| 1 | 27b8.2508: Log file opened: 6.1.32r149290 g_hStartupLog=0000000000000090 g_uNtVerCombined=0xa04a6300
|
|---|
| 2 | 27b8.2508: \SystemRoot\System32\ntdll.dll:
|
|---|
| 3 | 27b8.2508: CreationTime: 2021-10-27T05:58:34.802808600Z
|
|---|
| 4 | 27b8.2508: LastWriteTime: 2021-10-27T05:58:34.896660900Z
|
|---|
| 5 | 27b8.2508: ChangeTime: 2022-01-13T08:41:51.628835900Z
|
|---|
| 6 | 27b8.2508: FileAttributes: 0x20
|
|---|
| 7 | 27b8.2508: Size: 0x1ee520
|
|---|
| 8 | 27b8.2508: NT Headers: 0xe8
|
|---|
| 9 | 27b8.2508: Timestamp: 0xa280d1d6
|
|---|
| 10 | 27b8.2508: Machine: 0x8664 - amd64
|
|---|
| 11 | 27b8.2508: Timestamp: 0xa280d1d6
|
|---|
| 12 | 27b8.2508: Image Version: 10.0
|
|---|
| 13 | 27b8.2508: SizeOfImage: 0x1f5000 (2052096)
|
|---|
| 14 | 27b8.2508: Resource Dir: 0x184000 LB 0x6fdc8
|
|---|
| 15 | 27b8.2508: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 16 | 27b8.2508: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 17 | 27b8.2508: ProductName: Microsoft® Windows® Operating System
|
|---|
| 18 | 27b8.2508: ProductVersion: 10.0.19041.1288
|
|---|
| 19 | 27b8.2508: FileVersion: 10.0.19041.1288 (WinBuild.160101.0800)
|
|---|
| 20 | 27b8.2508: FileDescription: NT Layer DLL
|
|---|
| 21 | 27b8.2508: \SystemRoot\System32\kernel32.dll:
|
|---|
| 22 | 27b8.2508: CreationTime: 2021-11-19T08:36:55.937767800Z
|
|---|
| 23 | 27b8.2508: LastWriteTime: 2021-11-19T08:36:55.984755000Z
|
|---|
| 24 | 27b8.2508: ChangeTime: 2022-01-13T08:41:50.925757700Z
|
|---|
| 25 | 27b8.2508: FileAttributes: 0x20
|
|---|
| 26 | 27b8.2508: Size: 0xbc058
|
|---|
| 27 | 27b8.2508: NT Headers: 0xe8
|
|---|
| 28 | 27b8.2508: Timestamp: 0x38b369c4
|
|---|
| 29 | 27b8.2508: Machine: 0x8664 - amd64
|
|---|
| 30 | 27b8.2508: Timestamp: 0x38b369c4
|
|---|
| 31 | 27b8.2508: Image Version: 10.0
|
|---|
| 32 | 27b8.2508: SizeOfImage: 0xbe000 (778240)
|
|---|
| 33 | 27b8.2508: Resource Dir: 0xbc000 LB 0x520
|
|---|
| 34 | 27b8.2508: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 35 | 27b8.2508: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 36 | 27b8.2508: ProductName: Microsoft® Windows® Operating System
|
|---|
| 37 | 27b8.2508: ProductVersion: 10.0.19041.1348
|
|---|
| 38 | 27b8.2508: FileVersion: 10.0.19041.1348 (WinBuild.160101.0800)
|
|---|
| 39 | 27b8.2508: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 40 | 27b8.2508: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 41 | 27b8.2508: CreationTime: 2021-12-06T08:06:41.215811900Z
|
|---|
| 42 | 27b8.2508: LastWriteTime: 2021-12-06T08:06:41.293931100Z
|
|---|
| 43 | 27b8.2508: ChangeTime: 2022-01-13T08:41:51.644459900Z
|
|---|
| 44 | 27b8.2508: FileAttributes: 0x20
|
|---|
| 45 | 27b8.2508: Size: 0x2c9168
|
|---|
| 46 | 27b8.2508: NT Headers: 0xf0
|
|---|
| 47 | 27b8.2508: Timestamp: 0xb9a844a
|
|---|
| 48 | 27b8.2508: Machine: 0x8664 - amd64
|
|---|
| 49 | 27b8.2508: Timestamp: 0xb9a844a
|
|---|
| 50 | 27b8.2508: Image Version: 10.0
|
|---|
| 51 | 27b8.2508: SizeOfImage: 0x2c8000 (2916352)
|
|---|
| 52 | 27b8.2508: Resource Dir: 0x29f000 LB 0x548
|
|---|
| 53 | 27b8.2508: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 54 | 27b8.2508: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 55 | 27b8.2508: ProductName: Microsoft® Windows® Operating System
|
|---|
| 56 | 27b8.2508: ProductVersion: 10.0.19041.1387
|
|---|
| 57 | 27b8.2508: FileVersion: 10.0.19041.1387 (WinBuild.160101.0800)
|
|---|
| 58 | 27b8.2508: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 59 | 27b8.2508: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 60 | 27b8.2508: CreationTime: 2019-12-07T09:08:13.518339400Z
|
|---|
| 61 | 27b8.2508: LastWriteTime: 2019-12-07T09:08:13.518339400Z
|
|---|
| 62 | 27b8.2508: ChangeTime: 2022-01-13T08:41:54.534953300Z
|
|---|
| 63 | 27b8.2508: FileAttributes: 0x20
|
|---|
| 64 | 27b8.2508: Size: 0x1f538
|
|---|
| 65 | 27b8.2508: NT Headers: 0xd0
|
|---|
| 66 | 27b8.2508: Timestamp: 0x31288ce0
|
|---|
| 67 | 27b8.2508: Machine: 0x8664 - amd64
|
|---|
| 68 | 27b8.2508: Timestamp: 0x31288ce0
|
|---|
| 69 | 27b8.2508: Image Version: 10.0
|
|---|
| 70 | 27b8.2508: SizeOfImage: 0x20000 (131072)
|
|---|
| 71 | 27b8.2508: Resource Dir: 0x1f000 LB 0x408
|
|---|
| 72 | 27b8.2508: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 73 | 27b8.2508: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 74 | 27b8.2508: ProductName: Microsoft® Windows® Operating System
|
|---|
| 75 | 27b8.2508: ProductVersion: 10.0.19041.1
|
|---|
| 76 | 27b8.2508: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
|
|---|
| 77 | 27b8.2508: FileDescription: ApiSet Schema DLL
|
|---|
| 78 | 27b8.2508: supR3HardenedWinFindAdversaries: 0x0
|
|---|
| 79 | 27b8.2508: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
|
|---|
| 80 | 27b8.2508: Calling main()
|
|---|
| 81 | 27b8.2508: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
|
|---|
| 82 | 27b8.2508: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
|
|---|
| 83 | 27b8.2508: SUPR3HardenedMain: Respawn #1
|
|---|
| 84 | 27b8.2508: System32: \Device\HarddiskVolume2\Windows\System32
|
|---|
| 85 | 27b8.2508: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
|
|---|
| 86 | 27b8.2508: KnownDllPath: C:\Windows\System32
|
|---|
| 87 | 27b8.2508: supR3HardenedWinInit: Performing a limited self purification...
|
|---|
| 88 | 27b8.2508: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
|
|---|
| 89 | 27b8.2508: *0000000000000000-0000000000b0ffff 0x0001/0x0000 0x0000000
|
|---|
| 90 | 27b8.2508: *0000000000b10000-0000000000b1ffff 0x0004/0x0004 0x0040000
|
|---|
| 91 | 27b8.2508: 0000000000b20000-0000000000b2ffff 0x0001/0x0000 0x0000000
|
|---|
| 92 | 27b8.2508: *0000000000b30000-0000000000b4cfff 0x0002/0x0002 0x0040000
|
|---|
| 93 | 27b8.2508: 0000000000b4d000-0000000000b4ffff 0x0001/0x0000 0x0000000
|
|---|
| 94 | 27b8.2508: *0000000000b50000-0000000000b53fff 0x0002/0x0002 0x0040000
|
|---|
| 95 | 27b8.2508: 0000000000b54000-0000000000b5ffff 0x0001/0x0000 0x0000000
|
|---|
| 96 | 27b8.2508: *0000000000b60000-0000000000b61fff 0x0004/0x0004 0x0020000
|
|---|
| 97 | 27b8.2508: 0000000000b62000-0000000000b6ffff 0x0001/0x0000 0x0000000
|
|---|
| 98 | 27b8.2508: *0000000000b70000-0000000000b71fff 0x0004/0x0004 0x0020000
|
|---|
| 99 | 27b8.2508: 0000000000b72000-0000000000ba1fff 0x0000/0x0004 0x0020000
|
|---|
| 100 | 27b8.2508: 0000000000ba2000-0000000000bfffff 0x0001/0x0000 0x0000000
|
|---|
| 101 | 27b8.2508: *0000000000c00000-0000000000d4efff 0x0000/0x0004 0x0020000
|
|---|
| 102 | 27b8.2508: 0000000000d4f000-0000000000d51fff 0x0004/0x0004 0x0020000
|
|---|
| 103 | 27b8.2508: 0000000000d52000-0000000000dfffff 0x0000/0x0004 0x0020000
|
|---|
| 104 | 27b8.2508: *0000000000e00000-0000000000eb8fff 0x0000/0x0004 0x0020000
|
|---|
| 105 | 27b8.2508: 0000000000eb9000-0000000000ebbfff 0x0104/0x0004 0x0020000
|
|---|
| 106 | 27b8.2508: 0000000000ebc000-0000000000efffff 0x0004/0x0004 0x0020000
|
|---|
| 107 | 27b8.2508: *0000000000f00000-0000000000fc8fff 0x0002/0x0002 0x0040000
|
|---|
| 108 | 27b8.2508: 0000000000fc9000-0000000000fcffff 0x0001/0x0000 0x0000000
|
|---|
| 109 | 27b8.2508: *0000000000fd0000-0000000000ff6fff 0x0004/0x0004 0x0020000
|
|---|
| 110 | 27b8.2508: 0000000000ff7000-00000000010cffff 0x0000/0x0004 0x0020000
|
|---|
| 111 | 27b8.2508: 00000000010d0000-00000000010dffff 0x0001/0x0000 0x0000000
|
|---|
| 112 | 27b8.2508: *00000000010e0000-00000000010eafff 0x0004/0x0004 0x0020000
|
|---|
| 113 | 27b8.2508: 00000000010eb000-00000000011dffff 0x0000/0x0004 0x0020000
|
|---|
| 114 | 27b8.2508: 00000000011e0000-000000000136ffff 0x0001/0x0000 0x0000000
|
|---|
| 115 | 27b8.2508: *0000000001370000-000000000137efff 0x0004/0x0004 0x0020000
|
|---|
| 116 | 27b8.2508: 000000000137f000-000000000137ffff 0x0000/0x0004 0x0020000
|
|---|
| 117 | 27b8.2508: *0000000001380000-0000000001386fff 0x0000/0x0004 0x0020000
|
|---|
| 118 | 27b8.2508: 0000000001387000-000000000157cfff 0x0004/0x0004 0x0020000
|
|---|
| 119 | 27b8.2508: 000000000157d000-000000000157dfff 0x0000/0x0004 0x0020000
|
|---|
| 120 | 27b8.2508: 000000000157e000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 121 | 27b8.2508: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 122 | 27b8.2508: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000
|
|---|
| 123 | 27b8.2508: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000
|
|---|
| 124 | 27b8.2508: 000000007ffec000-00007ff413ebffff 0x0001/0x0000 0x0000000
|
|---|
| 125 | 27b8.2508: *00007ff413ec0000-00007ff413ec4fff 0x0002/0x0002 0x0040000
|
|---|
| 126 | 27b8.2508: 00007ff413ec5000-00007ff413fbffff 0x0000/0x0002 0x0040000
|
|---|
| 127 | 27b8.2508: *00007ff413fc0000-00007ff513fdffff 0x0000/0x0004 0x0020000
|
|---|
| 128 | 27b8.2508: *00007ff513fe0000-00007ff515fdffff 0x0000/0x0004 0x0020000
|
|---|
| 129 | 27b8.2508: 00007ff515fe0000-00007ff515fe0fff 0x0004/0x0004 0x0020000
|
|---|
| 130 | 27b8.2508: 00007ff515fe1000-00007ff515feffff 0x0001/0x0000 0x0000000
|
|---|
| 131 | 27b8.2508: *00007ff515ff0000-00007ff515ff0fff 0x0002/0x0002 0x0040000
|
|---|
| 132 | 27b8.2508: 00007ff515ff1000-00007ff515ffffff 0x0001/0x0000 0x0000000
|
|---|
| 133 | 27b8.2508: *00007ff516000000-00007ff516022fff 0x0002/0x0002 0x0040000
|
|---|
| 134 | 27b8.2508: 00007ff516023000-00007ff714eeffff 0x0001/0x0000 0x0000000
|
|---|
| 135 | 27b8.2508: *00007ff714ef0000-00007ff714ef0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 136 | 27b8.2508: 00007ff714ef1000-00007ff714f67fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 137 | 27b8.2508: 00007ff714f68000-00007ff714f68fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 138 | 27b8.2508: 00007ff714f69000-00007ff714fb1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 139 | 27b8.2508: 00007ff714fb2000-00007ff714fb4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 140 | 27b8.2508: 00007ff714fb5000-00007ff714fb7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 141 | 27b8.2508: 00007ff714fb8000-00007ff714fbafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 142 | 27b8.2508: 00007ff714fbb000-00007ff714fbbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 143 | 27b8.2508: 00007ff714fbc000-00007ff714fbdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 144 | 27b8.2508: 00007ff714fbe000-00007ff714fbefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 145 | 27b8.2508: 00007ff714fbf000-00007ff715007fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 146 | 27b8.2508: 00007ff715008000-00007ff89476ffff 0x0001/0x0000 0x0000000
|
|---|
| 147 | 27b8.2508: *00007ff894770000-00007ff894770fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apphelp.dll
|
|---|
| 148 | 27b8.2508: 00007ff894771000-00007ff8947befff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apphelp.dll
|
|---|
| 149 | 27b8.2508: 00007ff8947bf000-00007ff8947e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apphelp.dll
|
|---|
| 150 | 27b8.2508: 00007ff8947e1000-00007ff8947e3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apphelp.dll
|
|---|
| 151 | 27b8.2508: 00007ff8947e4000-00007ff8947fffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apphelp.dll
|
|---|
| 152 | 27b8.2508: 00007ff894800000-00007ff8971fffff 0x0001/0x0000 0x0000000
|
|---|
| 153 | 27b8.2508: *00007ff897200000-00007ff897200fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 154 | 27b8.2508: 00007ff897201000-00007ff897311fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 155 | 27b8.2508: 00007ff897312000-00007ff897489fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 156 | 27b8.2508: 00007ff89748a000-00007ff89748dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 157 | 27b8.2508: 00007ff89748e000-00007ff89748efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 158 | 27b8.2508: 00007ff89748f000-00007ff8974c7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 159 | 27b8.2508: 00007ff8974c8000-00007ff8988dffff 0x0001/0x0000 0x0000000
|
|---|
| 160 | 27b8.2508: *00007ff8988e0000-00007ff8988e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 161 | 27b8.2508: 00007ff8988e1000-00007ff89895ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 162 | 27b8.2508: 00007ff898960000-00007ff898992fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 163 | 27b8.2508: 00007ff898993000-00007ff898993fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 164 | 27b8.2508: 00007ff898994000-00007ff898994fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 165 | 27b8.2508: 00007ff898995000-00007ff89899dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 166 | 27b8.2508: 00007ff89899e000-00007ff89974ffff 0x0001/0x0000 0x0000000
|
|---|
| 167 | 27b8.2508: *00007ff899750000-00007ff899750fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 168 | 27b8.2508: 00007ff899751000-00007ff89986bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 169 | 27b8.2508: 00007ff89986c000-00007ff8998b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 170 | 27b8.2508: 00007ff8998b4000-00007ff8998b4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 171 | 27b8.2508: 00007ff8998b5000-00007ff8998b6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 172 | 27b8.2508: 00007ff8998b7000-00007ff8998bffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 173 | 27b8.2508: 00007ff8998c0000-00007ff899944fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 174 | 27b8.2508: 00007ff899945000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 175 | 27b8.2508: kernel32.dll: timestamp 0x38b369c4 (rc=VINF_SUCCESS)
|
|---|
| 176 | 27b8.2508: kernelbase.dll: timestamp 0xb9a844a (rc=VINF_SUCCESS)
|
|---|
| 177 | 27b8.2508: apphelp.dll: timestamp 0x723081cd (rc=VINF_SUCCESS)
|
|---|
| 178 | 27b8.2508: VirtualBoxVM.exe: timestamp 0x61e55350 (rc=VINF_SUCCESS)
|
|---|
| 179 | 27b8.2508: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 180 | 27b8.2508: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 181 | 27b8.2508: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
|
|---|
| 182 | 27b8.2508: apphelp.dll: Differences in section #2 (.rdata) between file and memory:
|
|---|
| 183 | 27b8.2508: 00007ff8947c0e78 / 0x0050e78: 50 != 60
|
|---|
| 184 | 27b8.2508: 00007ff8947c0e79 / 0x0050e79: cd != 07
|
|---|
| 185 | 27b8.2508: 00007ff8947c0e7a / 0x0050e7a: 27 != 90
|
|---|
| 186 | 27b8.2508: 00007ff8947c0e7b / 0x0050e7b: 97 != 98
|
|---|
| 187 | 27b8.2508: 00007ff8947c0e80 / 0x0050e80: b0 != 50
|
|---|
| 188 | 27b8.2508: 00007ff8947c0e81 / 0x0050e81: 22 != 55
|
|---|
| 189 | 27b8.2508: 00007ff8947c0e82 / 0x0050e82: 24 != 8f
|
|---|
| 190 | 27b8.2508: 00007ff8947c0e83 / 0x0050e83: 97 != 98
|
|---|
| 191 | 27b8.2508: 00007ff8947c0e88 / 0x0050e88: 60 != 80
|
|---|
| 192 | 27b8.2508: 00007ff8947c0e89 / 0x0050e89: b0 != 48
|
|---|
| 193 | 27b8.2508: 00007ff8947c0e8a / 0x0050e8a: 23 != 90
|
|---|
| 194 | 27b8.2508: 00007ff8947c0e8b / 0x0050e8b: 97 != 98
|
|---|
| 195 | 27b8.2508: 00007ff8947c0e90 / 0x0050e90: a0 != f0
|
|---|
| 196 | 27b8.2508: 00007ff8947c0e91 / 0x0050e91: 2d != c7
|
|---|
| 197 | 27b8.2508: 00007ff8947c0e92 / 0x0050e92: 23 != 8f
|
|---|
| 198 | 27b8.2508: 00007ff8947c0e93 / 0x0050e93: 97 != 98
|
|---|
| 199 | 27b8.2508: 00007ff8947c0e98 / 0x0050e98: 00 != 90
|
|---|
| 200 | 27b8.2508: 00007ff8947c0e99 / 0x0050e99: 17 != 48
|
|---|
| 201 | 27b8.2508: 00007ff8947c0e9a / 0x0050e9a: 26 != 90
|
|---|
| 202 | 27b8.2508: 00007ff8947c0e9b / 0x0050e9b: 97 != 98
|
|---|
| 203 | 27b8.2508: 00007ff8947c0ea0 / 0x0050ea0: 40 != 60
|
|---|
| 204 | 27b8.2508: 00007ff8947c0ea1 / 0x0050ea1: 71 != cb
|
|---|
| 205 | 27b8.2508: 00007ff8947c0ea2 / 0x0050ea2: 20 != 8f
|
|---|
| 206 | 27b8.2508: 00007ff8947c0ea3 / 0x0050ea3: 97 != 98
|
|---|
| 207 | 27b8.2508: 00007ff8947c0ea8 / 0x0050ea8: e0 != d0
|
|---|
| 208 | 27b8.2508: 00007ff8947c0ea9 / 0x0050ea9: 4d != aa
|
|---|
| 209 | 27b8.2508: 00007ff8947c0eaa / 0x0050eaa: 26 != 8f
|
|---|
| 210 | 27b8.2508: 00007ff8947c0eab / 0x0050eab: 97 != 98
|
|---|
| 211 | 27b8.2508: 00007ff8947c0eb8 / 0x0050eb8: 80 != e0
|
|---|
| 212 | 27b8.2508: 00007ff8947c0eb9 / 0x0050eb9: c0 != ad
|
|---|
| 213 | 27b8.2508: 00007ff8947c0eba / 0x0050eba: 22 != 8f
|
|---|
| 214 | 27b8.2508: 00007ff8947c0ebb / 0x0050ebb: 97 != 98
|
|---|
| 215 | 27b8.2508: Restored 0x2000 bytes of original file content at 00007ff8947bf000
|
|---|
| 216 | 27b8.2508: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=1
|
|---|
| 217 | 27b8.2508: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 218 | 27b8.2508: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 219 | 27b8.2508: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 220 | 27b8.2508: supR3HardNtEnableThreadCreationEx:
|
|---|
| 221 | 27b8.2508: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8997c4b00 pvNtTerminateThread=00007ff8997ed7c0
|
|---|
| 222 | 27b8.2508: supR3HardenedWinDoReSpawn(1): New child 1410.3804 [kernel32].
|
|---|
| 223 | 27b8.2508: supR3HardNtChildGatherData: PebBaseAddress=0000000000ce6000 cbPeb=0x388
|
|---|
| 224 | 27b8.2508: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff899750000 uNtDllChildAddr=00007ff899750000
|
|---|
| 225 | 27b8.2508: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8997c4b00
|
|---|
| 226 | 27b8.2508: supR3HardenedWinSetupChildInit: Initial context:
|
|---|
| 227 | rax=0000000000000000 rbx=0000000000000000 rcx=00007ff714ef7900 rdx=0000000000ce6000
|
|---|
| 228 | rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
|
|---|
| 229 | r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
|
|---|
| 230 | r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
|
|---|
| 231 | rip=00007ff8997a2630 rsp=0000000000efff18 rbp=0000000000000000 ctxflags=0010001b
|
|---|
| 232 | cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
|
|---|
| 233 | P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
|
|---|
| 234 | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
|
|---|
| 235 | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
|
|---|
| 236 | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
|
|---|
| 237 | 27b8.2508: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 238 | 27b8.2508: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 239 | 27b8.2508: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 17 sleeps
|
|---|
| 240 | 27b8.2508: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 241 | 27b8.2508: *0000000000000000-0000000000b7ffff 0x0001/0x0000 0x0000000
|
|---|
| 242 | 27b8.2508: *0000000000b80000-0000000000b9ffff 0x0004/0x0004 0x0020000
|
|---|
| 243 | 27b8.2508: *0000000000ba0000-0000000000bbcfff 0x0002/0x0002 0x0040000
|
|---|
| 244 | 27b8.2508: 0000000000bbd000-0000000000bbffff 0x0001/0x0000 0x0000000
|
|---|
| 245 | 27b8.2508: *0000000000bc0000-0000000000bc3fff 0x0002/0x0002 0x0040000
|
|---|
| 246 | 27b8.2508: 0000000000bc4000-0000000000bcffff 0x0001/0x0000 0x0000000
|
|---|
| 247 | 27b8.2508: *0000000000bd0000-0000000000bd1fff 0x0004/0x0004 0x0020000
|
|---|
| 248 | 27b8.2508: 0000000000bd2000-0000000000bfffff 0x0001/0x0000 0x0000000
|
|---|
| 249 | 27b8.2508: *0000000000c00000-0000000000ce5fff 0x0000/0x0004 0x0020000
|
|---|
| 250 | 27b8.2508: 0000000000ce6000-0000000000ce8fff 0x0004/0x0004 0x0020000
|
|---|
| 251 | 27b8.2508: 0000000000ce9000-0000000000dfffff 0x0000/0x0004 0x0020000
|
|---|
| 252 | 27b8.2508: *0000000000e00000-0000000000efafff 0x0000/0x0004 0x0020000
|
|---|
| 253 | 27b8.2508: 0000000000efb000-0000000000efdfff 0x0104/0x0004 0x0020000
|
|---|
| 254 | 27b8.2508: 0000000000efe000-0000000000efffff 0x0004/0x0004 0x0020000
|
|---|
| 255 | 27b8.2508: 0000000000f00000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 256 | 27b8.2508: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 257 | 27b8.2508: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000
|
|---|
| 258 | 27b8.2508: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000
|
|---|
| 259 | 27b8.2508: 000000007ffec000-00007ff54818ffff 0x0001/0x0000 0x0000000
|
|---|
| 260 | 27b8.2508: *00007ff548190000-00007ff548190fff 0x0002/0x0002 0x0040000
|
|---|
| 261 | 27b8.2508: 00007ff548191000-00007ff54819ffff 0x0001/0x0000 0x0000000
|
|---|
| 262 | 27b8.2508: *00007ff5481a0000-00007ff5481c2fff 0x0002/0x0002 0x0040000
|
|---|
| 263 | 27b8.2508: 00007ff5481c3000-00007ff714eeffff 0x0001/0x0000 0x0000000
|
|---|
| 264 | 27b8.2508: *00007ff714ef0000-00007ff714ef0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 265 | 27b8.2508: 00007ff714ef1000-00007ff714f67fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 266 | 27b8.2508: 00007ff714f68000-00007ff714f68fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 267 | 27b8.2508: 00007ff714f69000-00007ff714fb1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 268 | 27b8.2508: 00007ff714fb2000-00007ff714fb2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 269 | 27b8.2508: 00007ff714fb3000-00007ff714fb3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 270 | 27b8.2508: 00007ff714fb4000-00007ff714fb8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 271 | 27b8.2508: 00007ff714fb9000-00007ff714fb9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 272 | 27b8.2508: 00007ff714fba000-00007ff714fbafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 273 | 27b8.2508: 00007ff714fbb000-00007ff714fbefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 274 | 27b8.2508: 00007ff714fbf000-00007ff715007fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 275 | 27b8.2508: 00007ff715008000-00007ff89974ffff 0x0001/0x0000 0x0000000
|
|---|
| 276 | 27b8.2508: *00007ff899750000-00007ff899750fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 277 | 27b8.2508: 00007ff899751000-00007ff89986bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 278 | 27b8.2508: 00007ff89986c000-00007ff8998b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 279 | 27b8.2508: 00007ff8998b4000-00007ff8998bffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 280 | 27b8.2508: 00007ff8998c0000-00007ff8998cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 281 | 27b8.2508: 00007ff8998cf000-00007ff8998cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 282 | 27b8.2508: 00007ff8998d0000-00007ff8998d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 283 | 27b8.2508: 00007ff8998d3000-00007ff899944fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 284 | 27b8.2508: 00007ff899945000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 285 | 27b8.2508: supR3HardNtChildPurify: Done after 275 ms and 0 fixes (loop #0).
|
|---|
| 286 | 1410.3804: Log file opened: 6.1.32r149290 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6300
|
|---|
| 287 | 1410.3804: supR3HardenedVmProcessInit: uNtDllAddr=00007ff899750000 g_uNtVerCombined=0xa04a6300 (stack ~0000000000eff9a8)
|
|---|
| 288 | 1410.3804: ntdll.dll: timestamp 0xa280d1d6 (rc=VINF_SUCCESS)
|
|---|
| 289 | 1410.3804: New simple heap: #1 0000000001000000 LB 0x400000 (for 2052096 allocation)
|
|---|
| 290 | 27b8.2508: supR3HardNtEnableThreadCreationEx:
|
|---|
| 291 | 1410.3804: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
|
|---|
| 292 | 1410.3804: System32: \Device\HarddiskVolume2\Windows\System32
|
|---|
| 293 | 1410.3804: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
|
|---|
| 294 | 1410.3804: KnownDllPath: C:\Windows\System32
|
|---|
| 295 | 1410.3804: supR3HardenedVmProcessInit: Opening vboxdrv stub...
|
|---|
| 296 | 1410.3804: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
|
|---|
| 297 | 1410.3804: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
|
|---|
| 298 | 1410.3804: Registered Dll notification callback with NTDLL.
|
|---|
| 299 | 1410.3804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
|
|---|
| 300 | 1410.3804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 301 | 1410.3804: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 302 | 1410.3804: supR3HardenedDllNotificationCallback: load 00007ff897200000 LB 0x002c8000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
|
|---|
| 303 | 1410.3804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
|
|---|
| 304 | 1410.3804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 305 | 1410.3804: supR3HardenedDllNotificationCallback: load 00007ff8988e0000 LB 0x000be000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
|
|---|
| 306 | 1410.3804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 307 | 1410.3804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8988e0000 'C:\Windows\System32\KERNEL32.DLL'
|
|---|
| 308 | 1410.3804: supR3HardenedDllNotificationCallback: load 00007ff714ef0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
|
|---|
| 309 | 1410.3804: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 310 | 1410.3804: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 311 | 1410.3804: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 312 | 1410.3804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 313 | 1410.3804: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8997c4b00 pvNtTerminateThread=00007ff8997ed7c0
|
|---|
| 314 | 27b8.2508: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 118 ms.
|
|---|
| 315 | 1410.3804: \SystemRoot\System32\ntdll.dll:
|
|---|
| 316 | 1410.3804: CreationTime: 2021-10-27T05:58:34.802808600Z
|
|---|
| 317 | 1410.3804: LastWriteTime: 2021-10-27T05:58:34.896660900Z
|
|---|
| 318 | 1410.3804: ChangeTime: 2022-01-13T08:41:51.628835900Z
|
|---|
| 319 | 1410.3804: FileAttributes: 0x20
|
|---|
| 320 | 1410.3804: Size: 0x1ee520
|
|---|
| 321 | 1410.3804: NT Headers: 0xe8
|
|---|
| 322 | 1410.3804: Timestamp: 0xa280d1d6
|
|---|
| 323 | 1410.3804: Machine: 0x8664 - amd64
|
|---|
| 324 | 1410.3804: Timestamp: 0xa280d1d6
|
|---|
| 325 | 1410.3804: Image Version: 10.0
|
|---|
| 326 | 1410.3804: SizeOfImage: 0x1f5000 (2052096)
|
|---|
| 327 | 1410.3804: Resource Dir: 0x184000 LB 0x6fdc8
|
|---|
| 328 | 1410.3804: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 329 | 1410.3804: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 330 | 1410.3804: ProductName: Microsoft® Windows® Operating System
|
|---|
| 331 | 1410.3804: ProductVersion: 10.0.19041.1288
|
|---|
| 332 | 1410.3804: FileVersion: 10.0.19041.1288 (WinBuild.160101.0800)
|
|---|
| 333 | 1410.3804: FileDescription: NT Layer DLL
|
|---|
| 334 | 1410.3804: \SystemRoot\System32\kernel32.dll:
|
|---|
| 335 | 1410.3804: CreationTime: 2021-11-19T08:36:55.937767800Z
|
|---|
| 336 | 1410.3804: LastWriteTime: 2021-11-19T08:36:55.984755000Z
|
|---|
| 337 | 1410.3804: ChangeTime: 2022-01-13T08:41:50.925757700Z
|
|---|
| 338 | 1410.3804: FileAttributes: 0x20
|
|---|
| 339 | 1410.3804: Size: 0xbc058
|
|---|
| 340 | 1410.3804: NT Headers: 0xe8
|
|---|
| 341 | 1410.3804: Timestamp: 0x38b369c4
|
|---|
| 342 | 1410.3804: Machine: 0x8664 - amd64
|
|---|
| 343 | 1410.3804: Timestamp: 0x38b369c4
|
|---|
| 344 | 1410.3804: Image Version: 10.0
|
|---|
| 345 | 1410.3804: SizeOfImage: 0xbe000 (778240)
|
|---|
| 346 | 1410.3804: Resource Dir: 0xbc000 LB 0x520
|
|---|
| 347 | 1410.3804: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 348 | 1410.3804: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 349 | 1410.3804: ProductName: Microsoft® Windows® Operating System
|
|---|
| 350 | 1410.3804: ProductVersion: 10.0.19041.1348
|
|---|
| 351 | 1410.3804: FileVersion: 10.0.19041.1348 (WinBuild.160101.0800)
|
|---|
| 352 | 1410.3804: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 353 | 1410.3804: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 354 | 1410.3804: CreationTime: 2021-12-06T08:06:41.215811900Z
|
|---|
| 355 | 1410.3804: LastWriteTime: 2021-12-06T08:06:41.293931100Z
|
|---|
| 356 | 1410.3804: ChangeTime: 2022-01-13T08:41:51.644459900Z
|
|---|
| 357 | 1410.3804: FileAttributes: 0x20
|
|---|
| 358 | 1410.3804: Size: 0x2c9168
|
|---|
| 359 | 1410.3804: NT Headers: 0xf0
|
|---|
| 360 | 1410.3804: Timestamp: 0xb9a844a
|
|---|
| 361 | 1410.3804: Machine: 0x8664 - amd64
|
|---|
| 362 | 1410.3804: Timestamp: 0xb9a844a
|
|---|
| 363 | 1410.3804: Image Version: 10.0
|
|---|
| 364 | 1410.3804: SizeOfImage: 0x2c8000 (2916352)
|
|---|
| 365 | 1410.3804: Resource Dir: 0x29f000 LB 0x548
|
|---|
| 366 | 1410.3804: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 367 | 1410.3804: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 368 | 1410.3804: ProductName: Microsoft® Windows® Operating System
|
|---|
| 369 | 1410.3804: ProductVersion: 10.0.19041.1387
|
|---|
| 370 | 1410.3804: FileVersion: 10.0.19041.1387 (WinBuild.160101.0800)
|
|---|
| 371 | 1410.3804: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 372 | 1410.3804: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 373 | 1410.3804: CreationTime: 2019-12-07T09:08:13.518339400Z
|
|---|
| 374 | 1410.3804: LastWriteTime: 2019-12-07T09:08:13.518339400Z
|
|---|
| 375 | 1410.3804: ChangeTime: 2022-01-13T08:41:54.534953300Z
|
|---|
| 376 | 1410.3804: FileAttributes: 0x20
|
|---|
| 377 | 1410.3804: Size: 0x1f538
|
|---|
| 378 | 1410.3804: NT Headers: 0xd0
|
|---|
| 379 | 1410.3804: Timestamp: 0x31288ce0
|
|---|
| 380 | 1410.3804: Machine: 0x8664 - amd64
|
|---|
| 381 | 1410.3804: Timestamp: 0x31288ce0
|
|---|
| 382 | 1410.3804: Image Version: 10.0
|
|---|
| 383 | 1410.3804: SizeOfImage: 0x20000 (131072)
|
|---|
| 384 | 1410.3804: Resource Dir: 0x1f000 LB 0x408
|
|---|
| 385 | 1410.3804: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 386 | 1410.3804: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 387 | 1410.3804: ProductName: Microsoft® Windows® Operating System
|
|---|
| 388 | 1410.3804: ProductVersion: 10.0.19041.1
|
|---|
| 389 | 1410.3804: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
|
|---|
| 390 | 1410.3804: FileDescription: ApiSet Schema DLL
|
|---|
| 391 | 1410.3804: supR3HardenedWinFindAdversaries: 0x0
|
|---|
| 392 | 1410.3804: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
|
|---|
| 393 | 1410.3804: Calling main()
|
|---|
| 394 | 1410.3804: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
|
|---|
| 395 | 1410.3804: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
|
|---|
| 396 | 1410.3804: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 397 | 1410.3804: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 398 | 1410.3804: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 399 | 1410.3804: SUPR3HardenedMain: Respawn #2
|
|---|
| 400 | 1410.3804: supR3HardNtEnableThreadCreationEx:
|
|---|
| 401 | 1410.3804: supR3HardenedDllNotificationCallback: load 00007ff898750000 LB 0x0012a000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
|
|---|
| 402 | 1410.3804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
|
|---|
| 403 | 1410.3804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
|
|---|
| 404 | 1410.3804: supR3HardenedDllNotificationCallback: load 00007ff898110000 LB 0x0009b000 C:\Windows\System32\sechost.dll [fFlags=0x0]
|
|---|
| 405 | 1410.3804: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
|
|---|
| 406 | 1410.3804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
|
|---|
| 407 | 1410.3804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
|
|---|
| 408 | 1410.3804: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
|
|---|
| 409 | 1410.3804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
|
|---|
| 410 | 1410.3804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 411 | 1410.3804: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 412 | 1410.3804: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 413 | 1410.3804: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 414 | 1410.3804: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 415 | 1410.3804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff899750000 'C:\Windows\System32\ntdll.dll'
|
|---|
| 416 | 1410.3804: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
|
|---|
| 417 | 1410.3804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
|
|---|
| 418 | 1410.3804: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
|
|---|
| 419 | 1410.3804: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
|
|---|
| 420 | 1410.3804: supR3HardenedDllNotificationCallback: load 00007ff894770000 LB 0x00090000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
|
|---|
| 421 | 1410.3804: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
|
|---|
| 422 | 1410.3804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdll.dll [lacks WinVerifyTrust]
|
|---|
| 423 | 1410.3804: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 424 | 1410.3804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff899750000 'C:\Windows\System32\ntdll.dll'
|
|---|
| 425 | 1410.3804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff894770000 'C:\Windows\system32\apphelp.dll'
|
|---|
| 426 | 1410.3804: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8997c4b00 pvNtTerminateThread=00007ff8997ed7c0
|
|---|
| 427 | 1410.3804: supR3HardenedWinDoReSpawn(2): New child c54.139c [kernel32].
|
|---|
| 428 | 1410.3804: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
|
|---|
| 429 | 1410.3804: supR3HardNtChildGatherData: PebBaseAddress=0000000000e99000 cbPeb=0x388
|
|---|
| 430 | 1410.3804: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff899750000 uNtDllChildAddr=00007ff899750000
|
|---|
| 431 | 1410.3804: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8997c4b00
|
|---|
| 432 | 1410.3804: supR3HardenedWinSetupChildInit: Initial context:
|
|---|
| 433 | rax=0000000000000000 rbx=0000000000000000 rcx=00007ff714ef7900 rdx=0000000000e99000
|
|---|
| 434 | rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
|
|---|
| 435 | r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
|
|---|
| 436 | r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
|
|---|
| 437 | rip=00007ff8997a2630 rsp=0000000000d5fa88 rbp=0000000000000000 ctxflags=0010001b
|
|---|
| 438 | cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
|
|---|
| 439 | P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
|
|---|
| 440 | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
|
|---|
| 441 | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
|
|---|
| 442 | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
|
|---|
| 443 | 1410.3804: kernel32.dll: timestamp 0x38b369c4 (rc=VINF_SUCCESS)
|
|---|
| 444 | 1410.3804: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 445 | 1410.3804: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
|
|---|
| 446 | 1410.3804: supR3HardNtChildPurify: Startup delay kludge #1/0: 261 ms, 17 sleeps
|
|---|
| 447 | 1410.3804: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 448 | 1410.3804: *0000000000000000-0000000000c1ffff 0x0001/0x0000 0x0000000
|
|---|
| 449 | 1410.3804: *0000000000c20000-0000000000c3ffff 0x0004/0x0004 0x0020000
|
|---|
| 450 | 1410.3804: *0000000000c40000-0000000000c5cfff 0x0002/0x0002 0x0040000
|
|---|
| 451 | 1410.3804: 0000000000c5d000-0000000000c5ffff 0x0001/0x0000 0x0000000
|
|---|
| 452 | 1410.3804: *0000000000c60000-0000000000d5afff 0x0000/0x0004 0x0020000
|
|---|
| 453 | 1410.3804: 0000000000d5b000-0000000000d5dfff 0x0104/0x0004 0x0020000
|
|---|
| 454 | 1410.3804: 0000000000d5e000-0000000000d5ffff 0x0004/0x0004 0x0020000
|
|---|
| 455 | 1410.3804: *0000000000d60000-0000000000d63fff 0x0002/0x0002 0x0040000
|
|---|
| 456 | 1410.3804: 0000000000d64000-0000000000d6ffff 0x0001/0x0000 0x0000000
|
|---|
| 457 | 1410.3804: *0000000000d70000-0000000000d71fff 0x0004/0x0004 0x0020000
|
|---|
| 458 | 1410.3804: 0000000000d72000-0000000000dfffff 0x0001/0x0000 0x0000000
|
|---|
| 459 | 1410.3804: *0000000000e00000-0000000000e98fff 0x0000/0x0004 0x0020000
|
|---|
| 460 | 1410.3804: 0000000000e99000-0000000000e9bfff 0x0004/0x0004 0x0020000
|
|---|
| 461 | 1410.3804: 0000000000e9c000-0000000000ffffff 0x0000/0x0004 0x0020000
|
|---|
| 462 | 1410.3804: 0000000001000000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 463 | 1410.3804: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 464 | 1410.3804: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000
|
|---|
| 465 | 1410.3804: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000
|
|---|
| 466 | 1410.3804: 000000007ffec000-00007ff50ab8ffff 0x0001/0x0000 0x0000000
|
|---|
| 467 | 1410.3804: *00007ff50ab90000-00007ff50ab90fff 0x0002/0x0002 0x0040000
|
|---|
| 468 | 1410.3804: 00007ff50ab91000-00007ff50ab9ffff 0x0001/0x0000 0x0000000
|
|---|
| 469 | 1410.3804: *00007ff50aba0000-00007ff50abc2fff 0x0002/0x0002 0x0040000
|
|---|
| 470 | 1410.3804: 00007ff50abc3000-00007ff714eeffff 0x0001/0x0000 0x0000000
|
|---|
| 471 | 1410.3804: *00007ff714ef0000-00007ff714ef0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 472 | 1410.3804: 00007ff714ef1000-00007ff714f67fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 473 | 1410.3804: 00007ff714f68000-00007ff714f68fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 474 | 1410.3804: 00007ff714f69000-00007ff714fb1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 475 | 1410.3804: 00007ff714fb2000-00007ff714fb2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 476 | 1410.3804: 00007ff714fb3000-00007ff714fb3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 477 | 1410.3804: 00007ff714fb4000-00007ff714fb8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 478 | 1410.3804: 00007ff714fb9000-00007ff714fb9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 479 | 1410.3804: 00007ff714fba000-00007ff714fbafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 480 | 1410.3804: 00007ff714fbb000-00007ff714fbefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 481 | 1410.3804: 00007ff714fbf000-00007ff715007fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 482 | 1410.3804: 00007ff715008000-00007ff89974ffff 0x0001/0x0000 0x0000000
|
|---|
| 483 | 1410.3804: *00007ff899750000-00007ff899750fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 484 | 1410.3804: 00007ff899751000-00007ff89986bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 485 | 1410.3804: 00007ff89986c000-00007ff8998b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 486 | 1410.3804: 00007ff8998b4000-00007ff8998bffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 487 | 1410.3804: 00007ff8998c0000-00007ff8998cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 488 | 1410.3804: 00007ff8998cf000-00007ff8998cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 489 | 1410.3804: 00007ff8998d0000-00007ff8998d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 490 | 1410.3804: 00007ff8998d3000-00007ff899944fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 491 | 1410.3804: 00007ff899945000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 492 | 1410.3804: VirtualBoxVM.exe: timestamp 0x61e55350 (rc=VINF_SUCCESS)
|
|---|
| 493 | 1410.3804: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 494 | 1410.3804: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 495 | 1410.3804: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
|
|---|
| 496 | 1410.3804: supR3HardNtChildPurify: Done after 336 ms and 0 fixes (loop #0).
|
|---|
| 497 | c54.139c: Log file opened: 6.1.32r149290 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6300
|
|---|
| 498 | c54.139c: supR3HardenedVmProcessInit: uNtDllAddr=00007ff899750000 g_uNtVerCombined=0xa04a6300 (stack ~0000000000d5f518)
|
|---|
| 499 | c54.139c: ntdll.dll: timestamp 0xa280d1d6 (rc=VINF_SUCCESS)
|
|---|
| 500 | c54.139c: New simple heap: #1 0000000001100000 LB 0x400000 (for 2052096 allocation)
|
|---|
| 501 | 1410.3804: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001000000 LB 0x400000)
|
|---|
| 502 | 1410.3804: supR3HardNtEnableThreadCreationEx:
|
|---|
| 503 | c54.139c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
|
|---|
| 504 | c54.139c: System32: \Device\HarddiskVolume2\Windows\System32
|
|---|
| 505 | c54.139c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
|
|---|
| 506 | c54.139c: KnownDllPath: C:\Windows\System32
|
|---|
| 507 | c54.139c: supR3HardenedVmProcessInit: Opening vboxdrv...
|
|---|
| 508 | c54.139c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
|
|---|
| 509 | c54.139c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
|
|---|
| 510 | c54.139c: Registered Dll notification callback with NTDLL.
|
|---|
| 511 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
|
|---|
| 512 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 513 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 514 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff897200000 LB 0x002c8000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
|
|---|
| 515 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
|
|---|
| 516 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 517 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff8988e0000 LB 0x000be000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
|
|---|
| 518 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 519 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8988e0000 'C:\Windows\System32\KERNEL32.DLL'
|
|---|
| 520 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff714ef0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
|
|---|
| 521 | c54.139c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 522 | c54.139c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 523 | c54.139c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 524 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 525 | c54.139c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8997c4b00 pvNtTerminateThread=00007ff8997ed7c0
|
|---|
| 526 | 1410.3804: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 93 ms.
|
|---|
| 527 | c54.139c: \SystemRoot\System32\ntdll.dll:
|
|---|
| 528 | c54.139c: CreationTime: 2021-10-27T05:58:34.802808600Z
|
|---|
| 529 | c54.139c: LastWriteTime: 2021-10-27T05:58:34.896660900Z
|
|---|
| 530 | c54.139c: ChangeTime: 2022-01-13T08:41:51.628835900Z
|
|---|
| 531 | c54.139c: FileAttributes: 0x20
|
|---|
| 532 | c54.139c: Size: 0x1ee520
|
|---|
| 533 | c54.139c: NT Headers: 0xe8
|
|---|
| 534 | c54.139c: Timestamp: 0xa280d1d6
|
|---|
| 535 | c54.139c: Machine: 0x8664 - amd64
|
|---|
| 536 | c54.139c: Timestamp: 0xa280d1d6
|
|---|
| 537 | c54.139c: Image Version: 10.0
|
|---|
| 538 | c54.139c: SizeOfImage: 0x1f5000 (2052096)
|
|---|
| 539 | c54.139c: Resource Dir: 0x184000 LB 0x6fdc8
|
|---|
| 540 | c54.139c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 541 | c54.139c: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 542 | c54.139c: ProductName: Microsoft® Windows® Operating System
|
|---|
| 543 | c54.139c: ProductVersion: 10.0.19041.1288
|
|---|
| 544 | c54.139c: FileVersion: 10.0.19041.1288 (WinBuild.160101.0800)
|
|---|
| 545 | c54.139c: FileDescription: NT Layer DLL
|
|---|
| 546 | c54.139c: \SystemRoot\System32\kernel32.dll:
|
|---|
| 547 | c54.139c: CreationTime: 2021-11-19T08:36:55.937767800Z
|
|---|
| 548 | c54.139c: LastWriteTime: 2021-11-19T08:36:55.984755000Z
|
|---|
| 549 | c54.139c: ChangeTime: 2022-01-13T08:41:50.925757700Z
|
|---|
| 550 | c54.139c: FileAttributes: 0x20
|
|---|
| 551 | c54.139c: Size: 0xbc058
|
|---|
| 552 | c54.139c: NT Headers: 0xe8
|
|---|
| 553 | c54.139c: Timestamp: 0x38b369c4
|
|---|
| 554 | c54.139c: Machine: 0x8664 - amd64
|
|---|
| 555 | c54.139c: Timestamp: 0x38b369c4
|
|---|
| 556 | c54.139c: Image Version: 10.0
|
|---|
| 557 | c54.139c: SizeOfImage: 0xbe000 (778240)
|
|---|
| 558 | c54.139c: Resource Dir: 0xbc000 LB 0x520
|
|---|
| 559 | c54.139c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 560 | c54.139c: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 561 | c54.139c: ProductName: Microsoft® Windows® Operating System
|
|---|
| 562 | c54.139c: ProductVersion: 10.0.19041.1348
|
|---|
| 563 | c54.139c: FileVersion: 10.0.19041.1348 (WinBuild.160101.0800)
|
|---|
| 564 | c54.139c: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 565 | c54.139c: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 566 | c54.139c: CreationTime: 2021-12-06T08:06:41.215811900Z
|
|---|
| 567 | c54.139c: LastWriteTime: 2021-12-06T08:06:41.293931100Z
|
|---|
| 568 | c54.139c: ChangeTime: 2022-01-13T08:41:51.644459900Z
|
|---|
| 569 | c54.139c: FileAttributes: 0x20
|
|---|
| 570 | c54.139c: Size: 0x2c9168
|
|---|
| 571 | c54.139c: NT Headers: 0xf0
|
|---|
| 572 | c54.139c: Timestamp: 0xb9a844a
|
|---|
| 573 | c54.139c: Machine: 0x8664 - amd64
|
|---|
| 574 | c54.139c: Timestamp: 0xb9a844a
|
|---|
| 575 | c54.139c: Image Version: 10.0
|
|---|
| 576 | c54.139c: SizeOfImage: 0x2c8000 (2916352)
|
|---|
| 577 | c54.139c: Resource Dir: 0x29f000 LB 0x548
|
|---|
| 578 | c54.139c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 579 | c54.139c: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 580 | c54.139c: ProductName: Microsoft® Windows® Operating System
|
|---|
| 581 | c54.139c: ProductVersion: 10.0.19041.1387
|
|---|
| 582 | c54.139c: FileVersion: 10.0.19041.1387 (WinBuild.160101.0800)
|
|---|
| 583 | c54.139c: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 584 | c54.139c: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 585 | c54.139c: CreationTime: 2019-12-07T09:08:13.518339400Z
|
|---|
| 586 | c54.139c: LastWriteTime: 2019-12-07T09:08:13.518339400Z
|
|---|
| 587 | c54.139c: ChangeTime: 2022-01-13T08:41:54.534953300Z
|
|---|
| 588 | c54.139c: FileAttributes: 0x20
|
|---|
| 589 | c54.139c: Size: 0x1f538
|
|---|
| 590 | c54.139c: NT Headers: 0xd0
|
|---|
| 591 | c54.139c: Timestamp: 0x31288ce0
|
|---|
| 592 | c54.139c: Machine: 0x8664 - amd64
|
|---|
| 593 | c54.139c: Timestamp: 0x31288ce0
|
|---|
| 594 | c54.139c: Image Version: 10.0
|
|---|
| 595 | c54.139c: SizeOfImage: 0x20000 (131072)
|
|---|
| 596 | c54.139c: Resource Dir: 0x1f000 LB 0x408
|
|---|
| 597 | c54.139c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 598 | c54.139c: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 599 | c54.139c: ProductName: Microsoft® Windows® Operating System
|
|---|
| 600 | c54.139c: ProductVersion: 10.0.19041.1
|
|---|
| 601 | c54.139c: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
|
|---|
| 602 | c54.139c: FileDescription: ApiSet Schema DLL
|
|---|
| 603 | c54.139c: supR3HardenedWinFindAdversaries: 0x0
|
|---|
| 604 | c54.139c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
|
|---|
| 605 | c54.139c: Calling main()
|
|---|
| 606 | c54.139c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
|
|---|
| 607 | c54.139c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
|
|---|
| 608 | c54.139c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
|
|---|
| 609 | c54.139c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 610 | c54.139c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 611 | c54.139c: SUPR3HardenedMain: Final process, opening VBoxDrv...
|
|---|
| 612 | c54.139c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001100000 LB 0x400000)
|
|---|
| 613 | c54.139c: supR3HardNtEnableThreadCreationEx:
|
|---|
| 614 | c54.139c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
|
|---|
| 615 | c54.139c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
|
|---|
| 616 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
|
|---|
| 617 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 618 | c54.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 619 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff8946a0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
|
|---|
| 620 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 621 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 622 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 623 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8946a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 624 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 625 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 626 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8946a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 627 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8946a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 628 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 629 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
|
|---|
| 630 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
|
|---|
| 631 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
|
|---|
| 632 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 633 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 634 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
|
|---|
| 635 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
|
|---|
| 636 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 637 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 638 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
|
|---|
| 639 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 640 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 641 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff8983b0000 LB 0x0009e000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
|
|---|
| 642 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 643 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff898750000 LB 0x0012a000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
|
|---|
| 644 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 645 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff897100000 LB 0x00060000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
|
|---|
| 646 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 647 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff897500000 LB 0x00100000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
|
|---|
| 648 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
|
|---|
| 649 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
|
|---|
| 650 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff897630000 LB 0x00156000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
|
|---|
| 651 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
|
|---|
| 652 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
|
|---|
| 653 | c54.139c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 654 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 655 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897200000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 656 | c54.139c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 657 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 658 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897200000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 659 | c54.139c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 660 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 661 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897200000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 662 | c54.139c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 663 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 664 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897200000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 665 | c54.139c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
|
|---|
| 666 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 667 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897200000 'api-ms-win-core-localization-l1-2-1'
|
|---|
| 668 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
|
|---|
| 669 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
|
|---|
| 670 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff896970000 LB 0x00012000 C:\Windows\SYSTEM32\MSASN1.dll [fFlags=0x0]
|
|---|
| 671 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
|
|---|
| 672 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897100000 'C:\Windows\system32\Wintrust.dll'
|
|---|
| 673 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
|
|---|
| 674 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
|
|---|
| 675 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 676 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff8974d0000 LB 0x00027000 C:\Windows\System32\bcrypt.dll [fFlags=0x0]
|
|---|
| 677 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 678 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8974d0000 'C:\Windows\system32\bcrypt.dll'
|
|---|
| 679 | c54.139c: bcrypt.dll loaded at 00007ff8974d0000, BCryptOpenAlgorithmProvider at 00007ff8974d51e0, preloading providers:
|
|---|
| 680 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
|
|---|
| 681 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
|
|---|
| 682 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 683 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff896f10000 LB 0x00083000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0]
|
|---|
| 684 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
|
|---|
| 685 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff896f10000 'C:\Windows\system32\bcryptprimitives.dll'
|
|---|
| 686 | c54.139c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000153f7b0)
|
|---|
| 687 | c54.139c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000001540520)
|
|---|
| 688 | c54.139c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000001540840)
|
|---|
| 689 | c54.139c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000001540b60)
|
|---|
| 690 | c54.139c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001540e80)
|
|---|
| 691 | c54.139c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000015411a0)
|
|---|
| 692 | c54.139c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000015414c0)
|
|---|
| 693 | c54.139c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000015417e0)
|
|---|
| 694 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
|
|---|
| 695 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
|
|---|
| 696 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff896730000 LB 0x00018000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
|
|---|
| 697 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
|
|---|
| 698 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
|
|---|
| 699 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
|
|---|
| 700 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
|
|---|
| 701 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 702 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 703 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 704 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 705 | c54.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 706 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff895ec0000 LB 0x00034000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
|
|---|
| 707 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 708 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 709 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
|
|---|
| 710 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
|
|---|
| 711 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff896750000 LB 0x0000c000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
|
|---|
| 712 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
|
|---|
| 713 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 714 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 715 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8988e0000 'C:\Windows\System32\kernel32.dll'
|
|---|
| 716 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 717 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 718 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897100000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 719 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 720 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 721 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\CRYPT32.dll'
|
|---|
| 722 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff8984f0000 LB 0x0001d000 C:\Windows\System32\imagehlp.dll [fFlags=0x0]
|
|---|
| 723 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
|
|---|
| 724 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
|
|---|
| 725 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 726 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 727 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 728 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff898110000 LB 0x0009b000 C:\Windows\System32\sechost.dll [fFlags=0x0]
|
|---|
| 729 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
|
|---|
| 730 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
|
|---|
| 731 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
|
|---|
| 732 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 733 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
|
|---|
| 734 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
|
|---|
| 735 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
|
|---|
| 736 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff895720000 LB 0x00023000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
|
|---|
| 737 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
|
|---|
| 738 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
|
|---|
| 739 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
|
|---|
| 740 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff896da0000 LB 0x0001f000 C:\Windows\SYSTEM32\profapi.dll [fFlags=0x0]
|
|---|
| 741 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
|
|---|
| 742 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 743 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
|
|---|
| 744 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
|
|---|
| 745 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
|
|---|
| 746 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
|
|---|
| 747 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 748 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 749 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 750 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 751 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 752 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 753 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 754 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 755 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 756 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 757 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 758 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 759 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 760 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 761 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 762 | c54.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 763 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff87dbf0000 LB 0x00031000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
|
|---|
| 764 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 765 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 766 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 767 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87dbf0000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 768 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 769 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 770 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87dbf0000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 771 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 772 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 773 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87dbf0000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 774 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 775 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 776 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87dbf0000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 777 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 778 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 779 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87dbf0000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 780 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 781 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 782 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87dbf0000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 783 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 784 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87dbf0000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 785 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 786 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87dbf0000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 787 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 788 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87dbf0000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 789 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 790 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87dbf0000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 791 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 792 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87dbf0000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 793 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87dbf0000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 794 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 795 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87dbf0000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 796 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff899660000 LB 0x000ac000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
|
|---|
| 797 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 798 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
|
|---|
| 799 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
|
|---|
| 800 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
|
|---|
| 801 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 802 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 803 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 804 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 805 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 806 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
|
|---|
| 807 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
|
|---|
| 808 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
|
|---|
| 809 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 810 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 811 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 812 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 813 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 814 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 815 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 816 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 817 | c54.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
|
|---|
| 818 | c54.139c: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000156e570
|
|---|
| 819 | c54.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000156e570
|
|---|
| 820 | c54.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CF5EACF36F78DD76A9C15BF564DC1094C86C4B18
|
|---|
| 821 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 822 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 823 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff898750000 'C:\Windows\System32\rpcrt4.dll'
|
|---|
| 824 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 825 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 826 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 827 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 828 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 829 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 830 | c54.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1387.cat'; file='\SystemRoot\System32\ntdll.dll'
|
|---|
| 831 | c54.139c: g_pfnWinVerifyTrust=00007ff897101da0
|
|---|
| 832 | c54.139c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
|
|---|
| 833 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 834 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 835 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 836 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 837 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 838 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 839 | c54.139c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
|
|---|
| 840 | c54.139c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
|
|---|
| 841 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 842 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 843 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 844 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
|
|---|
| 845 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 846 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 847 | c54.139c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
|
|---|
| 848 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 849 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 850 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 851 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
|
|---|
| 852 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 853 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 854 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
|
|---|
| 855 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 856 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 857 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 858 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
|
|---|
| 859 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 860 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 861 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 862 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
|
|---|
| 863 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 864 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 865 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 866 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
|
|---|
| 867 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 868 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 869 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 870 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
|
|---|
| 871 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 872 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 873 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 874 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
|
|---|
| 875 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 876 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 877 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 878 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
|
|---|
| 879 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 880 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 881 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 882 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
|
|---|
| 883 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
|
|---|
| 884 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 885 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 886 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
|
|---|
| 887 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 888 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 889 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
|
|---|
| 890 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 891 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 892 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
|
|---|
| 893 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 894 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 895 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
|
|---|
| 896 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 897 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 898 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
|
|---|
| 899 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 900 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 901 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
|
|---|
| 902 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 903 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 904 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 905 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 906 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 907 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
|
|---|
| 908 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 909 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
|
|---|
| 910 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 911 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
|
|---|
| 912 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 913 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 914 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
|
|---|
| 915 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 916 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 917 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
|
|---|
| 918 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\system32\crypt32.dll'
|
|---|
| 919 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
|
|---|
| 920 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
|
|---|
| 921 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x4f20e11515efc550 CN=DESKTOP-K144FGM
|
|---|
| 922 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
|
|---|
| 923 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
|
|---|
| 924 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
|
|---|
| 925 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
|
|---|
| 926 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
|
|---|
| 927 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
|
|---|
| 928 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
|
|---|
| 929 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
|
|---|
| 930 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
|
|---|
| 931 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
|
|---|
| 932 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
|
|---|
| 933 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
|
|---|
| 934 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
|
|---|
| 935 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
|
|---|
| 936 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
|
|---|
| 937 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
|
|---|
| 938 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
|
|---|
| 939 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
|
|---|
| 940 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
|
|---|
| 941 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
|
|---|
| 942 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
|
|---|
| 943 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
|
|---|
| 944 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
|
|---|
| 945 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
|
|---|
| 946 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
|
|---|
| 947 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
|
|---|
| 948 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
|
|---|
| 949 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
|
|---|
| 950 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
|
|---|
| 951 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
|
|---|
| 952 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
|
|---|
| 953 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
|
|---|
| 954 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
|
|---|
| 955 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
|
|---|
| 956 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
|
|---|
| 957 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
|
|---|
| 958 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
|
|---|
| 959 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
|
|---|
| 960 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
|
|---|
| 961 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
|
|---|
| 962 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
|
|---|
| 963 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
|
|---|
| 964 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
|
|---|
| 965 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
|
|---|
| 966 | c54.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
|
|---|
| 967 | c54.139c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=48
|
|---|
| 968 | c54.139c: SUPR3HardenedMain: Load Runtime...
|
|---|
| 969 | c54.139c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
|
|---|
| 970 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 971 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 972 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 973 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 974 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 975 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
|
|---|
| 976 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 977 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 978 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 979 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 980 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 981 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
|
|---|
| 982 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
|
|---|
| 983 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 984 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 985 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 986 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
|
|---|
| 987 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 988 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 989 | c54.139c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
|
|---|
| 990 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 991 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 992 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
|
|---|
| 993 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 994 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 995 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
|
|---|
| 996 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 997 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 998 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 999 | c54.139c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
|
|---|
| 1000 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1001 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1002 | c54.139c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
|
|---|
| 1003 | c54.139c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1004 | c54.139c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
|
|---|
| 1005 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1006 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1007 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
|
|---|
| 1008 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
|
|---|
| 1009 | c54.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1010 | c54.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
|
|---|
| 1011 | c54.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1012 | c54.139c: supR3HardenedDllNotificationCallback: load 000000005e150000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
|
|---|
| 1013 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
|
|---|
| 1014 | c54.139c: supR3HardenedDllNotificationCallback: load 000000005d5d0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
|
|---|
| 1015 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1016 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff8981b0000 LB 0x0006b000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
|
|---|
| 1017 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 1018 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff8569c0000 LB 0x005eb000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
|
|---|
| 1019 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1020 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1021 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1022 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1023 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1024 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1025 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1026 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1027 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1028 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1029 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1030 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1031 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1032 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1033 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1034 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1035 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1036 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1037 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1038 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1039 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1040 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1041 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1042 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1043 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1044 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1045 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1046 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1047 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1048 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1049 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1050 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1051 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1052 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1053 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1054 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1055 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1056 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1057 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1058 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1059 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1060 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1061 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1062 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1063 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1064 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1065 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1066 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1067 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1068 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1069 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1070 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1071 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1072 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1073 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1074 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1075 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1076 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1077 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1078 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1079 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1080 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1081 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1082 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1083 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1084 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1085 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1086 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1087 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1088 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1089 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1090 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1091 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1092 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1093 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1094 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1095 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1096 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1097 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1098 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1099 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1100 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1101 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1102 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1103 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1104 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1105 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1106 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1107 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1108 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1109 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1110 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1111 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1112 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1113 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1114 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1115 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1116 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1117 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1118 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1119 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1120 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1121 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1122 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1123 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1124 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1125 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1126 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1127 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1128 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1129 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1130 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1131 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1132 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1133 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1134 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1135 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1136 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1137 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1138 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1139 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1140 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1141 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1142 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1143 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1144 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1145 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1146 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1147 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1148 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1149 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1150 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1151 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1152 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1153 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1154 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1155 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1156 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1157 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1158 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1159 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1160 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1161 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1162 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1163 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1164 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1165 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1166 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1167 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1168 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1169 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1170 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1171 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1172 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1173 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1174 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1175 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1176 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1177 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1178 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1179 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1180 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1181 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1182 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1183 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1184 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1185 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1186 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1187 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1188 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1189 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1190 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1191 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1192 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1193 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1194 | c54.139c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 1195 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 1196 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8569c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1197 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1198 | c54.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
|
|---|
| 1199 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
|
|---|
| 1200 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1201 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897100000 'C:\Windows\system32\Wintrust.dll'
|
|---|
| 1202 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
|
|---|
| 1203 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1204 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1205 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1206 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1207 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1208 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\system32\crypt32.dll'
|
|---|
| 1209 | c54.139c: SUPR3HardenedMain: Load TrustedMain...
|
|---|
| 1210 | c54.139c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
|
|---|
| 1211 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1212 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
|
|---|
| 1213 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
|
|---|
| 1214 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 1215 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
|
|---|
| 1216 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
|
|---|
| 1217 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
|
|---|
| 1218 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
|
|---|
| 1219 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
|
|---|
| 1220 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
|
|---|
| 1221 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
|
|---|
| 1222 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
|
|---|
| 1223 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
|
|---|
| 1224 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
|
|---|
| 1225 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
|
|---|
| 1226 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
|
|---|
| 1227 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 1228 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1229 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1230 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1231 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
|
|---|
| 1232 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
|
|---|
| 1233 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
|
|---|
| 1234 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1235 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1236 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1237 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1238 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 1239 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1240 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1241 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 1242 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
|
|---|
| 1243 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
|
|---|
| 1244 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
|
|---|
| 1245 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
|
|---|
| 1246 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1247 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1248 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1249 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1250 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
|
|---|
| 1251 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1252 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1253 | c54.139c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
|
|---|
| 1254 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 1255 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
|
|---|
| 1256 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
|
|---|
| 1257 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 1258 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1259 | c54.139c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
|
|---|
| 1260 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
|
|---|
| 1261 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
|
|---|
| 1262 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1263 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1264 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1265 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
|
|---|
| 1266 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1267 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1268 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
|
|---|
| 1269 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
|
|---|
| 1270 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
|
|---|
| 1271 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
|
|---|
| 1272 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
|
|---|
| 1273 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 1274 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1275 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1276 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1277 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1278 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
|
|---|
| 1279 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1280 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1281 | c54.139c: Detected WinVerifyTrust recursion: rc=Unknown Status -22929 (0xffffa66f) '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
|
|---|
| 1282 | c54.139c: supHardenedWinVerifyImageByHandle: -> -22929 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
|
|---|
| 1283 | c54.139c: Error (rc=0):
|
|---|
| 1284 | c54.139c: supR3HardenedScreenImage/Imports: rc=Unknown Status -22929 (0xffffa66f) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Windows\System32\user32.dll: Full image signature #1 mismatch: 10 95 cb 6b 0f 1d 4f be 75 8b d7 ec 1f 4e db 10 6a db 64 2c ec 8e ae cc 84 a1 d6 21 74 2b 18 b8, expected 23 22 85 c1 66 6e c1 b2 bb e8 ed c9 41 0b 36 d7 99 ca ce 0b 5d 73 1e 73 05 62 3c 89 42 e1 0f c9: \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1285 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1286 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1287 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1288 | c54.139c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
|
|---|
| 1289 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'win32u.dll'.
|
|---|
| 1290 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
|
|---|
| 1291 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 1292 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1293 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1294 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1295 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1296 | c54.139c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
|
|---|
| 1297 | c54.139c: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
|
|---|
| 1298 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
|
|---|
| 1299 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
|
|---|
| 1300 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1301 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1302 | c54.139c: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80096010 (TRUST_E_BAD_DIGEST) on '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1303 | c54.139c: supHardenedWinVerifyImageByHandle: -> -22929 (\Device\HarddiskVolume2\Windows\System32\user32.dll) WinVerifyTrust
|
|---|
| 1304 | c54.139c: Error (rc=0):
|
|---|
| 1305 | c54.139c: supR3HardenedScreenImage/Imports: rc=Unknown Status -22929 (0xffffa66f) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Windows\System32\user32.dll: WinVerifyTrust failed with hrc=TRUST_E_BAD_DIGEST on '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1306 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
|
|---|
| 1307 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1308 | c54.139c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
|
|---|
| 1309 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1310 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
|
|---|
| 1311 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
|
|---|
| 1312 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
|
|---|
| 1313 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
|
|---|
| 1314 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
|
|---|
| 1315 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1316 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1317 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1318 | c54.139c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
|
|---|
| 1319 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1320 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1321 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1322 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1323 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1324 | c54.139c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
|
|---|
| 1325 | c54.139c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
|
|---|
| 1326 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1327 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
|
|---|
| 1328 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
|
|---|
| 1329 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 1330 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 1331 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
|
|---|
| 1332 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
|
|---|
| 1333 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
|
|---|
| 1334 | c54.139c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
|
|---|
| 1335 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1336 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1337 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1338 | c54.139c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
|
|---|
| 1339 | c54.139c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
|
|---|
| 1340 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
|
|---|
| 1341 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
|
|---|
| 1342 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
|
|---|
| 1343 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1344 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
|
|---|
| 1345 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1346 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1347 | c54.139c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
|
|---|
| 1348 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1349 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1350 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1351 | c54.139c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
|
|---|
| 1352 | c54.139c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 1353 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 1354 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1355 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
|
|---|
| 1356 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
|
|---|
| 1357 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
|
|---|
| 1358 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1359 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1360 | c54.139c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
|
|---|
| 1361 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
|
|---|
| 1362 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1363 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1364 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1365 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1366 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1367 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1368 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1369 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1370 | c54.139c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
|
|---|
| 1371 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 1372 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
|
|---|
| 1373 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
|
|---|
| 1374 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
|
|---|
| 1375 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
|
|---|
| 1376 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1377 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1378 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1379 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1380 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1381 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1382 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1383 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1384 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22929 (0xffffa66f)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1385 | c54.139c: Error (rc=0):
|
|---|
| 1386 | c54.139c: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22929 (0xffffa66f) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1387 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1388 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1389 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1390 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1391 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1392 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1393 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1394 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1395 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1396 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1397 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1398 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1399 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1400 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1401 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22929 (0xffffa66f)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1402 | c54.139c: Error (rc=0):
|
|---|
| 1403 | c54.139c: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22929 (0xffffa66f) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1404 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1405 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1406 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1407 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1408 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1409 | c54.139c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
|
|---|
| 1410 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1411 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
|
|---|
| 1412 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1413 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
|
|---|
| 1414 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'.
|
|---|
| 1415 | c54.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
|
|---|
| 1416 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
|
|---|
| 1417 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1418 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1419 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 1420 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1421 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1422 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1423 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1424 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1425 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1426 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
|
|---|
| 1427 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1428 | c54.139c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
|
|---|
| 1429 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
|
|---|
| 1430 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
|
|---|
| 1431 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 1432 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1433 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 1434 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1435 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1436 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 1437 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1438 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1439 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 1440 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1441 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1442 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
|
|---|
| 1443 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1444 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1445 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22929 (0xffffa66f)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1446 | c54.139c: Error (rc=0):
|
|---|
| 1447 | c54.139c: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22929 (0xffffa66f) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1448 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
|
|---|
| 1449 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1450 | c54.139c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
|
|---|
| 1451 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1452 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 1453 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
|
|---|
| 1454 | c54.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
|
|---|
| 1455 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
|
|---|
| 1456 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1457 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1458 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1459 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1460 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1461 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22929 (0xffffa66f)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1462 | c54.139c: Error (rc=0):
|
|---|
| 1463 | c54.139c: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22929 (0xffffa66f) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1464 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1465 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1466 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 1467 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1468 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1469 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 1470 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1471 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1472 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1473 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1474 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1475 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22929 (0xffffa66f)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1476 | c54.139c: Error (rc=0):
|
|---|
| 1477 | c54.139c: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22929 (0xffffa66f) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1478 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 1479 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1480 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
|
|---|
| 1481 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1482 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1483 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
|
|---|
| 1484 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1485 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1486 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22929 (0xffffa66f)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1487 | c54.139c: Error (rc=0):
|
|---|
| 1488 | c54.139c: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22929 (0xffffa66f) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1489 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1490 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1491 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 1492 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1493 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 1494 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1495 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
|
|---|
| 1496 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
|
|---|
| 1497 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
|
|---|
| 1498 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1499 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1500 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
|
|---|
| 1501 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1502 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1503 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
|
|---|
| 1504 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1505 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1506 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1507 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1508 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1509 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1510 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1511 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1512 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
|
|---|
| 1513 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1514 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1515 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1516 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1517 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1518 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1519 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1520 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1521 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22929 (0xffffa66f)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1522 | c54.139c: Error (rc=0):
|
|---|
| 1523 | c54.139c: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22929 (0xffffa66f) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1524 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1525 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1526 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1527 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1528 | c54.139c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
|
|---|
| 1529 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1530 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1531 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
|
|---|
| 1532 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1533 | c54.139c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
|
|---|
| 1534 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1535 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1536 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1537 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1538 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1539 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1540 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 1541 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1542 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
|
|---|
| 1543 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1544 | c54.139c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
|
|---|
| 1545 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1546 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
|
|---|
| 1547 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
|
|---|
| 1548 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
|
|---|
| 1549 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
|
|---|
| 1550 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
|
|---|
| 1551 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 1552 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
|
|---|
| 1553 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
|
|---|
| 1554 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
|
|---|
| 1555 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
|
|---|
| 1556 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
|
|---|
| 1557 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll
|
|---|
| 1558 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1559 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1560 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
|
|---|
| 1561 | c54.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
|
|---|
| 1562 | c54.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000156e570
|
|---|
| 1563 | c54.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000156e570
|
|---|
| 1564 | c54.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8E7659A85CD9E1DD85A2EDD240E0AFC0D2340903
|
|---|
| 1565 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1566 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1567 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1568 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1569 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
|
|---|
| 1570 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1571 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1572 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 1573 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1574 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1575 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 1576 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1577 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1578 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22929 (0xffffa66f)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1579 | c54.139c: Error (rc=0):
|
|---|
| 1580 | c54.139c: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22929 (0xffffa66f) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1581 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1582 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1583 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1584 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1585 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1586 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1587 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1588 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1589 | c54.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1590 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1591 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1592 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 1593 | c54.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1594 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895ec0000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 1595 | c54.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff897630000 'C:\Windows\System32\crypt32.dll'
|
|---|
| 1596 | c54.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.1348.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
|
|---|
| 1597 | c54.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1598 | c54.139c: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
|
|---|
| 1599 | c54.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
|
|---|
| 1600 | c54.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
|
|---|
| 1601 | c54.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
|
|---|
| 1602 | c54.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll
|
|---|
| 1603 | c54.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1604 | c54.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1605 | c54.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
|
|---|
| 1606 | c54.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1607 | c54.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
|
|---|
| 1608 | c54.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
|
|---|
| 1609 | c54.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
|
|---|
| 1610 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff897600000 LB 0x00022000 C:\Windows\System32\win32u.dll [fFlags=0x0]
|
|---|
| 1611 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
|
|---|
| 1612 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff897160000 LB 0x0009d000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0]
|
|---|
| 1613 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
|
|---|
| 1614 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff896ff0000 LB 0x0010d000 C:\Windows\System32\gdi32full.dll [fFlags=0x0]
|
|---|
| 1615 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 1616 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'.
|
|---|
| 1617 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
|
|---|
| 1618 | c54.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'win32u.dll'.
|
|---|
| 1619 | c54.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
|
|---|
| 1620 | c54.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
|
|---|
| 1621 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff898220000 LB 0x0002b000 C:\Windows\System32\GDI32.dll [fFlags=0x0]
|
|---|
| 1622 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
|
|---|
| 1623 | c54.139c: supR3HardenedDllNotificationCallback: load 00007ff897ef0000 LB 0x001a1000 C:\Windows\System32\USER32.dll [fFlags=0x0]
|
|---|
| 1624 | c54.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22929 (0xffffa66f)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1625 | c54.139c: Fatal error:
|
|---|
| 1626 | c54.139c: supR3HardenedDllNotificationCallback: supR3HardenedScreenImage failed on 'C:\Windows\System32\USER32.dll' / '\??\C:\Windows\System32\USER32.dll': 0xc0000190
|
|---|
| 1627 | 1410.3804: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1677 ms, the end);
|
|---|
| 1628 | 27b8.2508: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2174 ms, the end);
|
|---|