VirtualBox

Ticket #15296: VBoxHardening.log

File VBoxHardening.log, 32.7 KB (added by Zupo Llask, 8 years ago)
Line 
111c8.1630: Log file opened: 5.0.17r106359 g_hStartupLog=00000074 g_uNtVerCombined=0xa037ec00
211c8.1630: \SystemRoot\System32\ntdll.dll:
311c8.1630: CreationTime: 2016-04-03T13:21:15.750408500Z
411c8.1630: LastWriteTime: 2016-04-03T13:21:15.750408500Z
511c8.1630: ChangeTime: 2016-04-07T01:03:06.853744400Z
611c8.1630: FileAttributes: 0x20
711c8.1630: Size: 0x17df00
811c8.1630: NT Headers: 0xe8
911c8.1630: Timestamp: 0x5700c526
1011c8.1630: Machine: 0x14c - i386
1111c8.1630: Timestamp: 0x5700c526
1211c8.1630: Image Version: 10.0
1311c8.1630: SizeOfImage: 0x180000 (1572864)
1411c8.1630: Resource Dir: 0x114000 LB 0x66db0
1511c8.1630: ProductName: Microsoft® Windows® Operating System
1611c8.1630: ProductVersion: 10.0.14316.1000
1711c8.1630: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217)
1811c8.1630: FileDescription: NT Layer DLL
1911c8.1630: \SystemRoot\System32\kernel32.dll:
2011c8.1630: CreationTime: 2016-04-03T13:20:42.562986900Z
2111c8.1630: LastWriteTime: 2016-04-03T13:20:42.562986900Z
2211c8.1630: ChangeTime: 2016-04-07T01:03:02.775611800Z
2311c8.1630: FileAttributes: 0x20
2411c8.1630: Size: 0x996a8
2511c8.1630: NT Headers: 0xf8
2611c8.1630: Timestamp: 0x5700c53e
2711c8.1630: Machine: 0x14c - i386
2811c8.1630: Timestamp: 0x5700c53e
2911c8.1630: Image Version: 10.0
3011c8.1630: SizeOfImage: 0x97000 (618496)
3111c8.1630: Resource Dir: 0x91000 LB 0x528
3211c8.1630: ProductName: Microsoft® Windows® Operating System
3311c8.1630: ProductVersion: 10.0.14316.1000
3411c8.1630: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217)
3511c8.1630: FileDescription: Windows NT BASE API Client DLL
3611c8.1630: \SystemRoot\System32\KernelBase.dll:
3711c8.1630: CreationTime: 2016-04-03T13:21:15.859783900Z
3811c8.1630: LastWriteTime: 2016-04-03T13:21:15.859783900Z
3911c8.1630: ChangeTime: 2016-04-07T01:03:02.838111300Z
4011c8.1630: FileAttributes: 0x20
4111c8.1630: Size: 0x1982d0
4211c8.1630: NT Headers: 0x100
4311c8.1630: Timestamp: 0x5700c56a
4411c8.1630: Machine: 0x14c - i386
4511c8.1630: Timestamp: 0x5700c56a
4611c8.1630: Image Version: 10.0
4711c8.1630: SizeOfImage: 0x19b000 (1683456)
4811c8.1630: Resource Dir: 0x179000 LB 0x540
4911c8.1630: ProductName: Microsoft® Windows® Operating System
5011c8.1630: ProductVersion: 10.0.14316.1000
5111c8.1630: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217)
5211c8.1630: FileDescription: Windows NT BASE API Client DLL
5311c8.1630: \SystemRoot\System32\apisetschema.dll:
5411c8.1630: CreationTime: 2016-04-03T13:20:59.125447700Z
5511c8.1630: LastWriteTime: 2016-04-03T13:20:59.141072800Z
5611c8.1630: ChangeTime: 2016-04-07T01:02:51.041211000Z
5711c8.1630: FileAttributes: 0x20
5811c8.1630: Size: 0x17310
5911c8.1630: NT Headers: 0xc8
6011c8.1630: Timestamp: 0x5700c83a
6111c8.1630: Machine: 0x14c - i386
6211c8.1630: Timestamp: 0x5700c83a
6311c8.1630: Image Version: 10.0
6411c8.1630: SizeOfImage: 0x19000 (102400)
6511c8.1630: Resource Dir: 0x18000 LB 0x400
6611c8.1630: ProductName: Microsoft® Windows® Operating System
6711c8.1630: ProductVersion: 10.0.14316.1000
6811c8.1630: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217)
6911c8.1630: FileDescription: ApiSet Schema DLL
7011c8.1630: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7111c8.1630: supR3HardenedWinFindAdversaries: 0x0
7211c8.1630: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
7311c8.1630: Calling main()
7411c8.1630: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
7511c8.1630: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
7611c8.1630: SUPR3HardenedMain: Respawn #1
7711c8.1630: System32: \Device\HarddiskVolume1\Windows\System32
7811c8.1630: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
7911c8.1630: KnownDllPath: C:\WINDOWS\system32
8011c8.1630: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
8111c8.1630: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
8211c8.1630: supR3HardNtEnableThreadCreation:
8311c8.1630: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77811470 pvNtTerminateThread=7787e080
8411c8.1630: supR3HardenedWinDoReSpawn(1): New child 1704.163c [kernel32].
8511c8.1630: supR3HardNtChildGatherData: PebBaseAddress=003bf000 cbPeb=0x250
8611c8.1630: supR3HardNtPuChFindNtdll: uNtDllParentAddr=777f0000 uNtDllChildAddr=777f0000
8711c8.1630: supR3HardenedWinSetupChildInit: uLdrInitThunk=77811470
8811c8.1630: supR3HardenedWinSetupChildInit: Start child.
8911c8.1630: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
9011c8.1630: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 0 sleeps
9111c8.1630: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
9211c8.1630: *00000000-fffeffff 0x0001/0x0000 0x0000000
9311c8.1630: *00010000-fffeffff 0x0004/0x0004 0x0020000
9411c8.1630: *00030000-00019fff 0x0002/0x0002 0x0040000
9511c8.1630: 00046000-0003bfff 0x0001/0x0000 0x0000000
9611c8.1630: *00050000-fff52fff 0x0000/0x0004 0x0020000
9711c8.1630: 0014d000-0014afff 0x0104/0x0004 0x0020000
9811c8.1630: 0014f000-0014dfff 0x0004/0x0004 0x0020000
9911c8.1630: *00150000-0014bfff 0x0002/0x0002 0x0040000
10011c8.1630: 00154000-00147fff 0x0001/0x0000 0x0000000
10111c8.1630: *00160000-0015dfff 0x0004/0x0004 0x0020000
10211c8.1630: 00162000-000c3fff 0x0001/0x0000 0x0000000
10311c8.1630: *00200000-00040fff 0x0000/0x0004 0x0020000
10411c8.1630: 003bf000-003bcfff 0x0004/0x0004 0x0020000
10511c8.1630: 003c1000-00381fff 0x0000/0x0004 0x0020000
10611c8.1630: 00400000-ff70ffff 0x0001/0x0000 0x0000000
10711c8.1630: *010f0000-010f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
10811c8.1630: 010f1000-01167fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
10911c8.1630: 01168000-01168fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
11011c8.1630: 01169000-011a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
11111c8.1630: 011a3000-011a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
11211c8.1630: 011a4000-011a4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
11311c8.1630: 011a5000-011a5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
11411c8.1630: 011a6000-011a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
11511c8.1630: 011a7000-011abfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
11611c8.1630: 011ac000-011aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
11711c8.1630: 011af000-011f2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
11811c8.1630: 011f3000-8abf5fff 0x0001/0x0000 0x0000000
11911c8.1630: *777f0000-777f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
12011c8.1630: 777f1000-778fcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
12111c8.1630: 778fd000-77900fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
12211c8.1630: 77901000-77901fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
12311c8.1630: 77902000-77903fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
12411c8.1630: 77904000-7796ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
12511c8.1630: 77970000-7004ffff 0x0001/0x0000 0x0000000
12611c8.1630: *7f290000-7f26cfff 0x0002/0x0002 0x0040000
12711c8.1630: 7f2b3000-7e585fff 0x0001/0x0000 0x0000000
12811c8.1630: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
12911c8.1630: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
13011c8.1630: VBoxHeadless.exe: timestamp 0x570229fe (rc=VINF_SUCCESS)
13111c8.1630: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
13211c8.1630: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
13311c8.1630: supR3HardNtChildPurify: Done after 343 ms and 0 fixes (loop #0).
1341704.163c: Log file opened: 5.0.17r106359 g_hStartupLog=00000008 g_uNtVerCombined=0xa037ec00
1351704.163c: supR3HardenedVmProcessInit: uNtDllAddr=777f0000 g_uNtVerCombined=0xa037ec00
1361704.163c: ntdll.dll: timestamp 0x5700c526 (rc=VINF_SUCCESS)
1371704.163c: New simple heap: #1 00500000 LB 0x400000 (for 1572864 allocation)
13811c8.1630: supR3HardNtEnableThreadCreation:
1391704.163c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
1401704.163c: System32: \Device\HarddiskVolume1\Windows\System32
1411704.163c: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
1421704.163c: KnownDllPath: C:\WINDOWS\system32
1431704.163c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1441704.163c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1451704.163c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1461704.163c: Registered Dll notification callback with NTDLL.
1471704.163c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
1481704.163c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
1491704.163c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000801:<flags> [calling]
1501704.163c: supR3HardenedDllNotificationCallback: load 74760000 LB 0x0019b000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
1511704.163c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
1521704.163c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1531704.163c: supR3HardenedDllNotificationCallback: load 77650000 LB 0x00097000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
1541704.163c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1551704.163c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77650000 'C:\WINDOWS\system32\KERNEL32.DLL'
1561704.163c: supR3HardenedDllNotificationCallback: load 010f0000 LB 0x00103000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
1571704.163c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
1581704.163c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
1591704.163c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1601704.163c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77811470 pvNtTerminateThread=7787e080
1611704.163c: \SystemRoot\System32\ntdll.dll:
1621704.163c: CreationTime: 2016-04-03T13:21:15.750408500Z
1631704.163c: LastWriteTime: 2016-04-03T13:21:15.750408500Z
1641704.163c: ChangeTime: 2016-04-07T01:03:06.853744400Z
1651704.163c: FileAttributes: 0x20
1661704.163c: Size: 0x17df00
1671704.163c: NT Headers: 0xe8
1681704.163c: Timestamp: 0x5700c526
1691704.163c: Machine: 0x14c - i386
1701704.163c: Timestamp: 0x5700c526
1711704.163c: Image Version: 10.0
1721704.163c: SizeOfImage: 0x180000 (1572864)
1731704.163c: Resource Dir: 0x114000 LB 0x66db0
1741704.163c: ProductName: Microsoft® Windows® Operating System
1751704.163c: ProductVersion: 10.0.14316.1000
1761704.163c: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217)
1771704.163c: FileDescription: NT Layer DLL
1781704.163c: \SystemRoot\System32\kernel32.dll:
1791704.163c: CreationTime: 2016-04-03T13:20:42.562986900Z
1801704.163c: LastWriteTime: 2016-04-03T13:20:42.562986900Z
1811704.163c: ChangeTime: 2016-04-07T01:03:02.775611800Z
1821704.163c: FileAttributes: 0x20
1831704.163c: Size: 0x996a8
1841704.163c: NT Headers: 0xf8
1851704.163c: Timestamp: 0x5700c53e
1861704.163c: Machine: 0x14c - i386
1871704.163c: Timestamp: 0x5700c53e
1881704.163c: Image Version: 10.0
1891704.163c: SizeOfImage: 0x97000 (618496)
1901704.163c: Resource Dir: 0x91000 LB 0x528
1911704.163c: ProductName: Microsoft® Windows® Operating System
1921704.163c: ProductVersion: 10.0.14316.1000
1931704.163c: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217)
1941704.163c: FileDescription: Windows NT BASE API Client DLL
1951704.163c: \SystemRoot\System32\KernelBase.dll:
1961704.163c: CreationTime: 2016-04-03T13:21:15.859783900Z
1971704.163c: LastWriteTime: 2016-04-03T13:21:15.859783900Z
1981704.163c: ChangeTime: 2016-04-07T01:03:02.838111300Z
1991704.163c: FileAttributes: 0x20
2001704.163c: Size: 0x1982d0
2011704.163c: NT Headers: 0x100
2021704.163c: Timestamp: 0x5700c56a
2031704.163c: Machine: 0x14c - i386
2041704.163c: Timestamp: 0x5700c56a
2051704.163c: Image Version: 10.0
2061704.163c: SizeOfImage: 0x19b000 (1683456)
2071704.163c: Resource Dir: 0x179000 LB 0x540
2081704.163c: ProductName: Microsoft® Windows® Operating System
2091704.163c: ProductVersion: 10.0.14316.1000
2101704.163c: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217)
2111704.163c: FileDescription: Windows NT BASE API Client DLL
2121704.163c: \SystemRoot\System32\apisetschema.dll:
2131704.163c: CreationTime: 2016-04-03T13:20:59.125447700Z
2141704.163c: LastWriteTime: 2016-04-03T13:20:59.141072800Z
2151704.163c: ChangeTime: 2016-04-07T01:02:51.041211000Z
2161704.163c: FileAttributes: 0x20
2171704.163c: Size: 0x17310
2181704.163c: NT Headers: 0xc8
2191704.163c: Timestamp: 0x5700c83a
2201704.163c: Machine: 0x14c - i386
2211704.163c: Timestamp: 0x5700c83a
2221704.163c: Image Version: 10.0
2231704.163c: SizeOfImage: 0x19000 (102400)
2241704.163c: Resource Dir: 0x18000 LB 0x400
2251704.163c: ProductName: Microsoft® Windows® Operating System
2261704.163c: ProductVersion: 10.0.14316.1000
2271704.163c: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217)
2281704.163c: FileDescription: ApiSet Schema DLL
2291704.163c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
23011c8.1630: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 172 ms.
2311704.163c: supR3HardenedWinFindAdversaries: 0x0
2321704.163c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
2331704.163c: Calling main()
2341704.163c: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
2351704.163c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
2361704.163c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
2371704.163c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
2381704.163c: SUPR3HardenedMain: Respawn #2
2391704.163c: supR3HardNtEnableThreadCreation:
2401704.163c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77811470 pvNtTerminateThread=7787e080
2411704.163c: supR3HardenedWinDoReSpawn(2): New child 17f4.10ec [kernel32].
2421704.163c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2431704.163c: supR3HardNtChildGatherData: PebBaseAddress=0035e000 cbPeb=0x250
2441704.163c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=777f0000 uNtDllChildAddr=777f0000
2451704.163c: supR3HardenedWinSetupChildInit: uLdrInitThunk=77811470
2461704.163c: supR3HardenedWinSetupChildInit: Start child.
2471704.163c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2481704.163c: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 0 sleeps
2491704.163c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2501704.163c: *00000000-fffeffff 0x0001/0x0000 0x0000000
2511704.163c: *00010000-fffeffff 0x0004/0x0004 0x0020000
2521704.163c: *00030000-00019fff 0x0002/0x0002 0x0040000
2531704.163c: 00046000-0003bfff 0x0001/0x0000 0x0000000
2541704.163c: *00050000-fff52fff 0x0000/0x0004 0x0020000
2551704.163c: 0014d000-0014afff 0x0104/0x0004 0x0020000
2561704.163c: 0014f000-0014dfff 0x0004/0x0004 0x0020000
2571704.163c: *00150000-0014bfff 0x0002/0x0002 0x0040000
2581704.163c: 00154000-00147fff 0x0001/0x0000 0x0000000
2591704.163c: *00160000-0015dfff 0x0004/0x0004 0x0020000
2601704.163c: 00162000-000c3fff 0x0001/0x0000 0x0000000
2611704.163c: *00200000-000a1fff 0x0000/0x0004 0x0020000
2621704.163c: 0035e000-0035bfff 0x0004/0x0004 0x0020000
2631704.163c: 00360000-002bffff 0x0000/0x0004 0x0020000
2641704.163c: 00400000-ff70ffff 0x0001/0x0000 0x0000000
2651704.163c: *010f0000-010f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2661704.163c: 010f1000-01167fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2671704.163c: 01168000-01168fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2681704.163c: 01169000-011a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2691704.163c: 011a3000-011a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2701704.163c: 011a4000-011a4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2711704.163c: 011a5000-011a5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2721704.163c: 011a6000-011a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2731704.163c: 011a7000-011abfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2741704.163c: 011ac000-011aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2751704.163c: 011af000-011f2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2761704.163c: 011f3000-8abf5fff 0x0001/0x0000 0x0000000
2771704.163c: *777f0000-777f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2781704.163c: 777f1000-778fcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2791704.163c: 778fd000-77900fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2801704.163c: 77901000-77901fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2811704.163c: 77902000-77903fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2821704.163c: 77904000-7796ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2831704.163c: 77970000-6f3fffff 0x0001/0x0000 0x0000000
2841704.163c: *7fee0000-7febcfff 0x0002/0x0002 0x0040000
2851704.163c: 7ff03000-7fe25fff 0x0001/0x0000 0x0000000
2861704.163c: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
2871704.163c: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
2881704.163c: VBoxHeadless.exe: timestamp 0x570229fe (rc=VINF_SUCCESS)
2891704.163c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
2901704.163c: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
2911704.163c: supR3HardNtChildPurify: Done after 359 ms and 0 fixes (loop #0).
29217f4.10ec: Log file opened: 5.0.17r106359 g_hStartupLog=00000008 g_uNtVerCombined=0xa037ec00
29317f4.10ec: supR3HardenedVmProcessInit: uNtDllAddr=777f0000 g_uNtVerCombined=0xa037ec00
29417f4.10ec: ntdll.dll: timestamp 0x5700c526 (rc=VINF_SUCCESS)
29517f4.10ec: New simple heap: #1 00500000 LB 0x400000 (for 1572864 allocation)
2961704.163c: supR3HardenedEarlyCompact: Removed heap 1 (0x500000 LB 0x400000)
2971704.163c: supR3HardNtEnableThreadCreation:
29817f4.10ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
29917f4.10ec: System32: \Device\HarddiskVolume1\Windows\System32
30017f4.10ec: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
30117f4.10ec: KnownDllPath: C:\WINDOWS\system32
30217f4.10ec: supR3HardenedVmProcessInit: Opening vboxdrv...
30317f4.10ec: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
30417f4.10ec: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
30517f4.10ec: Registered Dll notification callback with NTDLL.
30617f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
30717f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
30817f4.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000801:<flags> [calling]
30917f4.10ec: supR3HardenedDllNotificationCallback: load 74760000 LB 0x0019b000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
31017f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
31117f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
31217f4.10ec: supR3HardenedDllNotificationCallback: load 77650000 LB 0x00097000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
31317f4.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
31417f4.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77650000 'C:\WINDOWS\system32\KERNEL32.DLL'
31517f4.10ec: supR3HardenedDllNotificationCallback: load 010f0000 LB 0x00103000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
31617f4.10ec: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
31717f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
31817f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
31917f4.10ec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77811470 pvNtTerminateThread=7787e080
3201704.163c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 188 ms.
32117f4.10ec: \SystemRoot\System32\ntdll.dll:
32217f4.10ec: CreationTime: 2016-04-03T13:21:15.750408500Z
32317f4.10ec: LastWriteTime: 2016-04-03T13:21:15.750408500Z
32417f4.10ec: ChangeTime: 2016-04-07T01:03:06.853744400Z
32517f4.10ec: FileAttributes: 0x20
32617f4.10ec: Size: 0x17df00
32717f4.10ec: NT Headers: 0xe8
32817f4.10ec: Timestamp: 0x5700c526
32917f4.10ec: Machine: 0x14c - i386
33017f4.10ec: Timestamp: 0x5700c526
33117f4.10ec: Image Version: 10.0
33217f4.10ec: SizeOfImage: 0x180000 (1572864)
33317f4.10ec: Resource Dir: 0x114000 LB 0x66db0
33417f4.10ec: ProductName: Microsoft® Windows® Operating System
33517f4.10ec: ProductVersion: 10.0.14316.1000
33617f4.10ec: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217)
33717f4.10ec: FileDescription: NT Layer DLL
33817f4.10ec: \SystemRoot\System32\kernel32.dll:
33917f4.10ec: CreationTime: 2016-04-03T13:20:42.562986900Z
34017f4.10ec: LastWriteTime: 2016-04-03T13:20:42.562986900Z
34117f4.10ec: ChangeTime: 2016-04-07T01:03:02.775611800Z
34217f4.10ec: FileAttributes: 0x20
34317f4.10ec: Size: 0x996a8
34417f4.10ec: NT Headers: 0xf8
34517f4.10ec: Timestamp: 0x5700c53e
34617f4.10ec: Machine: 0x14c - i386
34717f4.10ec: Timestamp: 0x5700c53e
34817f4.10ec: Image Version: 10.0
34917f4.10ec: SizeOfImage: 0x97000 (618496)
35017f4.10ec: Resource Dir: 0x91000 LB 0x528
35117f4.10ec: ProductName: Microsoft® Windows® Operating System
35217f4.10ec: ProductVersion: 10.0.14316.1000
35317f4.10ec: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217)
35417f4.10ec: FileDescription: Windows NT BASE API Client DLL
35517f4.10ec: \SystemRoot\System32\KernelBase.dll:
35617f4.10ec: CreationTime: 2016-04-03T13:21:15.859783900Z
35717f4.10ec: LastWriteTime: 2016-04-03T13:21:15.859783900Z
35817f4.10ec: ChangeTime: 2016-04-07T01:03:02.838111300Z
35917f4.10ec: FileAttributes: 0x20
36017f4.10ec: Size: 0x1982d0
36117f4.10ec: NT Headers: 0x100
36217f4.10ec: Timestamp: 0x5700c56a
36317f4.10ec: Machine: 0x14c - i386
36417f4.10ec: Timestamp: 0x5700c56a
36517f4.10ec: Image Version: 10.0
36617f4.10ec: SizeOfImage: 0x19b000 (1683456)
36717f4.10ec: Resource Dir: 0x179000 LB 0x540
36817f4.10ec: ProductName: Microsoft® Windows® Operating System
36917f4.10ec: ProductVersion: 10.0.14316.1000
37017f4.10ec: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217)
37117f4.10ec: FileDescription: Windows NT BASE API Client DLL
37217f4.10ec: \SystemRoot\System32\apisetschema.dll:
37317f4.10ec: CreationTime: 2016-04-03T13:20:59.125447700Z
37417f4.10ec: LastWriteTime: 2016-04-03T13:20:59.141072800Z
37517f4.10ec: ChangeTime: 2016-04-07T01:02:51.041211000Z
37617f4.10ec: FileAttributes: 0x20
37717f4.10ec: Size: 0x17310
37817f4.10ec: NT Headers: 0xc8
37917f4.10ec: Timestamp: 0x5700c83a
38017f4.10ec: Machine: 0x14c - i386
38117f4.10ec: Timestamp: 0x5700c83a
38217f4.10ec: Image Version: 10.0
38317f4.10ec: SizeOfImage: 0x19000 (102400)
38417f4.10ec: Resource Dir: 0x18000 LB 0x400
38517f4.10ec: ProductName: Microsoft® Windows® Operating System
38617f4.10ec: ProductVersion: 10.0.14316.1000
38717f4.10ec: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217)
38817f4.10ec: FileDescription: ApiSet Schema DLL
38917f4.10ec: NtOpenDirectoryObject failed on \Driver: 0xc0000022
39017f4.10ec: supR3HardenedWinFindAdversaries: 0x0
39117f4.10ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
39217f4.10ec: Calling main()
39317f4.10ec: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
39417f4.10ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
39517f4.10ec: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
39617f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
39717f4.10ec: SUPR3HardenedMain: Final process, opening VBoxDrv...
39817f4.10ec: supR3HardenedEarlyCompact: Removed heap 1 (0x500000 LB 0x400000)
39917f4.10ec: supR3HardNtEnableThreadCreation:
40017f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
40117f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
40217f4.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801:<flags> [calling]
40317f4.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
40417f4.10ec: supR3HardenedDllNotificationCallback: load 6dc30000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
40517f4.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
40617f4.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
40717f4.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
40817f4.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
40917f4.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
41017f4.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
41117f4.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
41217f4.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
41317f4.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
41417f4.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
41517f4.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
41617f4.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
41717f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
41817f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
41917f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
42017f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
42117f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
42217f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
42317f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
42417f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
42517f4.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
42617f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
42717f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
42817f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
42917f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
43017f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
43117f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
43217f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
43317f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
43417f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
43517f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
43617f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
43717f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
43817f4.10ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
43917f4.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801:<flags> [calling]
44017f4.10ec: supR3HardenedDllNotificationCallback: load 76b80000 LB 0x000be000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
44117f4.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
44217f4.10ec: supR3HardenedDllNotificationCallback: load 74440000 LB 0x0000e000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
44317f4.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
44417f4.10ec: supR3HardenedDllNotificationCallback: load 74500000 LB 0x000df000 C:\WINDOWS\system32\ucrtbase.dll [fFlags=0x0]
44517f4.10ec: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume1\Windows\System32\ucrtbase.dll)
44617f4.10ec: Error (rc=0):
44717f4.10ec: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume1\Windows\System32\ucrtbase.dll: Load config header vs directory size mismatch: 0x78 vs 0x40
44817f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ucrtbase.dll
44917f4.10ec: Fatal error:
45017f4.10ec: supR3HardenedDllNotificationCallback: supR3HardenedScreenImage failed on 'C:\WINDOWS\system32\ucrtbase.dll' / '\??\C:\WINDOWS\system32\ucrtbase.dll': 0xc0000190
4511704.163c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 172 ms, the end);
45211c8.1630: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 750 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy