VirtualBox

Ticket #13187: VBoxHardening.log

File VBoxHardening.log, 31.9 KB (added by Bill.Coats, 9 years ago)

VBoxHardening.log

Line 
123c0.1b84: Log file opened: 5.0.10r104061 g_hStartupLog=000000000000001c g_uNtVerCombined=0x63258000
223c0.1b84: \SystemRoot\System32\ntdll.dll:
323c0.1b84: CreationTime: 2015-09-21T22:06:47.830476300Z
423c0.1b84: LastWriteTime: 2015-08-07T21:40:29.476583000Z
523c0.1b84: ChangeTime: 2015-11-10T19:59:06.964316500Z
623c0.1b84: FileAttributes: 0x20
723c0.1b84: Size: 0x1a7f48
823c0.1b84: NT Headers: 0xd8
923c0.1b84: Timestamp: 0x55c4c16b
1023c0.1b84: Machine: 0x8664 - amd64
1123c0.1b84: Timestamp: 0x55c4c16b
1223c0.1b84: Image Version: 6.3
1323c0.1b84: SizeOfImage: 0x1ac000 (1753088)
1423c0.1b84: Resource Dir: 0x148000 LB 0x62450
1523c0.1b84: ProductName: Microsoft® Windows® Operating System
1623c0.1b84: ProductVersion: 6.3.9600.18007
1723c0.1b84: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612)
1823c0.1b84: FileDescription: NT Layer DLL
1923c0.1b84: \SystemRoot\System32\kernel32.dll:
2023c0.1b84: CreationTime: 2015-04-16T19:12:15.044651600Z
2123c0.1b84: LastWriteTime: 2014-10-29T04:09:24.572407200Z
2223c0.1b84: ChangeTime: 2015-10-14T12:40:28.052955900Z
2323c0.1b84: FileAttributes: 0x20
2423c0.1b84: Size: 0x13fc30
2523c0.1b84: NT Headers: 0xf8
2623c0.1b84: Timestamp: 0x545054ca
2723c0.1b84: Machine: 0x8664 - amd64
2823c0.1b84: Timestamp: 0x545054ca
2923c0.1b84: Image Version: 6.3
3023c0.1b84: SizeOfImage: 0x13e000 (1302528)
3123c0.1b84: Resource Dir: 0x12e000 LB 0x518
3223c0.1b84: ProductName: Microsoft® Windows® Operating System
3323c0.1b84: ProductVersion: 6.3.9600.17415
3423c0.1b84: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
3523c0.1b84: FileDescription: Windows NT BASE API Client DLL
3623c0.1b84: \SystemRoot\System32\KernelBase.dll:
3723c0.1b84: CreationTime: 2015-09-21T22:06:48.033619700Z
3823c0.1b84: LastWriteTime: 2015-08-07T21:40:29.476583000Z
3923c0.1b84: ChangeTime: 2015-10-14T12:41:09.259707500Z
4023c0.1b84: FileAttributes: 0x20
4123c0.1b84: Size: 0x1150a0
4223c0.1b84: NT Headers: 0xf0
4323c0.1b84: Timestamp: 0x55c4c341
4423c0.1b84: Machine: 0x8664 - amd64
4523c0.1b84: Timestamp: 0x55c4c341
4623c0.1b84: Image Version: 6.3
4723c0.1b84: SizeOfImage: 0x115000 (1134592)
4823c0.1b84: Resource Dir: 0x110000 LB 0x3530
4923c0.1b84: ProductName: Microsoft® Windows® Operating System
5023c0.1b84: ProductVersion: 6.3.9600.18007
5123c0.1b84: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612)
5223c0.1b84: FileDescription: Windows NT BASE API Client DLL
5323c0.1b84: \SystemRoot\System32\apisetschema.dll:
5423c0.1b84: CreationTime: 2013-08-22T12:13:09.745625900Z
5523c0.1b84: LastWriteTime: 2013-08-22T12:35:12.091034400Z
5623c0.1b84: ChangeTime: 2015-04-16T21:13:21.194017200Z
5723c0.1b84: FileAttributes: 0x20
5823c0.1b84: Size: 0x11360
5923c0.1b84: NT Headers: 0xd0
6023c0.1b84: Timestamp: 0x52160049
6123c0.1b84: Machine: 0x8664 - amd64
6223c0.1b84: Timestamp: 0x52160049
6323c0.1b84: Image Version: 6.3
6423c0.1b84: SizeOfImage: 0x13000 (77824)
6523c0.1b84: Resource Dir: 0x11000 LB 0x3f8
6623c0.1b84: ProductName: Microsoft® Windows® Operating System
6723c0.1b84: ProductVersion: 6.3.9600.16384
6823c0.1b84: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
6923c0.1b84: FileDescription: ApiSet Schema DLL
7023c0.1b84: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7123c0.1b84: supR3HardenedWinFindAdversaries: 0x400
7223c0.1b84: \SystemRoot\System32\drivers\MpFilter.sys:
7323c0.1b84: CreationTime: 2015-03-05T00:34:52.000000000Z
7423c0.1b84: LastWriteTime: 2015-03-05T00:34:52.000000000Z
7523c0.1b84: ChangeTime: 2015-08-07T13:26:50.864209200Z
7623c0.1b84: FileAttributes: 0x20
7723c0.1b84: Size: 0x44738
7823c0.1b84: NT Headers: 0xf0
7923c0.1b84: Timestamp: 0x54efb880
8023c0.1b84: Machine: 0x8664 - amd64
8123c0.1b84: Timestamp: 0x54efb880
8223c0.1b84: Image Version: 6.3
8323c0.1b84: SizeOfImage: 0x44000 (278528)
8423c0.1b84: Resource Dir: 0x42000 LB 0xd50
8523c0.1b84: ProductName: Microsoft Malware Protection
8623c0.1b84: ProductVersion: 4.8.0200.0
8723c0.1b84: FileVersion: 4.8.0200.0
8823c0.1b84: FileDescription: Microsoft antimalware file system filter driver
8923c0.1b84: \SystemRoot\System32\drivers\NisDrvWFP.sys:
9023c0.1b84: CreationTime: 2013-09-10T16:12:50.000000000Z
9123c0.1b84: LastWriteTime: 2015-03-05T00:34:52.000000000Z
9223c0.1b84: ChangeTime: 2015-08-07T13:26:50.604220900Z
9323c0.1b84: FileAttributes: 0x20
9423c0.1b84: Size: 0x1e698
9523c0.1b84: NT Headers: 0xf0
9623c0.1b84: Timestamp: 0x54efb8af
9723c0.1b84: Machine: 0x8664 - amd64
9823c0.1b84: Timestamp: 0x54efb8af
9923c0.1b84: Image Version: 6.3
10023c0.1b84: SizeOfImage: 0x1f000 (126976)
10123c0.1b84: Resource Dir: 0x1c000 LB 0x1b90
10223c0.1b84: ProductName: Microsoft Malware Protection
10323c0.1b84: ProductVersion: 4.8.0200.0
10423c0.1b84: FileVersion: 4.8.0200.0
10523c0.1b84: FileDescription: Microsoft Network Realtime Inspection Driver
10623c0.1b84: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
10723c0.1b84: Calling main()
10823c0.1b84: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
10923c0.1b84: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
11023c0.1b84: SUPR3HardenedMain: Respawn #1
11123c0.1b84: System32: \Device\HarddiskVolume2\Windows\System32
11223c0.1b84: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
11323c0.1b84: KnownDllPath: C:\Windows\system32
11423c0.1b84: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
11523c0.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
11623c0.1b84: supR3HardNtEnableThreadCreation:
11723c0.1b84: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff01898ec0 pvNtTerminateThread=00007fff01911700
11823c0.1b84: supR3HardenedWinDoReSpawn(1): New child 221c.1714 [kernel32].
11923c0.1b84: supR3HardNtChildGatherData: PebBaseAddress=00007ff68f438000 cbPeb=0x388
12023c0.1b84: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff01880000 uNtDllChildAddr=00007fff01880000
12123c0.1b84: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff01898ec0
12223c0.1b84: supR3HardenedWinSetupChildInit: Start child.
12323c0.1b84: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
12423c0.1b84: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 45 sleeps
12523c0.1b84: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
12623c0.1b84: *0000000000000000-ffffffffff72ffff 0x0001/0x0000 0x0000000
12723c0.1b84: *00000000008d0000-00000000008affff 0x0004/0x0004 0x0020000
12823c0.1b84: *00000000008f0000-00000000008e0fff 0x0002/0x0002 0x0040000
12923c0.1b84: 00000000008ff000-00000000008fdfff 0x0001/0x0000 0x0000000
13023c0.1b84: *0000000000900000-0000000000803fff 0x0000/0x0004 0x0020000
13123c0.1b84: 00000000009fc000-00000000009f8fff 0x0104/0x0004 0x0020000
13223c0.1b84: 00000000009ff000-00000000009fdfff 0x0004/0x0004 0x0020000
13323c0.1b84: *0000000000a00000-00000000009fbfff 0x0002/0x0002 0x0040000
13423c0.1b84: 0000000000a04000-00000000009f7fff 0x0001/0x0000 0x0000000
13523c0.1b84: *0000000000a10000-0000000000a0dfff 0x0004/0x0004 0x0020000
13623c0.1b84: 0000000000a12000-ffffffff81443fff 0x0001/0x0000 0x0000000
13723c0.1b84: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
13823c0.1b84: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
13923c0.1b84: 000000007fff0000-ffff800a70bcffff 0x0001/0x0000 0x0000000
14023c0.1b84: *00007ff68f410000-00007ff68f3ecfff 0x0002/0x0002 0x0040000
14123c0.1b84: 00007ff68f433000-00007ff68f42dfff 0x0001/0x0000 0x0000000
14223c0.1b84: *00007ff68f438000-00007ff68f436fff 0x0004/0x0004 0x0020000
14323c0.1b84: 00007ff68f439000-00007ff68f433fff 0x0001/0x0000 0x0000000
14423c0.1b84: *00007ff68f43e000-00007ff68f43bfff 0x0004/0x0004 0x0020000
14523c0.1b84: 00007ff68f440000-00007ff68eacffff 0x0001/0x0000 0x0000000
14623c0.1b84: *00007ff68fdb0000-00007ff68fdb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
14723c0.1b84: 00007ff68fdb1000-00007ff68fe37fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
14823c0.1b84: 00007ff68fe38000-00007ff68fe38fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
14923c0.1b84: 00007ff68fe39000-00007ff68fe83fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
15023c0.1b84: 00007ff68fe84000-00007ff68fe84fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
15123c0.1b84: 00007ff68fe85000-00007ff68fe85fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
15223c0.1b84: 00007ff68fe86000-00007ff68fe8afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
15323c0.1b84: 00007ff68fe8b000-00007ff68fe8bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
15423c0.1b84: 00007ff68fe8c000-00007ff68fe8cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
15523c0.1b84: 00007ff68fe8d000-00007ff68fe90fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
15623c0.1b84: 00007ff68fe91000-00007ff68fedbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
15723c0.1b84: 00007ff68fedc000-00007fee1e537fff 0x0001/0x0000 0x0000000
15823c0.1b84: *00007fff01880000-00007fff01880fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
15923c0.1b84: 00007fff01881000-00007fff019acfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
16023c0.1b84: 00007fff019ad000-00007fff019b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
16123c0.1b84: 00007fff019b3000-00007fff019bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
16223c0.1b84: 00007fff019c0000-00007fff019c0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
16323c0.1b84: 00007fff019c1000-00007fff019c3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
16423c0.1b84: 00007fff019c4000-00007fff019c4fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
16523c0.1b84: 00007fff019c5000-00007fff01a2bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
16623c0.1b84: 00007fff01a2c000-00007ffe03477fff 0x0001/0x0000 0x0000000
16723c0.1b84: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
16823c0.1b84: VirtualBox.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS)
16923c0.1b84: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
17023c0.1b84: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
17123c0.1b84: supR3HardNtChildPurify: Done after 573 ms and 0 fixes (loop #0).
172221c.1714: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
173221c.1714: supR3HardenedVmProcessInit: uNtDllAddr=00007fff01880000
17423c0.1b84: supR3HardNtEnableThreadCreation:
175221c.1714: ntdll.dll: timestamp 0x55c4c16b (rc=VINF_SUCCESS)
176221c.1714: New simple heap: #1 0000000000b20000 LB 0x400000 (for 1753088 allocation)
177221c.1714: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
178221c.1714: System32: \Device\HarddiskVolume2\Windows\System32
179221c.1714: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
180221c.1714: KnownDllPath: C:\Windows\system32
181221c.1714: supR3HardenedVmProcessInit: Opening vboxdrv stub...
182221c.1714: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
183221c.1714: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
184221c.1714: Registered Dll notification callback with NTDLL.
185221c.1714: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
186221c.1714: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
187221c.1714: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
188221c.1714: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
189221c.1714: supR3HardenedDllNotificationCallback: load 00007ffefed30000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
190221c.1714: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
191221c.1714: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
192221c.1714: supR3HardenedDllNotificationCallback: load 00007ffeff7f0000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
193221c.1714: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
194221c.1714: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeff7f0000 'C:\Windows\system32\KERNEL32.DLL'
195221c.1714: supR3HardenedDllNotificationCallback: load 00007ff68fdb0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
196221c.1714: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
197221c.1714: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
198221c.1714: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
199221c.1714: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff01898ec0 pvNtTerminateThread=00007fff01911700
20023c0.1b84: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 56 ms.
201221c.1714: \SystemRoot\System32\ntdll.dll:
202221c.1714: CreationTime: 2015-09-21T22:06:47.830476300Z
203221c.1714: LastWriteTime: 2015-08-07T21:40:29.476583000Z
204221c.1714: ChangeTime: 2015-11-10T19:59:06.964316500Z
205221c.1714: FileAttributes: 0x20
206221c.1714: Size: 0x1a7f48
207221c.1714: NT Headers: 0xd8
208221c.1714: Timestamp: 0x55c4c16b
209221c.1714: Machine: 0x8664 - amd64
210221c.1714: Timestamp: 0x55c4c16b
211221c.1714: Image Version: 6.3
212221c.1714: SizeOfImage: 0x1ac000 (1753088)
213221c.1714: Resource Dir: 0x148000 LB 0x62450
214221c.1714: ProductName: Microsoft® Windows® Operating System
215221c.1714: ProductVersion: 6.3.9600.18007
216221c.1714: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612)
217221c.1714: FileDescription: NT Layer DLL
218221c.1714: \SystemRoot\System32\kernel32.dll:
219221c.1714: CreationTime: 2015-04-16T19:12:15.044651600Z
220221c.1714: LastWriteTime: 2014-10-29T04:09:24.572407200Z
221221c.1714: ChangeTime: 2015-10-14T12:40:28.052955900Z
222221c.1714: FileAttributes: 0x20
223221c.1714: Size: 0x13fc30
224221c.1714: NT Headers: 0xf8
225221c.1714: Timestamp: 0x545054ca
226221c.1714: Machine: 0x8664 - amd64
227221c.1714: Timestamp: 0x545054ca
228221c.1714: Image Version: 6.3
229221c.1714: SizeOfImage: 0x13e000 (1302528)
230221c.1714: Resource Dir: 0x12e000 LB 0x518
231221c.1714: ProductName: Microsoft® Windows® Operating System
232221c.1714: ProductVersion: 6.3.9600.17415
233221c.1714: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
234221c.1714: FileDescription: Windows NT BASE API Client DLL
235221c.1714: \SystemRoot\System32\KernelBase.dll:
236221c.1714: CreationTime: 2015-09-21T22:06:48.033619700Z
237221c.1714: LastWriteTime: 2015-08-07T21:40:29.476583000Z
238221c.1714: ChangeTime: 2015-10-14T12:41:09.259707500Z
239221c.1714: FileAttributes: 0x20
240221c.1714: Size: 0x1150a0
241221c.1714: NT Headers: 0xf0
242221c.1714: Timestamp: 0x55c4c341
243221c.1714: Machine: 0x8664 - amd64
244221c.1714: Timestamp: 0x55c4c341
245221c.1714: Image Version: 6.3
246221c.1714: SizeOfImage: 0x115000 (1134592)
247221c.1714: Resource Dir: 0x110000 LB 0x3530
248221c.1714: ProductName: Microsoft® Windows® Operating System
249221c.1714: ProductVersion: 6.3.9600.18007
250221c.1714: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612)
251221c.1714: FileDescription: Windows NT BASE API Client DLL
252221c.1714: \SystemRoot\System32\apisetschema.dll:
253221c.1714: CreationTime: 2013-08-22T12:13:09.745625900Z
254221c.1714: LastWriteTime: 2013-08-22T12:35:12.091034400Z
255221c.1714: ChangeTime: 2015-04-16T21:13:21.194017200Z
256221c.1714: FileAttributes: 0x20
257221c.1714: Size: 0x11360
258221c.1714: NT Headers: 0xd0
259221c.1714: Timestamp: 0x52160049
260221c.1714: Machine: 0x8664 - amd64
261221c.1714: Timestamp: 0x52160049
262221c.1714: Image Version: 6.3
263221c.1714: SizeOfImage: 0x13000 (77824)
264221c.1714: Resource Dir: 0x11000 LB 0x3f8
265221c.1714: ProductName: Microsoft® Windows® Operating System
266221c.1714: ProductVersion: 6.3.9600.16384
267221c.1714: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
268221c.1714: FileDescription: ApiSet Schema DLL
269221c.1714: NtOpenDirectoryObject failed on \Driver: 0xc0000022
270221c.1714: supR3HardenedWinFindAdversaries: 0x400
271221c.1714: \SystemRoot\System32\drivers\MpFilter.sys:
272221c.1714: CreationTime: 2015-03-05T00:34:52.000000000Z
273221c.1714: LastWriteTime: 2015-03-05T00:34:52.000000000Z
274221c.1714: ChangeTime: 2015-08-07T13:26:50.864209200Z
275221c.1714: FileAttributes: 0x20
276221c.1714: Size: 0x44738
277221c.1714: NT Headers: 0xf0
278221c.1714: Timestamp: 0x54efb880
279221c.1714: Machine: 0x8664 - amd64
280221c.1714: Timestamp: 0x54efb880
281221c.1714: Image Version: 6.3
282221c.1714: SizeOfImage: 0x44000 (278528)
283221c.1714: Resource Dir: 0x42000 LB 0xd50
284221c.1714: ProductName: Microsoft Malware Protection
285221c.1714: ProductVersion: 4.8.0200.0
286221c.1714: FileVersion: 4.8.0200.0
287221c.1714: FileDescription: Microsoft antimalware file system filter driver
288221c.1714: \SystemRoot\System32\drivers\NisDrvWFP.sys:
289221c.1714: CreationTime: 2013-09-10T16:12:50.000000000Z
290221c.1714: LastWriteTime: 2015-03-05T00:34:52.000000000Z
291221c.1714: ChangeTime: 2015-08-07T13:26:50.604220900Z
292221c.1714: FileAttributes: 0x20
293221c.1714: Size: 0x1e698
294221c.1714: NT Headers: 0xf0
295221c.1714: Timestamp: 0x54efb8af
296221c.1714: Machine: 0x8664 - amd64
297221c.1714: Timestamp: 0x54efb8af
298221c.1714: Image Version: 6.3
299221c.1714: SizeOfImage: 0x1f000 (126976)
300221c.1714: Resource Dir: 0x1c000 LB 0x1b90
301221c.1714: ProductName: Microsoft Malware Protection
302221c.1714: ProductVersion: 4.8.0200.0
303221c.1714: FileVersion: 4.8.0200.0
304221c.1714: FileDescription: Microsoft Network Realtime Inspection Driver
305221c.1714: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
306221c.1714: Calling main()
307221c.1714: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
308221c.1714: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
309221c.1714: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
310221c.1714: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
311221c.1714: SUPR3HardenedMain: Respawn #2
312221c.1714: supR3HardNtEnableThreadCreation:
313221c.1714: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff01898ec0 pvNtTerminateThread=00007fff01911700
314221c.1714: supR3HardenedWinDoReSpawn(2): New child 1e18.1524 [kernel32].
315221c.1714: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
316221c.1714: supR3HardNtChildGatherData: PebBaseAddress=00007ff68f23f000 cbPeb=0x388
317221c.1714: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff01880000 uNtDllChildAddr=00007fff01880000
318221c.1714: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff01898ec0
319221c.1714: supR3HardenedWinSetupChildInit: Start child.
320221c.1714: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
321221c.1714: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 41 sleeps
322221c.1714: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
323221c.1714: *0000000000000000-ffffffffffe8ffff 0x0001/0x0000 0x0000000
324221c.1714: *0000000000170000-000000000014ffff 0x0004/0x0004 0x0020000
325221c.1714: *0000000000190000-0000000000180fff 0x0002/0x0002 0x0040000
326221c.1714: 000000000019f000-000000000019dfff 0x0001/0x0000 0x0000000
327221c.1714: *00000000001a0000-00000000000a3fff 0x0000/0x0004 0x0020000
328221c.1714: 000000000029c000-0000000000298fff 0x0104/0x0004 0x0020000
329221c.1714: 000000000029f000-000000000029dfff 0x0004/0x0004 0x0020000
330221c.1714: *00000000002a0000-000000000029bfff 0x0002/0x0002 0x0040000
331221c.1714: 00000000002a4000-0000000000297fff 0x0001/0x0000 0x0000000
332221c.1714: *00000000002b0000-00000000002adfff 0x0004/0x0004 0x0020000
333221c.1714: 00000000002b2000-00000000002a3fff 0x0001/0x0000 0x0000000
334221c.1714: *00000000002c0000-00000000002befff 0x0020/0x0020 0x0020000 !!
335221c.1714: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00000000002c0000 (LB 0x1000, 00000000002c0000 LB 0x1000)
336221c.1714: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00000000002c0000/00000000002c0000 LB 0/0x1000]
337221c.1714: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00000000002c0000 LB 0x7fd20000 s=0x10000 ap=0x0 rp=0x00000000000001
338221c.1714: 00000000002c1000-ffffffff805a1fff 0x0001/0x0000 0x0000000
339221c.1714: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
340221c.1714: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
341221c.1714: 000000007fff0000-ffff800a70dcffff 0x0001/0x0000 0x0000000
342221c.1714: *00007ff68f210000-00007ff68f1ecfff 0x0002/0x0002 0x0040000
343221c.1714: 00007ff68f233000-00007ff68f228fff 0x0001/0x0000 0x0000000
344221c.1714: *00007ff68f23d000-00007ff68f23afff 0x0004/0x0004 0x0020000
345221c.1714: *00007ff68f23f000-00007ff68f23dfff 0x0004/0x0004 0x0020000
346221c.1714: 00007ff68f240000-00007ff68e6cffff 0x0001/0x0000 0x0000000
347221c.1714: *00007ff68fdb0000-00007ff68fdb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
348221c.1714: 00007ff68fdb1000-00007ff68fe37fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
349221c.1714: 00007ff68fe38000-00007ff68fe38fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
350221c.1714: 00007ff68fe39000-00007ff68fe83fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
351221c.1714: 00007ff68fe84000-00007ff68fe84fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
352221c.1714: 00007ff68fe85000-00007ff68fe85fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
353221c.1714: 00007ff68fe86000-00007ff68fe8afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
354221c.1714: 00007ff68fe8b000-00007ff68fe8bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
355221c.1714: 00007ff68fe8c000-00007ff68fe8cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
356221c.1714: 00007ff68fe8d000-00007ff68fe90fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
357221c.1714: 00007ff68fe91000-00007ff68fedbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
358221c.1714: 00007ff68fedc000-00007fee1e537fff 0x0001/0x0000 0x0000000
359221c.1714: *00007fff01880000-00007fff01880fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
360221c.1714: 00007fff01881000-00007fff019acfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
361221c.1714: 00007fff019ad000-00007fff019b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
362221c.1714: 00007fff019b3000-00007fff019bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
363221c.1714: 00007fff019c0000-00007fff019c0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
364221c.1714: 00007fff019c1000-00007fff019c3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
365221c.1714: 00007fff019c4000-00007fff019c4fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
366221c.1714: 00007fff019c5000-00007fff01a2bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
367221c.1714: 00007fff01a2c000-00007ffe03477fff 0x0001/0x0000 0x0000000
368221c.1714: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
369221c.1714: VirtualBox.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS)
370221c.1714: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
371221c.1714: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
372221c.1714: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x400
373221c.1714: supR3HardNtChildPurify: Startup delay kludge #1/1: 516 ms, 33 sleeps
374221c.1714: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
375221c.1714: *0000000000000000-ffffffffffe8ffff 0x0001/0x0000 0x0000000
376221c.1714: *0000000000170000-000000000014ffff 0x0004/0x0004 0x0020000
377221c.1714: *0000000000190000-0000000000180fff 0x0002/0x0002 0x0040000
378221c.1714: 000000000019f000-000000000019dfff 0x0001/0x0000 0x0000000
379221c.1714: *00000000001a0000-00000000000a3fff 0x0000/0x0004 0x0020000
380221c.1714: 000000000029c000-0000000000298fff 0x0104/0x0004 0x0020000
381221c.1714: 000000000029f000-000000000029dfff 0x0004/0x0004 0x0020000
382221c.1714: *00000000002a0000-000000000029bfff 0x0002/0x0002 0x0040000
383221c.1714: 00000000002a4000-0000000000297fff 0x0001/0x0000 0x0000000
384221c.1714: *00000000002b0000-00000000002adfff 0x0004/0x0004 0x0020000
385221c.1714: 00000000002b2000-ffffffff80583fff 0x0001/0x0000 0x0000000
386221c.1714: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
387221c.1714: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
388221c.1714: 000000007fff0000-ffff800a70dcffff 0x0001/0x0000 0x0000000
389221c.1714: *00007ff68f210000-00007ff68f1ecfff 0x0002/0x0002 0x0040000
390221c.1714: 00007ff68f233000-00007ff68f228fff 0x0001/0x0000 0x0000000
391221c.1714: *00007ff68f23d000-00007ff68f23afff 0x0004/0x0004 0x0020000
392221c.1714: *00007ff68f23f000-00007ff68f23dfff 0x0004/0x0004 0x0020000
393221c.1714: 00007ff68f240000-00007ff68e6cffff 0x0001/0x0000 0x0000000
394221c.1714: *00007ff68fdb0000-00007ff68fdb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
395221c.1714: 00007ff68fdb1000-00007ff68fe37fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
396221c.1714: 00007ff68fe38000-00007ff68fe38fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
397221c.1714: 00007ff68fe39000-00007ff68fe83fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
398221c.1714: 00007ff68fe84000-00007ff68fe90fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
399221c.1714: 00007ff68fe91000-00007ff68fedbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
400221c.1714: 00007ff68fedc000-00007fee1e537fff 0x0001/0x0000 0x0000000
401221c.1714: *00007fff01880000-00007fff01880fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
402221c.1714: 00007fff01881000-00007fff019acfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
403221c.1714: 00007fff019ad000-00007fff019b2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
404221c.1714: 00007fff019b3000-00007fff019bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
405221c.1714: 00007fff019c0000-00007fff019c3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
406221c.1714: 00007fff019c4000-00007fff019c4fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
407221c.1714: 00007fff019c5000-00007fff01a2bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
408221c.1714: 00007fff01a2c000-00007ffe03477fff 0x0001/0x0000 0x0000000
409221c.1714: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
410221c.1714: supR3HardNtChildPurify: Done after 1124 ms and 1 fixes (loop #1).
4111e18.1524: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
4121e18.1524: supR3HardenedVmProcessInit: uNtDllAddr=00007fff01880000
4131e18.1524: ntdll.dll: timestamp 0x55c4c16b (rc=VINF_SUCCESS)
4141e18.1524: New simple heap: #1 00000000003c0000 LB 0x400000 (for 1753088 allocation)
415221c.1714: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000b20000 LB 0x400000)
416221c.1714: supR3HardNtEnableThreadCreation:
4171e18.1524: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4181e18.1524: System32: \Device\HarddiskVolume2\Windows\System32
4191e18.1524: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
4201e18.1524: KnownDllPath: C:\Windows\system32
4211e18.1524: supR3HardenedVmProcessInit: Opening vboxdrv...
4221e18.1524: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4231e18.1524: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4241e18.1524: Registered Dll notification callback with NTDLL.
4251e18.1524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
4261e18.1524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
4271e18.1524: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
4281e18.1524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4291e18.1524: supR3HardenedDllNotificationCallback: load 00007ffefed30000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
4301e18.1524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
4311e18.1524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
4321e18.1524: supR3HardenedDllNotificationCallback: load 00007ffeff7f0000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
4331e18.1524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4341e18.1524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeff7f0000 'C:\Windows\system32\KERNEL32.DLL'
4351e18.1524: supR3HardenedDllNotificationCallback: load 00007ff68fdb0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
4361e18.1524: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4371e18.1524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4381e18.1524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
439221c.1714: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 109 ms, CloseEvents);
44023c0.1b84: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1243 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy