000000ffffff 0x0000/0x0004 0x0020000
|
|---|
| 1377 | 3b30.31a8: *0000000001000000-00000000010fafff 0x0000/0x0004 0x0020000
|
|---|
| 1378 | 3b30.31a8: 00000000010fb000-00000000010fdfff 0x0104/0x0004 0x0020000
|
|---|
| 1379 | 3b30.31a8: 00000000010fe000-00000000010fffff 0x0004/0x0004 0x0020000
|
|---|
| 1380 | 3b30.31a8: 0000000001100000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 1381 | 3b30.31a8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 1382 | 3b30.31a8: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
|
|---|
| 1383 | 3b30.31a8: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
|
|---|
| 1384 | 3b30.31a8: 000000007ffea000-00007ff52e0effff 0x0001/0x0000 0x0000000
|
|---|
| 1385 | 3b30.31a8: *00007ff52e0f0000-00007ff52e0f0fff 0x0002/0x0002 0x0040000
|
|---|
| 1386 | 3b30.31a8: 00007ff52e0f1000-00007ff52e0fffff 0x0001/0x0000 0x0000000
|
|---|
| 1387 | 3b30.31a8: *00007ff52e100000-00007ff52e132fff 0x0002/0x0002 0x0040000
|
|---|
| 1388 | 3b30.31a8: 00007ff52e133000-00007ff69a9affff 0x0001/0x0000 0x0000000
|
|---|
| 1389 | 3b30.31a8: *00007ff69a9b0000-00007ff69a9b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1390 | 3b30.31a8: 00007ff69a9b1000-00007ff69aa27fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1391 | 3b30.31a8: 00007ff69aa28000-00007ff69aa28fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1392 | 3b30.31a8: 00007ff69aa29000-00007ff69aa71fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1393 | 3b30.31a8: 00007ff69aa72000-00007ff69aa7efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1394 | 3b30.31a8: 00007ff69aa7f000-00007ff69aac7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1395 | 3b30.31a8: 00007ff69aac8000-00007ff9cd2dffff 0x0001/0x0000 0x0000000
|
|---|
| 1396 | 3b30.31a8: *00007ff9cd2e0000-00007ff9cd2e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1397 | 3b30.31a8: 00007ff9cd2e1000-00007ff9cd3f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1398 | 3b30.31a8: 00007ff9cd3f8000-00007ff9cd43efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1399 | 3b30.31a8: 00007ff9cd43f000-00007ff9cd442fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1400 | 3b30.31a8: 00007ff9cd443000-00007ff9cd44afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1401 | 3b30.31a8: 00007ff9cd44b000-00007ff9cd459fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1402 | 3b30.31a8: 00007ff9cd45a000-00007ff9cd45afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1403 | 3b30.31a8: 00007ff9cd45b000-00007ff9cd45dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1404 | 3b30.31a8: 00007ff9cd45e000-00007ff9cd4cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
|
|---|
| 1405 | 3b30.31a8: 00007ff9cd4d0000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 1406 | 3b30.31a8: supR3HardNtChildPurify: Done after 1068 ms and 1 fixes (loop #1).
|
|---|
| 1407 | 4238.25cc: Log file opened: 6.1.26r145957 g_hStartupLog=000000000000000c g_uNtVerCombined=0xa047bb00
|
|---|
| 1408 | 4238.25cc: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9cd2e0000 g_uNtVerCombined=0xa047bb00 (stack ~00000000010ff5c8)
|
|---|
| 1409 | 4238.25cc: ntdll.dll: timestamp 0xd6055cfe (rc=VINF_SUCCESS)
|
|---|
| 1410 | 4238.25cc: New simple heap: #1 0000000001200000 LB 0x400000 (for 2031616 allocation)
|
|---|
| 1411 | 3b30.31a8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000e30000 LB 0x400000)
|
|---|
| 1412 | 3b30.31a8: supR3HardNtEnableThreadCreationEx:
|
|---|
| 1413 | 4238.25cc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox'
|
|---|
| 1414 | 4238.25cc: System32: \Device\HarddiskVolume7\Windows\System32
|
|---|
| 1415 | 4238.25cc: WinSxS: \Device\HarddiskVolume7\Windows\WinSxS
|
|---|
| 1416 | 4238.25cc: KnownDllPath: C:\Windows\System32
|
|---|
| 1417 | 4238.25cc: supR3HardenedVmProcessInit: Opening vboxdrv...
|
|---|
| 1418 | 4238.25cc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
|
|---|
| 1419 | 4238.25cc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
|
|---|
| 1420 | 4238.25cc: Registered Dll notification callback with NTDLL.
|
|---|
| 1421 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\kernel32.dll)
|
|---|
| 1422 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\kernel32.dll
|
|---|
| 1423 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 1424 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ca480000 LB 0x002a5000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
|
|---|
| 1425 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\KernelBase.dll)
|
|---|
| 1426 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\KernelBase.dll
|
|---|
| 1427 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cc500000 LB 0x000b2000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
|
|---|
| 1428 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 1429 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cc500000 'C:\Windows\System32\KERNEL32.DLL'
|
|---|
| 1430 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff69a9b0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
|
|---|
| 1431 | 4238.25cc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 1432 | 4238.25cc: '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 1433 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 1434 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 1435 | 4238.25cc: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=0000000000df0000 enmState=4 -> supR3HardenedWinDummyApcRoutine
|
|---|
| 1436 | 4238.25cc: supR3HardenedWinDummyApcRoutine: pvArg1=0000000000000000 pvArg2=0000000000000000 pvArg3=0000000000000000
|
|---|
| 1437 | 4238.25cc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9cd352040 pvNtTerminateThread=00007ff9cd37d8f0
|
|---|
| 1438 | 3b30.31a8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 262 ms.
|
|---|
| 1439 | 4238.25cc: \SystemRoot\System32\ntdll.dll:
|
|---|
| 1440 | 4238.25cc: CreationTime: 2021-05-18T03:33:49.382474100Z
|
|---|
| 1441 | 4238.25cc: LastWriteTime: 2021-05-18T03:33:49.420509300Z
|
|---|
| 1442 | 4238.25cc: ChangeTime: 2021-05-18T11:10:36.444488900Z
|
|---|
| 1443 | 4238.25cc: FileAttributes: 0x20
|
|---|
| 1444 | 4238.25cc: Size: 0x1e8068
|
|---|
| 1445 | 4238.25cc: NT Headers: 0xd8
|
|---|
| 1446 | 4238.25cc: Timestamp: 0xd6055cfe
|
|---|
| 1447 | 4238.25cc: Machine: 0x8664 - amd64
|
|---|
| 1448 | 4238.25cc: Timestamp: 0xd6055cfe
|
|---|
| 1449 | 4238.25cc: Image Version: 10.0
|
|---|
| 1450 | 4238.25cc: SizeOfImage: 0x1f0000 (2031616)
|
|---|
| 1451 | 4238.25cc: Resource Dir: 0x17f000 LB 0x6f310
|
|---|
| 1452 | 4238.25cc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 1453 | 4238.25cc: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 1454 | 4238.25cc: ProductName: Microsoft® Windows® Operating System
|
|---|
| 1455 | 4238.25cc: ProductVersion: 10.0.18362.1533
|
|---|
| 1456 | 4238.25cc: FileVersion: 10.0.18362.1533 (WinBuild.160101.0800)
|
|---|
| 1457 | 4238.25cc: FileDescription: NT Layer DLL
|
|---|
| 1458 | 4238.25cc: \SystemRoot\System32\kernel32.dll:
|
|---|
| 1459 | 4238.25cc: CreationTime: 2021-04-14T05:23:20.244557900Z
|
|---|
| 1460 | 4238.25cc: LastWriteTime: 2021-04-14T05:23:20.262528100Z
|
|---|
| 1461 | 4238.25cc: ChangeTime: 2021-05-18T03:34:44.587413300Z
|
|---|
| 1462 | 4238.25cc: FileAttributes: 0x20
|
|---|
| 1463 | 4238.25cc: Size: 0xb04a8
|
|---|
| 1464 | 4238.25cc: NT Headers: 0xf8
|
|---|
| 1465 | 4238.25cc: Timestamp: 0x95d197ef
|
|---|
| 1466 | 4238.25cc: Machine: 0x8664 - amd64
|
|---|
| 1467 | 4238.25cc: Timestamp: 0x95d197ef
|
|---|
| 1468 | 4238.25cc: Image Version: 10.0
|
|---|
| 1469 | 4238.25cc: SizeOfImage: 0xb2000 (729088)
|
|---|
| 1470 | 4238.25cc: Resource Dir: 0xb0000 LB 0x520
|
|---|
| 1471 | 4238.25cc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 1472 | 4238.25cc: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 1473 | 4238.25cc: ProductName: Microsoft® Windows® Operating System
|
|---|
| 1474 | 4238.25cc: ProductVersion: 10.0.18362.1500
|
|---|
| 1475 | 4238.25cc: FileVersion: 10.0.18362.1500 (WinBuild.160101.0800)
|
|---|
| 1476 | 4238.25cc: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 1477 | 4238.25cc: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 1478 | 4238.25cc: CreationTime: 2021-04-14T05:23:35.396646700Z
|
|---|
| 1479 | 4238.25cc: LastWriteTime: 2021-04-14T05:23:35.466459500Z
|
|---|
| 1480 | 4238.25cc: ChangeTime: 2021-05-18T03:34:44.914821000Z
|
|---|
| 1481 | 4238.25cc: FileAttributes: 0x20
|
|---|
| 1482 | 4238.25cc: Size: 0x2a5888
|
|---|
| 1483 | 4238.25cc: NT Headers: 0x100
|
|---|
| 1484 | 4238.25cc: Timestamp: 0x5ae7af90
|
|---|
| 1485 | 4238.25cc: Machine: 0x8664 - amd64
|
|---|
| 1486 | 4238.25cc: Timestamp: 0x5ae7af90
|
|---|
| 1487 | 4238.25cc: Image Version: 10.0
|
|---|
| 1488 | 4238.25cc: SizeOfImage: 0x2a5000 (2772992)
|
|---|
| 1489 | 4238.25cc: Resource Dir: 0x27f000 LB 0x548
|
|---|
| 1490 | 4238.25cc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 1491 | 4238.25cc: [Raw version resource data: 0x27f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 1492 | 4238.25cc: ProductName: Microsoft® Windows® Operating System
|
|---|
| 1493 | 4238.25cc: ProductVersion: 10.0.18362.1474
|
|---|
| 1494 | 4238.25cc: FileVersion: 10.0.18362.1474 (WinBuild.160101.0800)
|
|---|
| 1495 | 4238.25cc: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 1496 | 4238.25cc: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 1497 | 4238.25cc: CreationTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 1498 | 4238.25cc: LastWriteTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 1499 | 4238.25cc: ChangeTime: 2021-05-18T03:34:44.560409000Z
|
|---|
| 1500 | 4238.25cc: FileAttributes: 0x20
|
|---|
| 1501 | 4238.25cc: Size: 0x1d028
|
|---|
| 1502 | 4238.25cc: NT Headers: 0xc8
|
|---|
| 1503 | 4238.25cc: Timestamp: 0xd6ced080
|
|---|
| 1504 | 4238.25cc: Machine: 0x8664 - amd64
|
|---|
| 1505 | 4238.25cc: Timestamp: 0xd6ced080
|
|---|
| 1506 | 4238.25cc: Image Version: 10.0
|
|---|
| 1507 | 4238.25cc: SizeOfImage: 0x1e000 (122880)
|
|---|
| 1508 | 4238.25cc: Resource Dir: 0x1d000 LB 0x408
|
|---|
| 1509 | 4238.25cc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 1510 | 4238.25cc: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 1511 | 4238.25cc: ProductName: Microsoft® Windows® Operating System
|
|---|
| 1512 | 4238.25cc: ProductVersion: 10.0.18362.1
|
|---|
| 1513 | 4238.25cc: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
|
|---|
| 1514 | 4238.25cc: FileDescription: ApiSet Schema DLL
|
|---|
| 1515 | 4238.25cc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
|
|---|
| 1516 | 4238.25cc: supR3HardenedWinFindAdversaries: 0x0
|
|---|
| 1517 | 4238.25cc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox'
|
|---|
| 1518 | 4238.25cc: Calling main()
|
|---|
| 1519 | 4238.25cc: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
|
|---|
| 1520 | 4238.25cc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox'
|
|---|
| 1521 | 4238.25cc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 1522 | 4238.25cc: '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 1523 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 1524 | 4238.25cc: SUPR3HardenedMain: Final process, opening VBoxDrv...
|
|---|
| 1525 | 4238.25cc: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001200000 LB 0x400000)
|
|---|
| 1526 | 4238.25cc: supR3HardNtEnableThreadCreationEx:
|
|---|
| 1527 | 4238.25cc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
|
|---|
| 1528 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
|
|---|
| 1529 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
|
|---|
| 1530 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1531 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 1532 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c3550000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
|
|---|
| 1533 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 1534 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 1535 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1536 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c3550000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 1537 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 1538 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1539 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c3550000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 1540 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c3550000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 1541 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1542 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
|
|---|
| 1543 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
|
|---|
| 1544 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
|
|---|
| 1545 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\wintrust.dll)
|
|---|
| 1546 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\wintrust.dll
|
|---|
| 1547 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1548 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1549 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll)
|
|---|
| 1550 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll
|
|---|
| 1551 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
|
|---|
| 1552 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume7\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1553 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'.
|
|---|
| 1554 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\crypt32.dll)
|
|---|
| 1555 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\crypt32.dll
|
|---|
| 1556 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
|
|---|
| 1557 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume7\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1558 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\msasn1.dll)
|
|---|
| 1559 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\msasn1.dll
|
|---|
| 1560 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1561 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1562 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\msvcrt.dll)
|
|---|
| 1563 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
|
|---|
| 1564 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
|
|---|
| 1565 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume7\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1566 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
|
|---|
| 1567 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1568 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cb400000 LB 0x0009e000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
|
|---|
| 1569 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 1570 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ca1a0000 LB 0x00012000 C:\Windows\System32\MSASN1.dll [fFlags=0x0]
|
|---|
| 1571 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
|
|---|
| 1572 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cb260000 LB 0x000fa000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
|
|---|
| 1573 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\ucrtbase.dll)
|
|---|
| 1574 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\ucrtbase.dll
|
|---|
| 1575 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cb050000 LB 0x00151000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
|
|---|
| 1576 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 1577 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cc2f0000 LB 0x0011f000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
|
|---|
| 1578 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 1579 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ca730000 LB 0x0005c000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
|
|---|
| 1580 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 1581 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 1582 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1583 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 1584 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 1585 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1586 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 1587 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 1588 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1589 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 1590 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 1591 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1592 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 1593 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
|
|---|
| 1594 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1595 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-localization-l1-2-1'
|
|---|
| 1596 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca730000 'C:\Windows\system32\Wintrust.dll'
|
|---|
| 1597 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\bcrypt.dll)
|
|---|
| 1598 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\bcrypt.dll
|
|---|
| 1599 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1600 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ca790000 LB 0x00026000 C:\Windows\System32\bcrypt.dll [fFlags=0x0]
|
|---|
| 1601 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 1602 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca790000 'C:\Windows\system32\bcrypt.dll'
|
|---|
| 1603 | 4238.25cc: bcrypt.dll loaded at 00007ff9ca790000, BCryptOpenAlgorithmProvider at 00007ff9ca794c70, preloading providers:
|
|---|
| 1604 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll)
|
|---|
| 1605 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll
|
|---|
| 1606 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1607 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ca250000 LB 0x00081000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0]
|
|---|
| 1608 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
|
|---|
| 1609 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca250000 'C:\Windows\system32\bcryptprimitives.dll'
|
|---|
| 1610 | 4238.25cc: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000164fd30)
|
|---|
| 1611 | 4238.25cc: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000001650bb0)
|
|---|
| 1612 | 4238.25cc: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000001650eb0)
|
|---|
| 1613 | 4238.25cc: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000016511b0)
|
|---|
| 1614 | 4238.25cc: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000016514b0)
|
|---|
| 1615 | 4238.25cc: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000016517b0)
|
|---|
| 1616 | 4238.25cc: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001651ab0)
|
|---|
| 1617 | 4238.25cc: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001651db0)
|
|---|
| 1618 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9caf40000 LB 0x00017000 C:\Windows\System32\CRYPTSP.dll [fFlags=0x0]
|
|---|
| 1619 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\cryptsp.dll)
|
|---|
| 1620 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\cryptsp.dll
|
|---|
| 1621 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
|
|---|
| 1622 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\rsaenh.dll)
|
|---|
| 1623 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\rsaenh.dll
|
|---|
| 1624 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 1625 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume7\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1626 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 1627 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1628 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1629 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c9550000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
|
|---|
| 1630 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1631 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1632 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
|
|---|
| 1633 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\cryptbase.dll)
|
|---|
| 1634 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\cryptbase.dll
|
|---|
| 1635 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c9ba0000 LB 0x0000c000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
|
|---|
| 1636 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
|
|---|
| 1637 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 1638 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
|
|---|
| 1639 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1640 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
|
|---|
| 1641 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1642 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cc500000 'C:\Windows\System32\kernel32.dll'
|
|---|
| 1643 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 1644 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1645 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca730000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 1646 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 1647 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1648 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\CRYPT32.dll'
|
|---|
| 1649 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cb4a0000 LB 0x0001d000 C:\Windows\System32\imagehlp.dll [fFlags=0x0]
|
|---|
| 1650 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
|
|---|
| 1651 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\imagehlp.dll)
|
|---|
| 1652 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\imagehlp.dll
|
|---|
| 1653 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1654 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1655 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1656 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 1657 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1658 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1659 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ccc60000 LB 0x00097000 C:\Windows\System32\sechost.dll [fFlags=0x0]
|
|---|
| 1660 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
|
|---|
| 1661 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\sechost.dll)
|
|---|
| 1662 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\sechost.dll
|
|---|
| 1663 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1664 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
|
|---|
| 1665 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\gpapi.dll)
|
|---|
| 1666 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\gpapi.dll
|
|---|
| 1667 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c8d80000 LB 0x00022000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
|
|---|
| 1668 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
|
|---|
| 1669 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ca230000 LB 0x0001e000 C:\Windows\System32\profapi.dll [fFlags=0x0]
|
|---|
| 1670 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\profapi.dll)
|
|---|
| 1671 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\profapi.dll
|
|---|
| 1672 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1673 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
|
|---|
| 1674 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\cryptnet.dll)
|
|---|
| 1675 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\cryptnet.dll
|
|---|
| 1676 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
|
|---|
| 1677 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume7\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1678 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 1679 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1680 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1681 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 1682 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1683 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1684 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 1685 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1686 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1687 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 1688 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1689 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1690 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 1691 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1692 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1693 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9b9300000 LB 0x0002f000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
|
|---|
| 1694 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1695 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1696 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1697 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b9300000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1698 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1699 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1700 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b9300000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1701 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1702 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1703 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b9300000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1704 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1705 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1706 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b9300000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1707 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1708 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1709 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b9300000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1710 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1711 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1712 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b9300000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1713 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1714 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b9300000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1715 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1716 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b9300000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1717 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1718 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b9300000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1719 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1720 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b9300000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1721 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1722 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b9300000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1723 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b9300000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1724 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1725 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b9300000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 1726 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cca50000 LB 0x000a3000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
|
|---|
| 1727 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1728 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
|
|---|
| 1729 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
|
|---|
| 1730 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\advapi32.dll)
|
|---|
| 1731 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 1732 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1733 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1734 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1735 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 1736 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
|
|---|
| 1737 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume7\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1738 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\sechost.dll [lacks WinVerifyTrust]
|
|---|
| 1739 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1740 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1741 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 1742 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1743 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1744 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 1745 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1746 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1747 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
|
|---|
| 1748 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000016bc5f0
|
|---|
| 1749 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016bc5f0
|
|---|
| 1750 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4044D8621CE16C0178F547933E2F70E42AB36982
|
|---|
| 1751 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 1752 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1753 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cc2f0000 'C:\Windows\System32\rpcrt4.dll'
|
|---|
| 1754 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1755 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1756 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1757 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 1758 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1759 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1760 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.1556.cat'; file='\SystemRoot\System32\ntdll.dll'
|
|---|
| 1761 | 4238.25cc: g_pfnWinVerifyTrust=00007ff9ca731d30
|
|---|
| 1762 | 4238.25cc: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
|
|---|
| 1763 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1764 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1765 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1766 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 1767 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1768 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1769 | 4238.25cc: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\crypt32.dll'
|
|---|
| 1770 | 4238.25cc: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
|
|---|
| 1771 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1772 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1773 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1774 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll
|
|---|
| 1775 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1776 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1777 | 4238.25cc: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\wintrust.dll'
|
|---|
| 1778 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1779 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1780 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1781 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1782 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\advapi32.dll'
|
|---|
| 1783 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1784 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1785 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1786 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\cryptnet.dll'
|
|---|
| 1787 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1788 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1789 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1790 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\profapi.dll'
|
|---|
| 1791 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1792 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1793 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1794 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\gpapi.dll'
|
|---|
| 1795 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1796 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1797 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1798 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\sechost.dll'
|
|---|
| 1799 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1800 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1801 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1802 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\imagehlp.dll'
|
|---|
| 1803 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1804 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1805 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1806 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\cryptbase.dll'
|
|---|
| 1807 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 1808 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1809 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll
|
|---|
| 1810 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1811 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1812 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\rsaenh.dll'
|
|---|
| 1813 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll
|
|---|
| 1814 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1815 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1816 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1817 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\cryptsp.dll'
|
|---|
| 1818 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1819 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1820 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll'
|
|---|
| 1821 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1822 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1823 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\bcrypt.dll'
|
|---|
| 1824 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1825 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1826 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\ucrtbase.dll'
|
|---|
| 1827 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1828 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1829 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll'
|
|---|
| 1830 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1831 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1832 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\msasn1.dll'
|
|---|
| 1833 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1834 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1835 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll'
|
|---|
| 1836 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1837 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
|
|---|
| 1838 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1839 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
|
|---|
| 1840 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1841 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1842 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\KernelBase.dll'
|
|---|
| 1843 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1844 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1845 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\kernel32.dll'
|
|---|
| 1846 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\system32\crypt32.dll'
|
|---|
| 1847 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
|
|---|
| 1848 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
|
|---|
| 1849 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
|
|---|
| 1850 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
|
|---|
| 1851 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
|
|---|
| 1852 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
|
|---|
| 1853 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
|
|---|
| 1854 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
|
|---|
| 1855 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
|
|---|
| 1856 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
|
|---|
| 1857 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x7a2218db7382ca00 CN=Razer Chroma SDK, OU=Chroma, O=Razer Inc
|
|---|
| 1858 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
|
|---|
| 1859 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
|
|---|
| 1860 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
|
|---|
| 1861 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
|
|---|
| 1862 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
|
|---|
| 1863 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
|
|---|
| 1864 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
|
|---|
| 1865 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
|
|---|
| 1866 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
|
|---|
| 1867 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
|
|---|
| 1868 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
|
|---|
| 1869 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
|
|---|
| 1870 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
|
|---|
| 1871 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
|
|---|
| 1872 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
|
|---|
| 1873 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
|
|---|
| 1874 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
|
|---|
| 1875 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
|
|---|
| 1876 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
|
|---|
| 1877 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
|
|---|
| 1878 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
|
|---|
| 1879 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
|
|---|
| 1880 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
|
|---|
| 1881 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
|
|---|
| 1882 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
|
|---|
| 1883 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
|
|---|
| 1884 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
|
|---|
| 1885 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
|
|---|
| 1886 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
|
|---|
| 1887 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
|
|---|
| 1888 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
|
|---|
| 1889 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
|
|---|
| 1890 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
|
|---|
| 1891 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x87fc251e2149d000 C=CN, O=WoSign CA Limited, CN=CA 沃通根证书
|
|---|
| 1892 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
|
|---|
| 1893 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
|
|---|
| 1894 | 4238.25cc: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
|
|---|
| 1895 | 4238.25cc: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=48
|
|---|
| 1896 | 4238.25cc: SUPR3HardenedMain: Load Runtime...
|
|---|
| 1897 | 4238.25cc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
|
|---|
| 1898 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1899 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 1900 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 1901 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 1902 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 1903 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
|
|---|
| 1904 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1905 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 1906 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1907 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1908 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1909 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
|
|---|
| 1910 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\ws2_32.dll) WinVerifyTrust
|
|---|
| 1911 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\ws2_32.dll
|
|---|
| 1912 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1913 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1914 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll
|
|---|
| 1915 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1916 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1917 | 4238.25cc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
|
|---|
| 1918 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1919 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1920 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll
|
|---|
| 1921 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1922 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 1923 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
|
|---|
| 1924 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1925 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1926 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1927 | 4238.25cc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
|
|---|
| 1928 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1929 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1930 | 4238.25cc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
|
|---|
| 1931 | 4238.25cc: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1932 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll)
|
|---|
| 1933 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1934 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1935 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
|
|---|
| 1936 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
|
|---|
| 1937 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1938 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
|
|---|
| 1939 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1940 | 4238.25cc: supR3HardenedDllNotificationCallback: load 0000000064ef0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
|
|---|
| 1941 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
|
|---|
| 1942 | 4238.25cc: supR3HardenedDllNotificationCallback: load 0000000064e50000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
|
|---|
| 1943 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1944 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cc410000 LB 0x0006f000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
|
|---|
| 1945 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ws2_32.dll
|
|---|
| 1946 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff975270000 LB 0x005e0000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
|
|---|
| 1947 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1948 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1949 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1950 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1951 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1952 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1953 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1954 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1955 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1956 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1957 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1958 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1959 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1960 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1961 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1962 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1963 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1964 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1965 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1966 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1967 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1968 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1969 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1970 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1971 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1972 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1973 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1974 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1975 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1976 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1977 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1978 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1979 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1980 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1981 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1982 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1983 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1984 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1985 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1986 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1987 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1988 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1989 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1990 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1991 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1992 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1993 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1994 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1995 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1996 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1997 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1998 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1999 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2000 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2001 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2002 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2003 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2004 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2005 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2006 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2007 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2008 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2009 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2010 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2011 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2012 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2013 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2014 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2015 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2016 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2017 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2018 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2019 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2020 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2021 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2022 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2023 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2024 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2025 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2026 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2027 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 2028 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2029 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2030 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2031 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2032 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2033 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2034 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2035 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2036 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2037 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2038 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2039 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2040 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2041 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2042 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2043 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2044 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2045 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2046 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2047 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2048 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2049 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2050 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2051 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2052 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2053 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2054 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2055 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2056 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2057 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2058 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2059 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2060 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2061 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2062 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2063 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2064 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2065 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2066 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2067 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2068 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2069 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2070 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2071 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2072 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2073 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2074 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2075 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2076 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2077 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2078 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2079 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2080 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2081 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2082 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2083 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2084 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2085 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2086 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2087 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2088 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2089 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2090 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2091 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2092 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2093 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2094 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2095 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2096 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2097 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2098 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2099 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2100 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2101 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2102 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2103 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2104 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2105 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2106 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2107 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2108 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2109 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 2110 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2111 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2112 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2113 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2114 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2115 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2116 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2117 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2118 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2119 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2120 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2121 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2122 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 2123 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 2124 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 2125 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2126 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'
|
|---|
| 2127 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wintrust.dll
|
|---|
| 2128 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2129 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca730000 'C:\Windows\system32\Wintrust.dll'
|
|---|
| 2130 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll
|
|---|
| 2131 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2132 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2133 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2134 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2135 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2136 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\system32\crypt32.dll'
|
|---|
| 2137 | 4238.25cc: SUPR3HardenedMain: Load TrustedMain...
|
|---|
| 2138 | 4238.25cc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
|
|---|
| 2139 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2140 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
|
|---|
| 2141 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
|
|---|
| 2142 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2143 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
|
|---|
| 2144 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
|
|---|
| 2145 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
|
|---|
| 2146 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
|
|---|
| 2147 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
|
|---|
| 2148 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
|
|---|
| 2149 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
|
|---|
| 2150 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
|
|---|
| 2151 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
|
|---|
| 2152 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
|
|---|
| 2153 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
|
|---|
| 2154 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
|
|---|
| 2155 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 2156 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume7\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2157 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2158 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2159 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
|
|---|
| 2160 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
|
|---|
| 2161 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\winmm.dll) WinVerifyTrust
|
|---|
| 2162 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\winmm.dll
|
|---|
| 2163 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2164 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2165 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2166 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2167 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
|
|---|
| 2168 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
|
|---|
| 2169 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2170 | 4238.25cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'.
|
|---|
| 2171 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2172 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\winmmbase.dll)
|
|---|
| 2173 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\winmmbase.dll
|
|---|
| 2174 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2175 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2176 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
|
|---|
| 2177 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2178 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll
|
|---|
| 2179 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2180 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2181 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 2182 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
|
|---|
| 2183 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
|
|---|
| 2184 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\oleaut32.dll) WinVerifyTrust
|
|---|
| 2185 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
|
|---|
| 2186 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2187 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2188 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2189 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2190 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 2191 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2192 | 4238.25cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
|
|---|
| 2193 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 2194 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'bcryptprimitives.dll'.
|
|---|
| 2195 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\combase.dll)
|
|---|
| 2196 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\combase.dll
|
|---|
| 2197 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 2198 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2199 | 4238.25cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
|
|---|
| 2200 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll)
|
|---|
| 2201 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
|
|---|
| 2202 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
|
|---|
| 2203 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2204 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll
|
|---|
| 2205 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2206 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2207 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2208 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2209 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
|
|---|
| 2210 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
|
|---|
| 2211 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'.
|
|---|
| 2212 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
|
|---|
| 2213 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\ole32.dll) WinVerifyTrust
|
|---|
| 2214 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\ole32.dll
|
|---|
| 2215 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2216 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2217 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 2218 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2219 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\combase.dll [lacks WinVerifyTrust]
|
|---|
| 2220 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2221 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2222 | 4238.25cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
|
|---|
| 2223 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
|
|---|
| 2224 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
|
|---|
| 2225 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\user32.dll)
|
|---|
| 2226 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\user32.dll
|
|---|
| 2227 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2228 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2229 | 4238.25cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
|
|---|
| 2230 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
|
|---|
| 2231 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\gdi32.dll)
|
|---|
| 2232 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\gdi32.dll
|
|---|
| 2233 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2234 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2235 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2236 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2237 | 4238.25cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
|
|---|
| 2238 | 4238.25cc: '\Device\HarddiskVolume7\Windows\System32\win32u.dll' has no imports
|
|---|
| 2239 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\win32u.dll)
|
|---|
| 2240 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\win32u.dll
|
|---|
| 2241 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2242 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2243 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 2244 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2245 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2246 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\win32u.dll [lacks WinVerifyTrust]
|
|---|
| 2247 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2248 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2249 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
|
|---|
| 2250 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
|
|---|
| 2251 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\user32.dll) WinVerifyTrust
|
|---|
| 2252 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
|
|---|
| 2253 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2254 | 4238.25cc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
|
|---|
| 2255 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2256 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2257 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 2258 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2259 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2260 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\win32u.dll [lacks WinVerifyTrust]
|
|---|
| 2261 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2262 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
|
|---|
| 2263 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
|
|---|
| 2264 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
|
|---|
| 2265 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
|
|---|
| 2266 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
|
|---|
| 2267 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 2268 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 2269 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2270 | 4238.25cc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
|
|---|
| 2271 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2272 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2273 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 2274 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 2275 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2276 | 4238.25cc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
|
|---|
| 2277 | 4238.25cc: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
|
|---|
| 2278 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 2279 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
|
|---|
| 2280 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
|
|---|
| 2281 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 2282 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 2283 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
|
|---|
| 2284 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
|
|---|
| 2285 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
|
|---|
| 2286 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
|
|---|
| 2287 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 2288 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 2289 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2290 | 4238.25cc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
|
|---|
| 2291 | 4238.25cc: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
|
|---|
| 2292 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
|
|---|
| 2293 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
|
|---|
| 2294 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
|
|---|
| 2295 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 2296 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
|
|---|
| 2297 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 2298 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 2299 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
|
|---|
| 2300 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 2301 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 2302 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2303 | 4238.25cc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
|
|---|
| 2304 | 4238.25cc: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2305 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 2306 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 2307 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
|
|---|
| 2308 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
|
|---|
| 2309 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
|
|---|
| 2310 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 2311 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 2312 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
|
|---|
| 2313 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
|
|---|
| 2314 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2315 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2316 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 2317 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 2318 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2319 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 2320 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 2321 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2322 | 4238.25cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
|
|---|
| 2323 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'.
|
|---|
| 2324 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'.
|
|---|
| 2325 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\shell32.dll)
|
|---|
| 2326 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\shell32.dll
|
|---|
| 2327 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 2328 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2329 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 2330 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 2331 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2332 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
|
|---|
| 2333 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2334 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2335 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 2336 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2337 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2338 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 2339 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2340 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2341 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 2342 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 2343 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2344 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 2345 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 2346 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2347 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 2348 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2349 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2350 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 2351 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2352 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2353 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 2354 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 2355 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume7\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2356 | 4238.25cc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\opengl32.dll'.
|
|---|
| 2357 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2358 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
|
|---|
| 2359 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 2360 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
|
|---|
| 2361 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
|
|---|
| 2362 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume7\Windows\System32\opengl32.dll)
|
|---|
| 2363 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\opengl32.dll
|
|---|
| 2364 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2365 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2366 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ole32.dll
|
|---|
| 2367 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2368 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2369 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 2370 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 2371 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2372 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 2373 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
|
|---|
| 2374 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2375 | 4238.25cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
|
|---|
| 2376 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\mpr.dll)
|
|---|
| 2377 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\mpr.dll
|
|---|
| 2378 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 2379 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2380 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ws2_32.dll
|
|---|
| 2381 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2382 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2383 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 2384 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2385 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2386 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ole32.dll
|
|---|
| 2387 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 2388 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2389 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shell32.dll [lacks WinVerifyTrust]
|
|---|
| 2390 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2391 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2392 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 2393 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
|
|---|
| 2394 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2395 | 4238.25cc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
|
|---|
| 2396 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2397 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 2398 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
|
|---|
| 2399 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume7\Windows\System32\glu32.dll)
|
|---|
| 2400 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\glu32.dll
|
|---|
| 2401 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2402 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2403 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 2404 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2405 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2406 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 2407 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2408 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2409 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 2410 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2411 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2412 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
|
|---|
| 2413 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2414 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2415 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 2416 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2417 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2418 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 2419 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 2420 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume7\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2421 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
|
|---|
| 2422 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2423 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2424 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 2425 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2426 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2427 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
|
|---|
| 2428 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2429 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 2430 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 2431 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
|
|---|
| 2432 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
|
|---|
| 2433 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
|
|---|
| 2434 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 2435 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 2436 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
|
|---|
| 2437 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 2438 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2439 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
|
|---|
| 2440 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2441 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2442 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 2443 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 2444 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2445 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 2446 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 2447 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2448 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shell32.dll [lacks WinVerifyTrust]
|
|---|
| 2449 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 2450 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2451 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 2452 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 2453 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2454 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
|
|---|
| 2455 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2456 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2457 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 2458 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2459 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2460 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 2461 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2462 | 4238.25cc: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
|
|---|
| 2463 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 2464 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2465 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
|
|---|
| 2466 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2467 | 4238.25cc: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
|
|---|
| 2468 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2469 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2470 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 2471 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 2472 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2473 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 2474 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2475 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2476 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
|
|---|
| 2477 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2478 | 4238.25cc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
|
|---|
| 2479 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2480 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
|
|---|
| 2481 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
|
|---|
| 2482 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
|
|---|
| 2483 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
|
|---|
| 2484 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
|
|---|
| 2485 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 2486 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
|
|---|
| 2487 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
|
|---|
| 2488 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
|
|---|
| 2489 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
|
|---|
| 2490 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
|
|---|
| 2491 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\UICommon.dll
|
|---|
| 2492 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 2493 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume7\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2494 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
|
|---|
| 2495 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000550 pwszName=\Device\HarddiskVolume7\Windows\System32\opengl32.dll
|
|---|
| 2496 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016bc5f0
|
|---|
| 2497 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016bc5f0
|
|---|
| 2498 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7752902DD32368EC88BBBCB0096DB01866F3F6C6
|
|---|
| 2499 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2500 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2501 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2502 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2503 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
|
|---|
| 2504 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2505 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2506 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ole32.dll
|
|---|
| 2507 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2508 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2509 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 2510 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2511 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2512 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 2513 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 2514 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2515 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
|
|---|
| 2516 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 2517 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2518 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 2519 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 2520 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2521 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 2522 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2523 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2524 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2525 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2526 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 2527 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 2528 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.1533.cat'; file='\Device\HarddiskVolume7\Windows\System32\opengl32.dll'
|
|---|
| 2529 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2530 | 4238.25cc: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\opengl32.dll'
|
|---|
| 2531 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
|
|---|
| 2532 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
|
|---|
| 2533 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\opengl32.dll
|
|---|
| 2534 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\UICommon.dll
|
|---|
| 2535 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 2536 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 2537 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
|
|---|
| 2538 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 2539 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmm.dll
|
|---|
| 2540 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
|
|---|
| 2541 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
|
|---|
| 2542 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
|
|---|
| 2543 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 2544 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
|
|---|
| 2545 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\DXCore.dll)
|
|---|
| 2546 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\DXCore.dll
|
|---|
| 2547 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cb360000 LB 0x00021000 C:\Windows\System32\win32u.dll [fFlags=0x0]
|
|---|
| 2548 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
|
|---|
| 2549 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9caf60000 LB 0x0009e000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0]
|
|---|
| 2550 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
|
|---|
| 2551 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ca2e0000 LB 0x00198000 C:\Windows\System32\gdi32full.dll [fFlags=0x0]
|
|---|
| 2552 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 2553 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
|
|---|
| 2554 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
|
|---|
| 2555 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
|
|---|
| 2556 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\gdi32full.dll)
|
|---|
| 2557 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\gdi32full.dll
|
|---|
| 2558 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cb9e0000 LB 0x00026000 C:\Windows\System32\GDI32.dll [fFlags=0x0]
|
|---|
| 2559 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
|
|---|
| 2560 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cc8b0000 LB 0x00194000 C:\Windows\System32\USER32.dll [fFlags=0x0]
|
|---|
| 2561 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [avoiding WinVerifyTrust]
|
|---|
| 2562 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ccf50000 LB 0x00336000 C:\Windows\System32\combase.dll [fFlags=0x0]
|
|---|
| 2563 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\combase.dll [avoiding WinVerifyTrust]
|
|---|
| 2564 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cb000000 LB 0x0004a000 C:\Windows\System32\cfgmgr32.dll [fFlags=0x0]
|
|---|
| 2565 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll)
|
|---|
| 2566 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll
|
|---|
| 2567 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c8dd0000 LB 0x00020000 C:\Windows\SYSTEM32\dxcore.dll [fFlags=0x0]
|
|---|
| 2568 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
|
|---|
| 2569 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff996e00000 LB 0x0002c000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
|
|---|
| 2570 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
|
|---|
| 2571 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff991ac0000 LB 0x00156000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
|
|---|
| 2572 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\opengl32.dll
|
|---|
| 2573 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ccdd0000 LB 0x000a8000 C:\Windows\System32\shcore.dll [fFlags=0x0]
|
|---|
| 2574 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2575 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
|
|---|
| 2576 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
|
|---|
| 2577 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\SHCore.dll)
|
|---|
| 2578 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\SHCore.dll
|
|---|
| 2579 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ca190000 LB 0x00010000 C:\Windows\System32\UMPDC.dll [fFlags=0x0]
|
|---|
| 2580 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\umpdc.dll)
|
|---|
| 2581 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\umpdc.dll
|
|---|
| 2582 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ca1c0000 LB 0x0004a000 C:\Windows\System32\powrprof.dll [fFlags=0x0]
|
|---|
| 2583 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
|
|---|
| 2584 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'.
|
|---|
| 2585 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\powrprof.dll)
|
|---|
| 2586 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\powrprof.dll
|
|---|
| 2587 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cb390000 LB 0x00052000 C:\Windows\System32\shlwapi.dll [fFlags=0x0]
|
|---|
| 2588 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
|
|---|
| 2589 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
|
|---|
| 2590 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
|
|---|
| 2591 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\shlwapi.dll)
|
|---|
| 2592 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\shlwapi.dll
|
|---|
| 2593 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ca210000 LB 0x00011000 C:\Windows\System32\kernel.appcore.dll [fFlags=0x0]
|
|---|
| 2594 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
|
|---|
| 2595 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
|
|---|
| 2596 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll)
|
|---|
| 2597 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll
|
|---|
| 2598 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ca7c0000 LB 0x0077b000 C:\Windows\System32\windows.storage.dll [fFlags=0x0]
|
|---|
| 2599 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
|
|---|
| 2600 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
|
|---|
| 2601 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
|
|---|
| 2602 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
|
|---|
| 2603 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\windows.storage.dll)
|
|---|
| 2604 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\windows.storage.dll
|
|---|
| 2605 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cbb50000 LB 0x006e7000 C:\Windows\System32\SHELL32.dll [fFlags=0x0]
|
|---|
| 2606 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
|
|---|
| 2607 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ccb00000 LB 0x00157000 C:\Windows\System32\ole32.dll [fFlags=0x0]
|
|---|
| 2608 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ole32.dll
|
|---|
| 2609 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9a6ef0000 LB 0x0001b000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
|
|---|
| 2610 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
|
|---|
| 2611 | 4238.25cc: supR3HardenedDllNotificationCallback: load 0000000063620000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
|
|---|
| 2612 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 2613 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff97f470000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
|
|---|
| 2614 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 2615 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00000000630b0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
|
|---|
| 2616 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
|
|---|
| 2617 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cce80000 LB 0x000c5000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0]
|
|---|
| 2618 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
|
|---|
| 2619 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff961090000 LB 0x02316000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
|
|---|
| 2620 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\UICommon.dll
|
|---|
| 2621 | 4238.25cc: supR3HardenedDllNotificationCallback: load 0000000064d60000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
|
|---|
| 2622 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 2623 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c3cd0000 LB 0x0002d000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
|
|---|
| 2624 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
|
|---|
| 2625 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c4160000 LB 0x00024000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
|
|---|
| 2626 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmm.dll
|
|---|
| 2627 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff950230000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
|
|---|
| 2628 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
|
|---|
| 2629 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll'.
|
|---|
| 2630 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2631 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2632 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2633 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll'.
|
|---|
| 2634 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2635 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\powrprof.dll'.
|
|---|
| 2636 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2637 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'.
|
|---|
| 2638 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2639 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\SHCore.dll'.
|
|---|
| 2640 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2641 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2642 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2643 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
|
|---|
| 2644 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2645 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\DXCore.dll'.
|
|---|
| 2646 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2647 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
|
|---|
| 2648 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2649 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
|
|---|
| 2650 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2651 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
|
|---|
| 2652 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2653 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2654 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2655 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
|
|---|
| 2656 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2657 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
|
|---|
| 2658 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2659 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
|
|---|
| 2660 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2661 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
|
|---|
| 2662 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2663 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
|
|---|
| 2664 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2665 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'.
|
|---|
| 2666 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2667 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\kernel32.dll
|
|---|
| 2668 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
|
|---|
| 2669 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume7\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2670 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\profapi.dll
|
|---|
| 2671 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2672 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2673 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 2674 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2675 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
|
|---|
| 2676 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
|
|---|
| 2677 | 4238.25cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
|
|---|
| 2678 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 2679 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2680 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\combase.dll [redoing WinVerifyTrust]
|
|---|
| 2681 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
|
|---|
| 2682 | 4238.25cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\combase.dll
|
|---|
| 2683 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2684 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2685 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2686 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2687 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2688 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2689 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [redoing WinVerifyTrust]
|
|---|
| 2690 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
|
|---|
| 2691 | 4238.25cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\user32.dll
|
|---|
| 2692 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2693 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2694 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
|
|---|
| 2695 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
|
|---|
| 2696 | 4238.25cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\gdi32.dll
|
|---|
| 2697 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2698 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2699 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'...
|
|---|
| 2700 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume7\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2701 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\umpdc.dll [redoing WinVerifyTrust]
|
|---|
| 2702 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'.
|
|---|
| 2703 | 4238.25cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\umpdc.dll
|
|---|
| 2704 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2705 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2706 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 2707 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2708 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\combase.dll [redoing WinVerifyTrust]
|
|---|
| 2709 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
|
|---|
| 2710 | 4238.25cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\combase.dll
|
|---|
| 2711 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2712 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2713 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll
|
|---|
| 2714 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2715 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2716 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2717 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2718 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\win32u.dll [redoing WinVerifyTrust]
|
|---|
| 2719 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
|
|---|
| 2720 | 4238.25cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\win32u.dll
|
|---|
| 2721 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2722 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2723 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [redoing WinVerifyTrust]
|
|---|
| 2724 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
|
|---|
| 2725 | 4238.25cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\user32.dll
|
|---|
| 2726 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2727 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2728 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
|
|---|
| 2729 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
|
|---|
| 2730 | 4238.25cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\gdi32.dll
|
|---|
| 2731 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 2732 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2733 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
|
|---|
| 2734 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
|
|---|
| 2735 | 4238.25cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
|
|---|
| 2736 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2737 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2738 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\win32u.dll [redoing WinVerifyTrust]
|
|---|
| 2739 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
|
|---|
| 2740 | 4238.25cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\win32u.dll
|
|---|
| 2741 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 2742 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2743 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
|
|---|
| 2744 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
|
|---|
| 2745 | 4238.25cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
|
|---|
| 2746 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2747 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cc500000 'C:\Windows\System32\kernel32.dll'
|
|---|
| 2748 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll'.
|
|---|
| 2749 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2750 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2751 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2752 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll'.
|
|---|
| 2753 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2754 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\powrprof.dll'.
|
|---|
| 2755 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2756 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'.
|
|---|
| 2757 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2758 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\SHCore.dll'.
|
|---|
| 2759 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2760 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2761 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2762 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
|
|---|
| 2763 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2764 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\DXCore.dll'.
|
|---|
| 2765 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2766 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
|
|---|
| 2767 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2768 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
|
|---|
| 2769 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2770 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
|
|---|
| 2771 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2772 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2773 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2774 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
|
|---|
| 2775 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2776 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
|
|---|
| 2777 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2778 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
|
|---|
| 2779 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2780 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
|
|---|
| 2781 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2782 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
|
|---|
| 2783 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2784 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'.
|
|---|
| 2785 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2786 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll'.
|
|---|
| 2787 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2788 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2789 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2790 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll'.
|
|---|
| 2791 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2792 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\powrprof.dll'.
|
|---|
| 2793 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2794 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'.
|
|---|
| 2795 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2796 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\SHCore.dll'.
|
|---|
| 2797 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2798 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2799 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2800 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
|
|---|
| 2801 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2802 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\DXCore.dll'.
|
|---|
| 2803 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2804 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
|
|---|
| 2805 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2806 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
|
|---|
| 2807 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2808 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
|
|---|
| 2809 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2810 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2811 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2812 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
|
|---|
| 2813 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2814 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
|
|---|
| 2815 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2816 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
|
|---|
| 2817 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2818 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
|
|---|
| 2819 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2820 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
|
|---|
| 2821 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2822 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'.
|
|---|
| 2823 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2824 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
|
|---|
| 2825 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2826 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-string-l1-1-0'
|
|---|
| 2827 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll'.
|
|---|
| 2828 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2829 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2830 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2831 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll'.
|
|---|
| 2832 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2833 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\powrprof.dll'.
|
|---|
| 2834 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2835 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'.
|
|---|
| 2836 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2837 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\SHCore.dll'.
|
|---|
| 2838 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2839 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2840 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2841 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
|
|---|
| 2842 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2843 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\DXCore.dll'.
|
|---|
| 2844 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2845 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
|
|---|
| 2846 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2847 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
|
|---|
| 2848 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2849 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
|
|---|
| 2850 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2851 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2852 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2853 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
|
|---|
| 2854 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2855 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
|
|---|
| 2856 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2857 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
|
|---|
| 2858 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2859 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
|
|---|
| 2860 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2861 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
|
|---|
| 2862 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2863 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'.
|
|---|
| 2864 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2865 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll'.
|
|---|
| 2866 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2867 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2868 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2869 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll'.
|
|---|
| 2870 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2871 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\powrprof.dll'.
|
|---|
| 2872 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2873 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'.
|
|---|
| 2874 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2875 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\SHCore.dll'.
|
|---|
| 2876 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2877 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2878 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2879 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
|
|---|
| 2880 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2881 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\DXCore.dll'.
|
|---|
| 2882 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2883 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
|
|---|
| 2884 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2885 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
|
|---|
| 2886 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2887 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
|
|---|
| 2888 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2889 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2890 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2891 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
|
|---|
| 2892 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2893 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
|
|---|
| 2894 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2895 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
|
|---|
| 2896 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2897 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
|
|---|
| 2898 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2899 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
|
|---|
| 2900 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2901 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'.
|
|---|
| 2902 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2903 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 2904 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2905 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-datetime-l1-1-1'
|
|---|
| 2906 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll'.
|
|---|
| 2907 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2908 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2909 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2910 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll'.
|
|---|
| 2911 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2912 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\powrprof.dll'.
|
|---|
| 2913 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2914 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'.
|
|---|
| 2915 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2916 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\SHCore.dll'.
|
|---|
| 2917 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2918 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2919 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2920 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
|
|---|
| 2921 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2922 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\DXCore.dll'.
|
|---|
| 2923 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2924 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
|
|---|
| 2925 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2926 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
|
|---|
| 2927 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2928 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
|
|---|
| 2929 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2930 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2931 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2932 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
|
|---|
| 2933 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2934 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
|
|---|
| 2935 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2936 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
|
|---|
| 2937 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2938 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
|
|---|
| 2939 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2940 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
|
|---|
| 2941 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2942 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'.
|
|---|
| 2943 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2944 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll'.
|
|---|
| 2945 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2946 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2947 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2948 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll'.
|
|---|
| 2949 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2950 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\powrprof.dll'.
|
|---|
| 2951 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2952 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'.
|
|---|
| 2953 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2954 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\SHCore.dll'.
|
|---|
| 2955 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2956 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2957 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2958 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
|
|---|
| 2959 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 2960 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\DXCore.dll'.
|
|---|
| 2961 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 2962 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
|
|---|
| 2963 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 2964 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
|
|---|
| 2965 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 2966 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
|
|---|
| 2967 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 2968 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 2969 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 2970 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
|
|---|
| 2971 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 2972 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
|
|---|
| 2973 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 2974 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
|
|---|
| 2975 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 2976 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
|
|---|
| 2977 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 2978 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
|
|---|
| 2979 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 2980 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'.
|
|---|
| 2981 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 2982 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 2983 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2984 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-localization-obsolete-l1-2-0'
|
|---|
| 2985 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll'.
|
|---|
| 2986 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 2987 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll'.
|
|---|
| 2988 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 2989 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll'.
|
|---|
| 2990 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 2991 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\powrprof.dll'.
|
|---|
| 2992 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 2993 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'.
|
|---|
| 2994 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 2995 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\SHCore.dll'.
|
|---|
| 2996 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 2997 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll'.
|
|---|
| 2998 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 2999 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
|
|---|
| 3000 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 3001 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\DXCore.dll'.
|
|---|
| 3002 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 3003 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
|
|---|
| 3004 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 3005 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
|
|---|
| 3006 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 3007 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
|
|---|
| 3008 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 3009 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 3010 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 3011 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
|
|---|
| 3012 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 3013 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
|
|---|
| 3014 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 3015 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
|
|---|
| 3016 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 3017 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
|
|---|
| 3018 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 3019 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
|
|---|
| 3020 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 3021 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'.
|
|---|
| 3022 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 3023 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll'.
|
|---|
| 3024 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 3025 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll'.
|
|---|
| 3026 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 3027 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll'.
|
|---|
| 3028 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 3029 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\powrprof.dll'.
|
|---|
| 3030 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 3031 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'.
|
|---|
| 3032 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 3033 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\SHCore.dll'.
|
|---|
| 3034 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 3035 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll'.
|
|---|
| 3036 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 3037 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
|
|---|
| 3038 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 3039 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\DXCore.dll'.
|
|---|
| 3040 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 3041 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
|
|---|
| 3042 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 3043 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
|
|---|
| 3044 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 3045 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
|
|---|
| 3046 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 3047 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 3048 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 3049 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
|
|---|
| 3050 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 3051 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
|
|---|
| 3052 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 3053 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
|
|---|
| 3054 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 3055 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
|
|---|
| 3056 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 3057 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
|
|---|
| 3058 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 3059 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'.
|
|---|
| 3060 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 3061 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\imm32.dll'.
|
|---|
| 3062 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
|
|---|
| 3063 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
|
|---|
| 3064 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\imm32.dll)
|
|---|
| 3065 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\imm32.dll
|
|---|
| 3066 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 3067 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3068 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\win32u.dll [redoing WinVerifyTrust]
|
|---|
| 3069 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
|
|---|
| 3070 | 4238.25cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\win32u.dll
|
|---|
| 3071 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3072 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3073 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [redoing WinVerifyTrust]
|
|---|
| 3074 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
|
|---|
| 3075 | 4238.25cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\user32.dll
|
|---|
| 3076 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 3077 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cb540000 LB 0x0002e000 C:\Windows\System32\IMM32.DLL [fFlags=0x0]
|
|---|
| 3078 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
|
|---|
| 3079 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb540000 'C:\Windows\system32\IMM32.DLL'
|
|---|
| 3080 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\imm32.dll'.
|
|---|
| 3081 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\imm32.dll' [rescheduled]
|
|---|
| 3082 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll'.
|
|---|
| 3083 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 3084 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll'.
|
|---|
| 3085 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 3086 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll'.
|
|---|
| 3087 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 3088 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\powrprof.dll'.
|
|---|
| 3089 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 3090 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'.
|
|---|
| 3091 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 3092 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\SHCore.dll'.
|
|---|
| 3093 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 3094 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll'.
|
|---|
| 3095 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 3096 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
|
|---|
| 3097 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 3098 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\DXCore.dll'.
|
|---|
| 3099 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 3100 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
|
|---|
| 3101 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 3102 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
|
|---|
| 3103 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 3104 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
|
|---|
| 3105 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 3106 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 3107 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 3108 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
|
|---|
| 3109 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 3110 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
|
|---|
| 3111 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 3112 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
|
|---|
| 3113 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 3114 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
|
|---|
| 3115 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 3116 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
|
|---|
| 3117 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 3118 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'.
|
|---|
| 3119 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 3120 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\imm32.dll'.
|
|---|
| 3121 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\imm32.dll' [rescheduled]
|
|---|
| 3122 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll'.
|
|---|
| 3123 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 3124 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll'.
|
|---|
| 3125 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 3126 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll'.
|
|---|
| 3127 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 3128 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\powrprof.dll'.
|
|---|
| 3129 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 3130 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'.
|
|---|
| 3131 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 3132 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\SHCore.dll'.
|
|---|
| 3133 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 3134 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll'.
|
|---|
| 3135 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 3136 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
|
|---|
| 3137 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 3138 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\DXCore.dll'.
|
|---|
| 3139 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 3140 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
|
|---|
| 3141 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 3142 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
|
|---|
| 3143 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 3144 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
|
|---|
| 3145 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 3146 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 3147 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 3148 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
|
|---|
| 3149 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 3150 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
|
|---|
| 3151 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 3152 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
|
|---|
| 3153 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 3154 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
|
|---|
| 3155 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 3156 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
|
|---|
| 3157 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 3158 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'.
|
|---|
| 3159 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 3160 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 3161 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3162 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cca50000 'C:\Windows\System32\ADVAPI32.DLL'
|
|---|
| 3163 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\imm32.dll'.
|
|---|
| 3164 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\imm32.dll' [rescheduled]
|
|---|
| 3165 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll'.
|
|---|
| 3166 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 3167 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll'.
|
|---|
| 3168 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 3169 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll'.
|
|---|
| 3170 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 3171 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\powrprof.dll'.
|
|---|
| 3172 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 3173 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'.
|
|---|
| 3174 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\umpdc.dll' [rescheduled]
|
|---|
| 3175 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\SHCore.dll'.
|
|---|
| 3176 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 3177 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll'.
|
|---|
| 3178 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 3179 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
|
|---|
| 3180 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 3181 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\DXCore.dll'.
|
|---|
| 3182 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\DXCore.dll' [rescheduled]
|
|---|
| 3183 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
|
|---|
| 3184 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 3185 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
|
|---|
| 3186 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 3187 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
|
|---|
| 3188 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
|
|---|
| 3189 | 4238.25cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 3190 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
|
|---|
| 3191 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
|
|---|
| 3192 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 3193 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
|
|---|
| 3194 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 3195 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
|
|---|
| 3196 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
|
|---|
| 3197 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
|
|---|
| 3198 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 3199 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
|
|---|
| 3200 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 3201 | 4238.25cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'.
|
|---|
| 3202 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 3203 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff950230000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
|
|---|
| 3204 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3205 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3206 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\imm32.dll'
|
|---|
| 3207 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3208 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3209 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll'
|
|---|
| 3210 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3211 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3212 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll'
|
|---|
| 3213 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3214 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3215 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll'
|
|---|
| 3216 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3217 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3218 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\powrprof.dll'
|
|---|
| 3219 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3220 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3221 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'
|
|---|
| 3222 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3223 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3224 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\SHCore.dll'
|
|---|
| 3225 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3226 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3227 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll'
|
|---|
| 3228 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3229 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3230 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'
|
|---|
| 3231 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3232 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3233 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\DXCore.dll'
|
|---|
| 3234 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000554 pwszName=\Device\HarddiskVolume7\Windows\System32\glu32.dll
|
|---|
| 3235 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016bc5f0
|
|---|
| 3236 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016bc5f0
|
|---|
| 3237 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F356C86D0A2DBA0570D09B39D4AF818DFCB17010
|
|---|
| 3238 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3239 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3240 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.1533.cat'; file='\Device\HarddiskVolume7\Windows\System32\glu32.dll'
|
|---|
| 3241 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3242 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll'
|
|---|
| 3243 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3244 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3245 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll'
|
|---|
| 3246 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3247 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3248 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll'
|
|---|
| 3249 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3250 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
|
|---|
| 3251 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3252 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3253 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll'
|
|---|
| 3254 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3255 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3256 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'
|
|---|
| 3257 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3258 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3259 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\user32.dll'
|
|---|
| 3260 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3261 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3262 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'
|
|---|
| 3263 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3264 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3265 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\combase.dll'
|
|---|
| 3266 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll
|
|---|
| 3267 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3268 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3269 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3270 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'
|
|---|
| 3271 | 4238.25cc: SUPR3HardenedMain: Calling TrustedMain (00007ff9502316c0)...
|
|---|
| 3272 | 4238.25cc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
|
|---|
| 3273 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3274 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 3275 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
|
|---|
| 3276 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 3277 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
|
|---|
| 3278 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
|
|---|
| 3279 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
|
|---|
| 3280 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
|
|---|
| 3281 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
|
|---|
| 3282 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
|
|---|
| 3283 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
|
|---|
| 3284 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
|
|---|
| 3285 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
|
|---|
| 3286 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
|
|---|
| 3287 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3288 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3289 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 3290 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3291 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 3292 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 3293 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3294 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 3295 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3296 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3297 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 3298 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 3299 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3300 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shell32.dll
|
|---|
| 3301 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 3302 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3303 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
|
|---|
| 3304 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 3305 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume7\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3306 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmm.dll
|
|---|
| 3307 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 3308 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume7\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3309 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\imm32.dll
|
|---|
| 3310 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3311 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3312 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 3313 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3314 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ole32.dll
|
|---|
| 3315 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 3316 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3317 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3318 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
|
|---|
| 3319 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff98fa50000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
|
|---|
| 3320 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
|
|---|
| 3321 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fa50000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
|
|---|
| 3322 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a8 pwszName=\Device\HarddiskVolume7\Windows\System32\uxtheme.dll
|
|---|
| 3323 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016bc5f0
|
|---|
| 3324 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016bc5f0
|
|---|
| 3325 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC4075B94E896B3CAA9912F5E86E9C45EF536E1D
|
|---|
| 3326 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3327 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3328 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.18362.1556.cat'; file='\Device\HarddiskVolume7\Windows\System32\uxtheme.dll'
|
|---|
| 3329 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3330 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3331 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
|
|---|
| 3332 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
|
|---|
| 3333 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\uxtheme.dll) WinVerifyTrust
|
|---|
| 3334 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\uxtheme.dll
|
|---|
| 3335 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3336 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3337 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 3338 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3339 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3340 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3341 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 3342 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\uxtheme.dll
|
|---|
| 3343 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c4ed0000 LB 0x00099000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
|
|---|
| 3344 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\uxtheme.dll
|
|---|
| 3345 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c4ed0000 'C:\Windows\system32\uxtheme.dll'
|
|---|
| 3346 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cc8b0000 'C:\Windows\system32\user32.dll'
|
|---|
| 3347 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shell32.dll
|
|---|
| 3348 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3349 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cbb50000 'C:\Windows\system32\shell32.dll'
|
|---|
| 3350 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\SHCore.dll
|
|---|
| 3351 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3352 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ccdd0000 'C:\Windows\system32\SHCore.dll'
|
|---|
| 3353 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
|
|---|
| 3354 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
|
|---|
| 3355 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmm.dll
|
|---|
| 3356 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3357 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c4160000 'C:\Windows\system32\winmm.dll'
|
|---|
| 3358 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmm.dll
|
|---|
| 3359 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3360 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c4160000 'C:\Windows\system32\winmm.dll'
|
|---|
| 3361 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shell32.dll
|
|---|
| 3362 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3363 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cbb50000 'C:\Windows\system32\shell32.dll'
|
|---|
| 3364 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\uxtheme.dll
|
|---|
| 3365 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3366 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c4ed0000 'C:\Windows\system32\uxtheme.dll'
|
|---|
| 3367 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 3368 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3369 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cca50000 'C:\Windows\system32\advapi32.dll'
|
|---|
| 3370 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3371 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3372 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
|
|---|
| 3373 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'.
|
|---|
| 3374 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\userenv.dll) WinVerifyTrust
|
|---|
| 3375 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\userenv.dll
|
|---|
| 3376 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
|
|---|
| 3377 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume7\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3378 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\profapi.dll
|
|---|
| 3379 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3380 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3381 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3382 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\userenv.dll
|
|---|
| 3383 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ca080000 LB 0x00025000 C:\Windows\system32\userenv.dll [fFlags=0x0]
|
|---|
| 3384 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\userenv.dll
|
|---|
| 3385 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca080000 'C:\Windows\system32\userenv.dll'
|
|---|
| 3386 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\kernel32.dll
|
|---|
| 3387 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3388 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cc500000 'C:\Windows\System32\kernel32.dll'
|
|---|
| 3389 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cc240000 LB 0x000a2000 C:\Windows\System32\clbcatq.dll [fFlags=0x0]
|
|---|
| 3390 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3391 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
|
|---|
| 3392 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\clbcatq.dll)
|
|---|
| 3393 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\clbcatq.dll
|
|---|
| 3394 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3395 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3396 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3397 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3398 | 4238.2690: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3399 | 4238.2690: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3400 | 4238.2690: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\clbcatq.dll'
|
|---|
| 3401 | 4238.2690: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
|
|---|
| 3402 | 4238.2690: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3403 | 4238.2690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3404 | 4238.2690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 3405 | 4238.2690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 3406 | 4238.2690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 3407 | 4238.2690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
|
|---|
| 3408 | 4238.2690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
|
|---|
| 3409 | 4238.2690: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
|
|---|
| 3410 | 4238.2690: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 3411 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 3412 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3413 | 4238.2690: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
|
|---|
| 3414 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 3415 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3416 | 4238.2690: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ole32.dll
|
|---|
| 3417 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3418 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3419 | 4238.2690: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 3420 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3421 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3422 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 3423 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3424 | 4238.2690: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 3425 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3426 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3427 | 4238.2690: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3428 | 4238.2690: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 3429 | 4238.2690: supR3HardenedDllNotificationCallback: load 00007ff97f0a0000 LB 0x003c1000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
|
|---|
| 3430 | 4238.2690: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 3431 | 4238.2690: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97f0a0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
|
|---|
| 3432 | 4238.2690: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
|
|---|
| 3433 | 4238.2690: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3434 | 4238.2690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 3435 | 4238.2690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 3436 | 4238.2690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 3437 | 4238.2690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
|
|---|
| 3438 | 4238.2690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
|
|---|
| 3439 | 4238.2690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
|
|---|
| 3440 | 4238.2690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
|
|---|
| 3441 | 4238.2690: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
|
|---|
| 3442 | 4238.2690: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
|
|---|
| 3443 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3444 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3445 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 3446 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3447 | 4238.2690: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
|
|---|
| 3448 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 3449 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3450 | 4238.2690: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ole32.dll
|
|---|
| 3451 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 3452 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3453 | 4238.2690: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shlwapi.dll
|
|---|
| 3454 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3455 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3456 | 4238.2690: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\advapi32.dll
|
|---|
| 3457 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 3458 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3459 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 3460 | 4238.2690: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3461 | 4238.2690: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3462 | 4238.2690: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
|
|---|
| 3463 | 4238.2690: supR3HardenedDllNotificationCallback: load 00007ff9810d0000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
|
|---|
| 3464 | 4238.2690: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
|
|---|
| 3465 | 4238.2690: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9810d0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
|
|---|
| 3466 | 4238.2690: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
|
|---|
| 3467 | 4238.2690: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3468 | 4238.2690: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cce80000 'C:\Windows\System32\oleaut32.dll'
|
|---|
| 3469 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb9e0000 'C:\Windows\system32\gdi32.dll'
|
|---|
| 3470 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shell32.dll
|
|---|
| 3471 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3472 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cbb50000 'C:\Windows\system32\shell32.dll'
|
|---|
| 3473 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cc5c0000 LB 0x00135000 C:\Windows\System32\MSCTF.dll [fFlags=0x0]
|
|---|
| 3474 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3475 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
|
|---|
| 3476 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
|
|---|
| 3477 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
|
|---|
| 3478 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
|
|---|
| 3479 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'advapi32.dll'.
|
|---|
| 3480 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\msctf.dll)
|
|---|
| 3481 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\msctf.dll
|
|---|
| 3482 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3483 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3484 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 3485 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume7\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3486 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\imm32.dll
|
|---|
| 3487 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 3488 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3489 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3490 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3491 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll
|
|---|
| 3492 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 3493 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3494 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
|
|---|
| 3495 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3496 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3497 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3498 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3499 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\msctf.dll'
|
|---|
| 3500 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000990 pwszName=\Device\HarddiskVolume7\Windows\System32\DataExchange.dll
|
|---|
| 3501 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016bc5f0
|
|---|
| 3502 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016bc5f0
|
|---|
| 3503 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C9B0BE701CDD3934C4537BC9090BB23A9DABB80B
|
|---|
| 3504 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3505 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3506 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.18362.1556.cat'; file='\Device\HarddiskVolume7\Windows\System32\DataExchange.dll'
|
|---|
| 3507 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3508 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3509 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
|
|---|
| 3510 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
|
|---|
| 3511 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
|
|---|
| 3512 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
|
|---|
| 3513 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\DataExchange.dll) WinVerifyTrust
|
|---|
| 3514 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\DataExchange.dll
|
|---|
| 3515 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
|
|---|
| 3516 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume7\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3517 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3518 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3519 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
|
|---|
| 3520 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
|
|---|
| 3521 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\dcomp.dll) WinVerifyTrust
|
|---|
| 3522 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\dcomp.dll
|
|---|
| 3523 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
|
|---|
| 3524 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume7\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3525 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 3526 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3527 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
|
|---|
| 3528 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 3529 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3530 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\win32u.dll
|
|---|
| 3531 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3532 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3533 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3534 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'dxgi.dll'.
|
|---|
| 3535 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'win32u.dll'.
|
|---|
| 3536 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\d3d11.dll) WinVerifyTrust
|
|---|
| 3537 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\d3d11.dll
|
|---|
| 3538 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 3539 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3540 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\combase.dll
|
|---|
| 3541 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 3542 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume7\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3543 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\SHCore.dll
|
|---|
| 3544 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3545 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3546 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 3547 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3548 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\win32u.dll
|
|---|
| 3549 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
|
|---|
| 3550 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume7\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3551 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3552 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3553 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3554 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
|
|---|
| 3555 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\dxgi.dll) WinVerifyTrust
|
|---|
| 3556 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\dxgi.dll
|
|---|
| 3557 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3558 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3559 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
|
|---|
| 3560 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 3561 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3562 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3563 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3564 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3565 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\DataExchange.dll
|
|---|
| 3566 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\d3d11.dll
|
|---|
| 3567 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dcomp.dll
|
|---|
| 3568 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dxgi.dll
|
|---|
| 3569 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c8e60000 LB 0x000eb000 C:\Windows\system32\dxgi.dll [fFlags=0x0]
|
|---|
| 3570 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dxgi.dll
|
|---|
| 3571 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c4190000 LB 0x0025b000 C:\Windows\system32\d3d11.dll [fFlags=0x0]
|
|---|
| 3572 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\d3d11.dll
|
|---|
| 3573 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c43f0000 LB 0x001dd000 C:\Windows\system32\dcomp.dll [fFlags=0x0]
|
|---|
| 3574 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dcomp.dll
|
|---|
| 3575 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff994f30000 LB 0x0003b000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
|
|---|
| 3576 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\DataExchange.dll
|
|---|
| 3577 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb9e0000 'C:\Windows\System32\gdi32.dll'
|
|---|
| 3578 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff994f30000 'C:\Windows\system32\dataexchange.dll'
|
|---|
| 3579 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rmclient.dll'.
|
|---|
| 3580 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
|
|---|
| 3581 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
|
|---|
| 3582 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'msvcp_win.dll'.
|
|---|
| 3583 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\twinapi.appcore.dll)
|
|---|
| 3584 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\twinapi.appcore.dll
|
|---|
| 3585 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3586 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
|
|---|
| 3587 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\rmclient.dll)
|
|---|
| 3588 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\rmclient.dll
|
|---|
| 3589 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c5960000 LB 0x00029000 C:\Windows\system32\RMCLIENT.dll [fFlags=0x0]
|
|---|
| 3590 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
|
|---|
| 3591 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c5440000 LB 0x0025a000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
|
|---|
| 3592 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
|
|---|
| 3593 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3594 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3595 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3596 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3597 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 3598 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3599 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
|
|---|
| 3600 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 3601 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3602 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\combase.dll
|
|---|
| 3603 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3604 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3605 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
|
|---|
| 3606 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume7\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3607 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
|
|---|
| 3608 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3609 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3610 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\rmclient.dll'
|
|---|
| 3611 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3612 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll
|
|---|
| 3613 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3614 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3615 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\twinapi.appcore.dll'
|
|---|
| 3616 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\SHCore.dll
|
|---|
| 3617 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3618 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ccdd0000 'C:\Windows\system32\Shcore.dll'
|
|---|
| 3619 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3620 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
|
|---|
| 3621 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'coreuicomponents.dll'.
|
|---|
| 3622 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coremessaging.dll'.
|
|---|
| 3623 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\TextInputFramework.dll)
|
|---|
| 3624 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\TextInputFramework.dll
|
|---|
| 3625 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3626 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
|
|---|
| 3627 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'shcore.dll'.
|
|---|
| 3628 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\CoreUIComponents.dll)
|
|---|
| 3629 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\CoreUIComponents.dll
|
|---|
| 3630 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3631 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\CoreMessaging.dll)
|
|---|
| 3632 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\CoreMessaging.dll
|
|---|
| 3633 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\ntmarta.dll)
|
|---|
| 3634 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\ntmarta.dll
|
|---|
| 3635 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
|
|---|
| 3636 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
|
|---|
| 3637 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
|
|---|
| 3638 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\WinTypes.dll)
|
|---|
| 3639 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\WinTypes.dll
|
|---|
| 3640 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c91d0000 LB 0x00031000 C:\Windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
|
|---|
| 3641 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
|
|---|
| 3642 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c4a10000 LB 0x000d4000 C:\Windows\System32\CoreMessaging.dll [fFlags=0x0]
|
|---|
| 3643 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
|
|---|
| 3644 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c2870000 LB 0x00152000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0]
|
|---|
| 3645 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
|
|---|
| 3646 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c1e20000 LB 0x0032a000 C:\Windows\System32\CoreUIComponents.dll [fFlags=0x0]
|
|---|
| 3647 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
|
|---|
| 3648 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9b9120000 LB 0x0009b000 C:\Windows\System32\TextInputFramework.dll [fFlags=0x0]
|
|---|
| 3649 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
|
|---|
| 3650 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
|
|---|
| 3651 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3652 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll
|
|---|
| 3653 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3654 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3655 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 3656 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3657 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\combase.dll
|
|---|
| 3658 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3659 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3660 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 3661 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume7\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3662 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\SHCore.dll
|
|---|
| 3663 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
|
|---|
| 3664 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume7\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3665 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
|
|---|
| 3666 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3667 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3668 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
|
|---|
| 3669 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume7\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3670 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
|
|---|
| 3671 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
|
|---|
| 3672 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume7\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3673 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
|
|---|
| 3674 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3675 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3676 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3677 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3678 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3679 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3680 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\WinTypes.dll'
|
|---|
| 3681 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3682 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3683 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\ntmarta.dll'
|
|---|
| 3684 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3685 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3686 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\CoreMessaging.dll'
|
|---|
| 3687 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3688 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3689 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\CoreUIComponents.dll'
|
|---|
| 3690 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3691 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3692 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\TextInputFramework.dll'
|
|---|
| 3693 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 3694 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3695 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cc8b0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
|
|---|
| 3696 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 3697 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3698 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cc8b0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
|
|---|
| 3699 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 3700 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3701 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ccf50000 'api-ms-win-core-com-l1-1-0.dll'
|
|---|
| 3702 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3703 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\iertutil.dll)
|
|---|
| 3704 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\iertutil.dll
|
|---|
| 3705 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9b7140000 LB 0x002a7000 C:\Windows\System32\iertutil.dll [fFlags=0x0]
|
|---|
| 3706 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
|
|---|
| 3707 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3708 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3709 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3710 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3711 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\iertutil.dll'
|
|---|
| 3712 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ole32.dll
|
|---|
| 3713 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 3714 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ccb00000 'C:\Windows\system32\ole32.dll'
|
|---|
| 3715 | 4238.25cc: \Device\HarddiskVolume7\Windows\System32\SogouTSF.ime: Owner is administrators group.
|
|---|
| 3716 | 4238.25cc: \Device\HarddiskVolume7\Windows\System32\SogouTSF.ime: Signature #1/2: info status: 24202
|
|---|
| 3717 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3718 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 3719 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
|
|---|
| 3720 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
|
|---|
| 3721 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
|
|---|
| 3722 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'imm32.dll'.
|
|---|
| 3723 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
|
|---|
| 3724 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msimg32.dll'.
|
|---|
| 3725 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'gdi32.dll'.
|
|---|
| 3726 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
|
|---|
| 3727 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\SogouTSF.ime) WinVerifyTrust
|
|---|
| 3728 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\SogouTSF.ime
|
|---|
| 3729 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 3730 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3731 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shell32.dll
|
|---|
| 3732 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 3733 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3734 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll
|
|---|
| 3735 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msimg32.dll'...
|
|---|
| 3736 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msimg32.dll' -> '\Device\HarddiskVolume7\Windows\System32\msimg32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3737 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a74 pwszName=\Device\HarddiskVolume7\Windows\System32\msimg32.dll
|
|---|
| 3738 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016bc5f0
|
|---|
| 3739 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016bc5f0
|
|---|
| 3740 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFA60CA68D1C061D07DADDD82EEF5EA98E9E9C3C
|
|---|
| 3741 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3742 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3743 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0417~31bf3856ad364e35~amd64~~10.0.18362.1556.cat'; file='\Device\HarddiskVolume7\Windows\System32\msimg32.dll'
|
|---|
| 3744 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3745 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
|
|---|
| 3746 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\msimg32.dll) WinVerifyTrust
|
|---|
| 3747 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\msimg32.dll
|
|---|
| 3748 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
|
|---|
| 3749 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume7\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3750 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 3751 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3752 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3753 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3754 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3755 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\version.dll) WinVerifyTrust
|
|---|
| 3756 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\version.dll
|
|---|
| 3757 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 3758 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume7\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3759 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\imm32.dll
|
|---|
| 3760 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 3761 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3762 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
|
|---|
| 3763 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 3764 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3765 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3766 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3767 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3768 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3769 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3770 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3771 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SogouTSF.ime (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3772 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\SogouTSF.ime
|
|---|
| 3773 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\version.dll
|
|---|
| 3774 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msimg32.dll
|
|---|
| 3775 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9b9330000 LB 0x0000a000 C:\Windows\system32\VERSION.dll [fFlags=0x0]
|
|---|
| 3776 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\version.dll
|
|---|
| 3777 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ac9a0000 LB 0x00007000 C:\Windows\system32\MSIMG32.dll [fFlags=0x0]
|
|---|
| 3778 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msimg32.dll
|
|---|
| 3779 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff987f60000 LB 0x001ed000 C:\Windows\system32\SogouTSF.ime [fFlags=0x0]
|
|---|
| 3780 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\SogouTSF.ime
|
|---|
| 3781 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 3782 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3783 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 3784 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 3785 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3786 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 3787 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 3788 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3789 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 3790 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 3791 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3792 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 3793 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
|
|---|
| 3794 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3795 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-localization-l1-2-1'
|
|---|
| 3796 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\kernel32.dll
|
|---|
| 3797 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3798 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cc500000 'C:\Windows\System32\kernel32.dll'
|
|---|
| 3799 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
|
|---|
| 3800 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3801 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-string-l1-1-0'
|
|---|
| 3802 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 3803 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3804 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-datetime-l1-1-1'
|
|---|
| 3805 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 3806 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3807 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-localization-obsolete-l1-2-0'
|
|---|
| 3808 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987f60000 'C:\Windows\system32\SogouTSF.ime'
|
|---|
| 3809 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cca50000 'C:\Windows\System32\advapi32.dll'
|
|---|
| 3810 | 4238.25cc: \Device\HarddiskVolume7\Windows\System32\SogouPY.ime: Owner is administrators group.
|
|---|
| 3811 | 4238.25cc: \Device\HarddiskVolume7\Windows\System32\SogouPY.ime: Signature #1/2: info status: 24202
|
|---|
| 3812 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3813 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msimg32.dll'.
|
|---|
| 3814 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 3815 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
|
|---|
| 3816 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 3817 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'imm32.dll'.
|
|---|
| 3818 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'.
|
|---|
| 3819 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'winhttp.dll'.
|
|---|
| 3820 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleacc.dll'.
|
|---|
| 3821 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\SogouPY.ime) WinVerifyTrust
|
|---|
| 3822 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\SogouPY.ime
|
|---|
| 3823 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleacc.dll'...
|
|---|
| 3824 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleacc.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleacc.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3825 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aa0 pwszName=\Device\HarddiskVolume7\Windows\System32\oleacc.dll
|
|---|
| 3826 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016bc5f0
|
|---|
| 3827 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016bc5f0
|
|---|
| 3828 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1BEDEE19D2B5051E320169871E5D75A5E13293CB
|
|---|
| 3829 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3830 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3831 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04113~31bf3856ad364e35~amd64~~10.0.18362.1556.cat'; file='\Device\HarddiskVolume7\Windows\System32\oleacc.dll'
|
|---|
| 3832 | 4238.25cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3833 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
|
|---|
| 3834 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
|
|---|
| 3835 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\oleacc.dll) WinVerifyTrust
|
|---|
| 3836 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\oleacc.dll
|
|---|
| 3837 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winhttp.dll'...
|
|---|
| 3838 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winhttp.dll' -> '\Device\HarddiskVolume7\Windows\System32\winhttp.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3839 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3840 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3841 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3842 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3843 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3844 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3845 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\winhttp.dll) WinVerifyTrust
|
|---|
| 3846 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\winhttp.dll
|
|---|
| 3847 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 3848 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3849 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shlwapi.dll
|
|---|
| 3850 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 3851 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume7\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3852 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\imm32.dll
|
|---|
| 3853 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3854 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3855 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 3856 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3857 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3858 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3859 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msimg32.dll'...
|
|---|
| 3860 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msimg32.dll' -> '\Device\HarddiskVolume7\Windows\System32\msimg32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3861 | 4238.25cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msimg32.dll
|
|---|
| 3862 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SogouPy.ime (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3863 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\SogouPY.ime
|
|---|
| 3864 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winhttp.dll
|
|---|
| 3865 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleacc.dll
|
|---|
| 3866 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c21d0000 LB 0x000fa000 C:\Windows\SYSTEM32\WINHTTP.dll [fFlags=0x0]
|
|---|
| 3867 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winhttp.dll
|
|---|
| 3868 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9ac8a0000 LB 0x00065000 C:\Windows\SYSTEM32\OLEACC.dll [fFlags=0x0]
|
|---|
| 3869 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleacc.dll
|
|---|
| 3870 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9876c0000 LB 0x00894000 C:\Windows\system32\SogouPy.ime [fFlags=0x0]
|
|---|
| 3871 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\SogouPY.ime
|
|---|
| 3872 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 3873 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3874 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 3875 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 3876 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3877 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 3878 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 3879 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3880 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 3881 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 3882 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3883 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 3884 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
|
|---|
| 3885 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3886 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-localization-l1-2-1'
|
|---|
| 3887 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9876c0000 'C:\Windows\system32\SogouPy.ime'
|
|---|
| 3888 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\version.dll
|
|---|
| 3889 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\VERSION.dll (Input=VERSION.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3890 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b9330000 'C:\Windows\System32\VERSION.dll'
|
|---|
| 3891 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cbb50000 'C:\Windows\System32\SHELL32.dll'
|
|---|
| 3892 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cca50000 'C:\Windows\System32\advapi32.dll'
|
|---|
| 3893 | 4238.25cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-sysinfo-l1-2-1) -> 0x0, fPresent=1
|
|---|
| 3894 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-sysinfo-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3895 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca480000 'api-ms-win-core-sysinfo-l1-2-1'
|
|---|
| 3896 | 4238.25cc: '\Device\HarddiskVolume7\Windows\System32\tzres.dll' has no imports
|
|---|
| 3897 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume7\Windows\System32\tzres.dll)
|
|---|
| 3898 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\tzres.dll
|
|---|
| 3899 | 4238.25cc: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000adc (hFile=0000000000000ac4) with 0xc0000022 -> STATUS_TRUST_FAILURE
|
|---|
| 3900 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
|
|---|
| 3901 | 4238.25cc: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000ac4 (hFile=0000000000000adc) with 0xc0000022 -> STATUS_TRUST_FAILURE
|
|---|
| 3902 | 4238.1b08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000abc pwszName=\Device\HarddiskVolume7\Windows\System32\tzres.dll
|
|---|
| 3903 | 4238.1b08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000016bc5f0
|
|---|
| 3904 | 4238.1b08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000016bc5f0
|
|---|
| 3905 | 4238.1b08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8814DF0E7FA142C8E6915E250703639DB1408C82
|
|---|
| 3906 | 4238.1b08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3907 | 4238.1b08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3908 | 4238.3c28: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-appmodel-runtime-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 3909 | 4238.3c28: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-appmodel-runtime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3910 | 4238.3c28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca210000 'api-ms-win-appmodel-runtime-l1-1-1'
|
|---|
| 3911 | 4238.1b08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.1556.cat'; file='\Device\HarddiskVolume7\Windows\System32\tzres.dll'
|
|---|
| 3912 | 4238.1b08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3913 | 4238.1b08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\tzres.dll'
|
|---|
| 3914 | 4238.1b08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-appmodel-runtime-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 3915 | 4238.1b08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-appmodel-runtime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3916 | 4238.1b08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ca210000 'api-ms-win-appmodel-runtime-l1-1-1'
|
|---|
| 3917 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ccb00000 'C:\Windows\System32\ole32.dll'
|
|---|
| 3918 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msctf.dll
|
|---|
| 3919 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3920 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cc5c0000 'C:\Windows\System32\msctf.dll'
|
|---|
| 3921 | 4238.25cc: \Device\HarddiskVolume7\Program Files (x86)\SogouInput\9.8.0.3746\Resource.dll: Owner is administrators group.
|
|---|
| 3922 | 4238.3c28: \Device\HarddiskVolume7\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1879\PicFace64.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 24 95 d8 46 3b 14 b8 c6 81 08 f0 e9 03 00 00)
|
|---|
| 3923 | 4238.3c28: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume7\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1879\PicFace64.dll)
|
|---|
| 3924 | 4238.3c28: Error (rc=0):
|
|---|
| 3925 | 4238.3c28: supR3HardenedScreenImage/NtCreateSection: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x5 fAccess=0x2 \Device\HarddiskVolume7\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1879\PicFace64.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume7\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1879\PicFace64.dll'.
|
|---|
| 3926 | 4238.3c28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1879\PicFace64.dll
|
|---|
| 3927 | 4238.3c28: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume7\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1879\PicFace64.dll [lacks WinVerifyTrust]
|
|---|
| 3928 | 4238.3c28: Error (rc=0):
|
|---|
| 3929 | 4238.3c28: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x2 fAccess=0x5 cHits=1 \Device\HarddiskVolume7\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1879\PicFace64.dll
|
|---|
| 3930 | 4238.3c28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume7\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1879\PicFace64.dll [lacks WinVerifyTrust]
|
|---|
| 3931 | 4238.3c28: Error (rc=0):
|
|---|
| 3932 | 4238.3c28: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume7\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1879\PicFace64.dll
|
|---|
| 3933 | 4238.3c28: Error (rc=0):
|
|---|
| 3934 | 4238.3c28: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1879\PicFace64.dll' (C:\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1879\PicFace64.dll): rcNt=0xc0000190
|
|---|
| 3935 | 4238.3c28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1879\PicFace64.dll'
|
|---|
| 3936 | 4238.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume7\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1879\PicFace64.dll [lacks WinVerifyTrust]
|
|---|
| 3937 | 4238.14ac: Error (rc=0):
|
|---|
| 3938 | 4238.14ac: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x2 fAccess=0x5 cHits=3 \Device\HarddiskVolume7\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1879\PicFace64.dll
|
|---|
| 3939 | 4238.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume7\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1879\PicFace64.dll [lacks WinVerifyTrust]
|
|---|
| 3940 | 4238.14ac: Error (rc=0):
|
|---|
| 3941 | 4238.14ac: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x2 fAccess=0x5 cHits=4 \Device\HarddiskVolume7\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1879\PicFace64.dll
|
|---|
| 3942 | 4238.25cc: \Device\HarddiskVolume7\Program Files (x86)\SogouInput\9.8.0.3746\Resource.dll: Signature #1/2: info status: 24202
|
|---|
| 3943 | 4238.25cc: '\Device\HarddiskVolume7\Program Files (x86)\SogouInput\9.8.0.3746\Resource.dll' has no imports
|
|---|
| 3944 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files (x86)\SogouInput\9.8.0.3746\Resource.dll)
|
|---|
| 3945 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files (x86)\SogouInput\9.8.0.3746\Resource.dll
|
|---|
| 3946 | 4238.25cc: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000b88 (hFile=0000000000000b80) with 0xc0000022 -> STATUS_TRUST_FAILURE
|
|---|
| 3947 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files (x86)\SogouInput\9.8.0.3746\Resource.dll [avoiding WinVerifyTrust]
|
|---|
| 3948 | 4238.25cc: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000b80 (hFile=0000000000000b88) with 0xc0000022 -> STATUS_TRUST_FAILURE
|
|---|
| 3949 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3950 | 4238.25cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Program Files (x86)\SogouInput\9.8.0.3746\Resource.dll'
|
|---|
| 3951 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files (x86)\SogouInput\9.8.0.3746\Resource.dll
|
|---|
| 3952 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\SogouInput\9.8.0.3746\Resource.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3953 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files (x86)\SogouInput\9.8.0.3746\Resource.dll
|
|---|
| 3954 | 4238.25cc: supR3HardenedDllNotificationCallback: load 0000000010000000 LB 0x0011d000 C:\Program Files (x86)\SogouInput\9.8.0.3746\Resource.dll [fFlags=0x0]
|
|---|
| 3955 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files (x86)\SogouInput\9.8.0.3746\Resource.dll
|
|---|
| 3956 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000010000000 'C:\Program Files (x86)\SogouInput\9.8.0.3746\Resource.dll'
|
|---|
| 3957 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3958 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3959 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3960 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'win32u.dll'.
|
|---|
| 3961 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
|
|---|
| 3962 | 4238.25cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'gdi32.dll'.
|
|---|
| 3963 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\dwmapi.dll) WinVerifyTrust
|
|---|
| 3964 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\dwmapi.dll
|
|---|
| 3965 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 3966 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3967 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3968 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3969 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 3970 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3971 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3972 | 4238.25cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3973 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3974 | 4238.25cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dwmapi.dll
|
|---|
| 3975 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9c56a0000 LB 0x0002d000 C:\Windows\System32\dwmapi.dll [fFlags=0x0]
|
|---|
| 3976 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dwmapi.dll
|
|---|
| 3977 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c56a0000 'C:\Windows\System32\dwmapi.dll'
|
|---|
| 3978 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c9550000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 3979 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cb050000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 3980 | 4238.25cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\psapi.dll) WinVerifyTrust
|
|---|
| 3981 | 4238.25cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\psapi.dll
|
|---|
| 3982 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\PSAPI.DLL (Input=PSAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3983 | 4238.25cc: supR3HardenedDllNotificationCallback: load 00007ff9cba10000 LB 0x00008000 C:\Windows\System32\PSAPI.DLL [fFlags=0x0]
|
|---|
| 3984 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\psapi.dll
|
|---|
| 3985 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cba10000 'C:\Windows\System32\PSAPI.DLL'
|
|---|
| 3986 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msctf.dll
|
|---|
| 3987 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 3988 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cc5c0000 'C:\Windows\System32\MSCTF.dll'
|
|---|
| 3989 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cbb50000 'C:\Windows\system32\shell32.dll'
|
|---|
| 3990 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9cbb50000 'C:\Windows\system32\shell32.dll'
|
|---|
| 3991 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dwmapi.dll
|
|---|
| 3992 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3993 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c56a0000 'C:\Windows\system32\dwmapi.dll'
|
|---|
| 3994 | 4238.25cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\uxtheme.dll
|
|---|
| 3995 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3996 | 4238.25cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c4ed0000 'C:\Windows\system32\uxtheme.dll'
|
|---|
| 3997 | 3b30.31a8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x1, rcNt1=0x0, rcNt2=0x0, rcNt3=0x0, 16110 ms, the end);
|
|---|