VirtualBox

Ticket #15337: VBoxHardening.log

File VBoxHardening.log, 32.4 KB (added by Zupo Llask, 8 years ago)
Line 
11858.158c: Log file opened: 5.0.19r106880 g_hStartupLog=0000005c g_uNtVerCombined=0xa037f800
21858.158c: \SystemRoot\System32\ntdll.dll:
31858.158c: CreationTime: 2016-04-19T05:54:51.139703400Z
41858.158c: LastWriteTime: 2016-04-19T05:54:51.139703400Z
51858.158c: ChangeTime: 2016-04-23T00:41:00.276131400Z
61858.158c: FileAttributes: 0x20
71858.158c: Size: 0x17e300
81858.158c: NT Headers: 0xe8
91858.158c: Timestamp: 0x571585b7
101858.158c: Machine: 0x14c - i386
111858.158c: Timestamp: 0x571585b7
121858.158c: Image Version: 10.0
131858.158c: SizeOfImage: 0x180000 (1572864)
141858.158c: Resource Dir: 0x114000 LB 0x66fe8
151858.158c: ProductName: Microsoft® Windows® Operating System
161858.158c: ProductVersion: 10.0.14328.1000
171858.158c: FileVersion: 10.0.14328.1000 (rs1_release.160418-1609)
181858.158c: FileDescription: NT Layer DLL
191858.158c: \SystemRoot\System32\kernel32.dll:
201858.158c: CreationTime: 2016-04-19T05:54:33.980956600Z
211858.158c: LastWriteTime: 2016-04-19T05:54:33.980956600Z
221858.158c: ChangeTime: 2016-04-23T00:40:56.635498100Z
231858.158c: FileAttributes: 0x20
241858.158c: Size: 0x996a8
251858.158c: NT Headers: 0xf8
261858.158c: Timestamp: 0x571585f7
271858.158c: Machine: 0x14c - i386
281858.158c: Timestamp: 0x571585f7
291858.158c: Image Version: 10.0
301858.158c: SizeOfImage: 0x97000 (618496)
311858.158c: Resource Dir: 0x91000 LB 0x528
321858.158c: ProductName: Microsoft® Windows® Operating System
331858.158c: ProductVersion: 10.0.14328.1000
341858.158c: FileVersion: 10.0.14328.1000 (rs1_release.160418-1609)
351858.158c: FileDescription: Windows NT BASE API Client DLL
361858.158c: \SystemRoot\System32\KernelBase.dll:
371858.158c: CreationTime: 2016-04-19T05:54:51.202209400Z
381858.158c: LastWriteTime: 2016-04-19T05:54:51.202209400Z
391858.158c: ChangeTime: 2016-04-23T00:40:56.682374300Z
401858.158c: FileAttributes: 0x20
411858.158c: Size: 0x1998f0
421858.158c: NT Headers: 0xf0
431858.158c: Timestamp: 0x57158653
441858.158c: Machine: 0x14c - i386
451858.158c: Timestamp: 0x57158653
461858.158c: Image Version: 10.0
471858.158c: SizeOfImage: 0x19c000 (1687552)
481858.158c: Resource Dir: 0x17a000 LB 0x540
491858.158c: ProductName: Microsoft® Windows® Operating System
501858.158c: ProductVersion: 10.0.14328.1000
511858.158c: FileVersion: 10.0.14328.1000 (rs1_release.160418-1609)
521858.158c: FileDescription: Windows NT BASE API Client DLL
531858.158c: \SystemRoot\System32\apisetschema.dll:
541858.158c: CreationTime: 2016-04-19T05:54:40.481920400Z
551858.158c: LastWriteTime: 2016-04-19T05:54:40.481920400Z
561858.158c: ChangeTime: 2016-04-23T00:40:44.588603500Z
571858.158c: FileAttributes: 0x20
581858.158c: Size: 0x17510
591858.158c: NT Headers: 0xc8
601858.158c: Timestamp: 0x571588de
611858.158c: Machine: 0x14c - i386
621858.158c: Timestamp: 0x571588de
631858.158c: Image Version: 10.0
641858.158c: SizeOfImage: 0x19000 (102400)
651858.158c: Resource Dir: 0x18000 LB 0x400
661858.158c: ProductName: Microsoft® Windows® Operating System
671858.158c: ProductVersion: 10.0.14328.1000
681858.158c: FileVersion: 10.0.14328.1000 (rs1_release.160418-1609)
691858.158c: FileDescription: ApiSet Schema DLL
701858.158c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
711858.158c: supR3HardenedWinFindAdversaries: 0x0
721858.158c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
731858.158c: Calling main()
741858.158c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
751858.158c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
761858.158c: SUPR3HardenedMain: Respawn #1
771858.158c: System32: \Device\HarddiskVolume1\Windows\System32
781858.158c: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
791858.158c: KnownDllPath: C:\WINDOWS\system32
801858.158c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
811858.158c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
821858.158c: supR3HardNtEnableThreadCreation:
831858.158c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77d52ef0 pvNtTerminateThread=77d6e0b0
841858.158c: supR3HardenedWinDoReSpawn(1): New child 7d4.1cec [kernel32].
851858.158c: supR3HardNtChildGatherData: PebBaseAddress=002fa000 cbPeb=0x250
861858.158c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77ce0000 uNtDllChildAddr=77ce0000
871858.158c: supR3HardenedWinSetupChildInit: uLdrInitThunk=77d52ef0
881858.158c: supR3HardenedWinSetupChildInit: Start child.
891858.158c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
901858.158c: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 0 sleeps
911858.158c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
921858.158c: *00000000-fffeffff 0x0001/0x0000 0x0000000
931858.158c: *00010000-fffeffff 0x0004/0x0004 0x0020000
941858.158c: *00030000-00019fff 0x0002/0x0002 0x0040000
951858.158c: 00046000-0003bfff 0x0001/0x0000 0x0000000
961858.158c: *00050000-fff53fff 0x0000/0x0004 0x0020000
971858.158c: 0014c000-00149fff 0x0104/0x0004 0x0020000
981858.158c: 0014e000-0014bfff 0x0004/0x0004 0x0020000
991858.158c: *00150000-0014bfff 0x0002/0x0002 0x0040000
1001858.158c: 00154000-00147fff 0x0001/0x0000 0x0000000
1011858.158c: *00160000-0015dfff 0x0004/0x0004 0x0020000
1021858.158c: 00162000-000c3fff 0x0001/0x0000 0x0000000
1031858.158c: *00200000-00105fff 0x0000/0x0004 0x0020000
1041858.158c: 002fa000-002f7fff 0x0004/0x0004 0x0020000
1051858.158c: 002fc000-001f7fff 0x0000/0x0004 0x0020000
1061858.158c: 00400000-ff80ffff 0x0001/0x0000 0x0000000
1071858.158c: *00ff0000-00ff0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1081858.158c: 00ff1000-01056fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1091858.158c: 01057000-01057fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1101858.158c: 01058000-01091fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1111858.158c: 01092000-01092fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1121858.158c: 01093000-01093fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1131858.158c: 01094000-01094fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1141858.158c: 01095000-01095fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1151858.158c: 01096000-0109afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1161858.158c: 0109b000-0109dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1171858.158c: 0109e000-010e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1181858.158c: 010e2000-8a4e3fff 0x0001/0x0000 0x0000000
1191858.158c: *77ce0000-77ce0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1201858.158c: 77ce1000-77decfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1211858.158c: 77ded000-77df0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1221858.158c: 77df1000-77df1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1231858.158c: 77df2000-77df3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1241858.158c: 77df4000-77e5ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1251858.158c: 77e60000-70c3ffff 0x0001/0x0000 0x0000000
1261858.158c: *7f080000-7f05cfff 0x0002/0x0002 0x0040000
1271858.158c: 7f0a3000-7e165fff 0x0001/0x0000 0x0000000
1281858.158c: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
1291858.158c: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
1301858.158c: VirtualBox.exe: timestamp 0x571f0cfd (rc=VINF_SUCCESS)
1311858.158c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1321858.158c: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
1331858.158c: supR3HardNtChildPurify: Done after 343 ms and 0 fixes (loop #0).
1347d4.1cec: Log file opened: 5.0.19r106880 g_hStartupLog=00000004 g_uNtVerCombined=0xa037f800
1357d4.1cec: supR3HardenedVmProcessInit: uNtDllAddr=77ce0000 g_uNtVerCombined=0xa037f800
1367d4.1cec: ntdll.dll: timestamp 0x571585b7 (rc=VINF_SUCCESS)
1377d4.1cec: New simple heap: #1 00500000 LB 0x400000 (for 1572864 allocation)
1381858.158c: supR3HardNtEnableThreadCreation:
1397d4.1cec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
1407d4.1cec: System32: \Device\HarddiskVolume1\Windows\System32
1417d4.1cec: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
1427d4.1cec: KnownDllPath: C:\WINDOWS\system32
1437d4.1cec: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1447d4.1cec: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1457d4.1cec: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1467d4.1cec: Registered Dll notification callback with NTDLL.
1477d4.1cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
1487d4.1cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
1497d4.1cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000801:<flags> [calling]
1507d4.1cec: supR3HardenedDllNotificationCallback: load 75440000 LB 0x0019c000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
1517d4.1cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
1527d4.1cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1537d4.1cec: supR3HardenedDllNotificationCallback: load 763b0000 LB 0x00097000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
1547d4.1cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1557d4.1cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=763b0000 'C:\WINDOWS\system32\KERNEL32.DLL'
1567d4.1cec: supR3HardenedDllNotificationCallback: load 00ff0000 LB 0x000f2000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
1577d4.1cec: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1587d4.1cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1597d4.1cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1607d4.1cec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77d52ef0 pvNtTerminateThread=77d6e0b0
1611858.158c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 172 ms.
1627d4.1cec: \SystemRoot\System32\ntdll.dll:
1637d4.1cec: CreationTime: 2016-04-19T05:54:51.139703400Z
1647d4.1cec: LastWriteTime: 2016-04-19T05:54:51.139703400Z
1657d4.1cec: ChangeTime: 2016-04-23T00:41:00.276131400Z
1667d4.1cec: FileAttributes: 0x20
1677d4.1cec: Size: 0x17e300
1687d4.1cec: NT Headers: 0xe8
1697d4.1cec: Timestamp: 0x571585b7
1707d4.1cec: Machine: 0x14c - i386
1717d4.1cec: Timestamp: 0x571585b7
1727d4.1cec: Image Version: 10.0
1737d4.1cec: SizeOfImage: 0x180000 (1572864)
1747d4.1cec: Resource Dir: 0x114000 LB 0x66fe8
1757d4.1cec: ProductName: Microsoft® Windows® Operating System
1767d4.1cec: ProductVersion: 10.0.14328.1000
1777d4.1cec: FileVersion: 10.0.14328.1000 (rs1_release.160418-1609)
1787d4.1cec: FileDescription: NT Layer DLL
1797d4.1cec: \SystemRoot\System32\kernel32.dll:
1807d4.1cec: CreationTime: 2016-04-19T05:54:33.980956600Z
1817d4.1cec: LastWriteTime: 2016-04-19T05:54:33.980956600Z
1827d4.1cec: ChangeTime: 2016-04-23T00:40:56.635498100Z
1837d4.1cec: FileAttributes: 0x20
1847d4.1cec: Size: 0x996a8
1857d4.1cec: NT Headers: 0xf8
1867d4.1cec: Timestamp: 0x571585f7
1877d4.1cec: Machine: 0x14c - i386
1887d4.1cec: Timestamp: 0x571585f7
1897d4.1cec: Image Version: 10.0
1907d4.1cec: SizeOfImage: 0x97000 (618496)
1917d4.1cec: Resource Dir: 0x91000 LB 0x528
1927d4.1cec: ProductName: Microsoft® Windows® Operating System
1937d4.1cec: ProductVersion: 10.0.14328.1000
1947d4.1cec: FileVersion: 10.0.14328.1000 (rs1_release.160418-1609)
1957d4.1cec: FileDescription: Windows NT BASE API Client DLL
1967d4.1cec: \SystemRoot\System32\KernelBase.dll:
1977d4.1cec: CreationTime: 2016-04-19T05:54:51.202209400Z
1987d4.1cec: LastWriteTime: 2016-04-19T05:54:51.202209400Z
1997d4.1cec: ChangeTime: 2016-04-23T00:40:56.682374300Z
2007d4.1cec: FileAttributes: 0x20
2017d4.1cec: Size: 0x1998f0
2027d4.1cec: NT Headers: 0xf0
2037d4.1cec: Timestamp: 0x57158653
2047d4.1cec: Machine: 0x14c - i386
2057d4.1cec: Timestamp: 0x57158653
2067d4.1cec: Image Version: 10.0
2077d4.1cec: SizeOfImage: 0x19c000 (1687552)
2087d4.1cec: Resource Dir: 0x17a000 LB 0x540
2097d4.1cec: ProductName: Microsoft® Windows® Operating System
2107d4.1cec: ProductVersion: 10.0.14328.1000
2117d4.1cec: FileVersion: 10.0.14328.1000 (rs1_release.160418-1609)
2127d4.1cec: FileDescription: Windows NT BASE API Client DLL
2137d4.1cec: \SystemRoot\System32\apisetschema.dll:
2147d4.1cec: CreationTime: 2016-04-19T05:54:40.481920400Z
2157d4.1cec: LastWriteTime: 2016-04-19T05:54:40.481920400Z
2167d4.1cec: ChangeTime: 2016-04-23T00:40:44.588603500Z
2177d4.1cec: FileAttributes: 0x20
2187d4.1cec: Size: 0x17510
2197d4.1cec: NT Headers: 0xc8
2207d4.1cec: Timestamp: 0x571588de
2217d4.1cec: Machine: 0x14c - i386
2227d4.1cec: Timestamp: 0x571588de
2237d4.1cec: Image Version: 10.0
2247d4.1cec: SizeOfImage: 0x19000 (102400)
2257d4.1cec: Resource Dir: 0x18000 LB 0x400
2267d4.1cec: ProductName: Microsoft® Windows® Operating System
2277d4.1cec: ProductVersion: 10.0.14328.1000
2287d4.1cec: FileVersion: 10.0.14328.1000 (rs1_release.160418-1609)
2297d4.1cec: FileDescription: ApiSet Schema DLL
2307d4.1cec: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2317d4.1cec: supR3HardenedWinFindAdversaries: 0x0
2327d4.1cec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
2337d4.1cec: Calling main()
2347d4.1cec: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2357d4.1cec: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
2367d4.1cec: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2377d4.1cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2387d4.1cec: SUPR3HardenedMain: Respawn #2
2397d4.1cec: supR3HardNtEnableThreadCreation:
2407d4.1cec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77d52ef0 pvNtTerminateThread=77d6e0b0
2417d4.1cec: supR3HardenedWinDoReSpawn(2): New child f64.1d20 [kernel32].
2427d4.1cec: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2437d4.1cec: supR3HardNtChildGatherData: PebBaseAddress=003ba000 cbPeb=0x250
2447d4.1cec: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77ce0000 uNtDllChildAddr=77ce0000
2457d4.1cec: supR3HardenedWinSetupChildInit: uLdrInitThunk=77d52ef0
2467d4.1cec: supR3HardenedWinSetupChildInit: Start child.
2477d4.1cec: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2487d4.1cec: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 0 sleeps
2497d4.1cec: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2507d4.1cec: *00000000-fffeffff 0x0001/0x0000 0x0000000
2517d4.1cec: *00010000-fffeffff 0x0004/0x0004 0x0020000
2527d4.1cec: *00030000-00019fff 0x0002/0x0002 0x0040000
2537d4.1cec: 00046000-0003bfff 0x0001/0x0000 0x0000000
2547d4.1cec: *00050000-fff53fff 0x0000/0x0004 0x0020000
2557d4.1cec: 0014c000-00149fff 0x0104/0x0004 0x0020000
2567d4.1cec: 0014e000-0014bfff 0x0004/0x0004 0x0020000
2577d4.1cec: *00150000-0014bfff 0x0002/0x0002 0x0040000
2587d4.1cec: 00154000-00147fff 0x0001/0x0000 0x0000000
2597d4.1cec: *00160000-0015dfff 0x0004/0x0004 0x0020000
2607d4.1cec: 00162000-000c3fff 0x0001/0x0000 0x0000000
2617d4.1cec: *00200000-00045fff 0x0000/0x0004 0x0020000
2627d4.1cec: 003ba000-003b7fff 0x0004/0x0004 0x0020000
2637d4.1cec: 003bc000-00377fff 0x0000/0x0004 0x0020000
2647d4.1cec: 00400000-ff80ffff 0x0001/0x0000 0x0000000
2657d4.1cec: *00ff0000-00ff0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2667d4.1cec: 00ff1000-01056fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2677d4.1cec: 01057000-01057fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2687d4.1cec: 01058000-01091fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2697d4.1cec: 01092000-01092fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2707d4.1cec: 01093000-01093fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2717d4.1cec: 01094000-01094fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2727d4.1cec: 01095000-01095fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2737d4.1cec: 01096000-0109afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2747d4.1cec: 0109b000-0109dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2757d4.1cec: 0109e000-010e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2767d4.1cec: 010e2000-8a4e3fff 0x0001/0x0000 0x0000000
2777d4.1cec: *77ce0000-77ce0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2787d4.1cec: 77ce1000-77decfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2797d4.1cec: 77ded000-77df0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2807d4.1cec: 77df1000-77df1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2817d4.1cec: 77df2000-77df3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2827d4.1cec: 77df4000-77e5ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2837d4.1cec: 77e60000-7099ffff 0x0001/0x0000 0x0000000
2847d4.1cec: *7f320000-7f2fcfff 0x0002/0x0002 0x0040000
2857d4.1cec: 7f343000-7e6a5fff 0x0001/0x0000 0x0000000
2867d4.1cec: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
2877d4.1cec: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
2887d4.1cec: VirtualBox.exe: timestamp 0x571f0cfd (rc=VINF_SUCCESS)
2897d4.1cec: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2907d4.1cec: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
2917d4.1cec: supR3HardNtChildPurify: Done after 344 ms and 0 fixes (loop #0).
292f64.1d20: Log file opened: 5.0.19r106880 g_hStartupLog=00000004 g_uNtVerCombined=0xa037f800
293f64.1d20: supR3HardenedVmProcessInit: uNtDllAddr=77ce0000 g_uNtVerCombined=0xa037f800
294f64.1d20: ntdll.dll: timestamp 0x571585b7 (rc=VINF_SUCCESS)
295f64.1d20: New simple heap: #1 00500000 LB 0x400000 (for 1572864 allocation)
2967d4.1cec: supR3HardenedEarlyCompact: Removed heap 1 (0x500000 LB 0x400000)
2977d4.1cec: supR3HardNtEnableThreadCreation:
298f64.1d20: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
299f64.1d20: System32: \Device\HarddiskVolume1\Windows\System32
300f64.1d20: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
301f64.1d20: KnownDllPath: C:\WINDOWS\system32
302f64.1d20: supR3HardenedVmProcessInit: Opening vboxdrv...
303f64.1d20: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
304f64.1d20: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
305f64.1d20: Registered Dll notification callback with NTDLL.
306f64.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
307f64.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
308f64.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000801:<flags> [calling]
309f64.1d20: supR3HardenedDllNotificationCallback: load 75440000 LB 0x0019c000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
310f64.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
311f64.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
312f64.1d20: supR3HardenedDllNotificationCallback: load 763b0000 LB 0x00097000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
313f64.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
314f64.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=763b0000 'C:\WINDOWS\system32\KERNEL32.DLL'
315f64.1d20: supR3HardenedDllNotificationCallback: load 00ff0000 LB 0x000f2000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
316f64.1d20: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
317f64.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
318f64.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
319f64.1d20: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77d52ef0 pvNtTerminateThread=77d6e0b0
3207d4.1cec: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 234 ms.
321f64.1d20: \SystemRoot\System32\ntdll.dll:
322f64.1d20: CreationTime: 2016-04-19T05:54:51.139703400Z
323f64.1d20: LastWriteTime: 2016-04-19T05:54:51.139703400Z
324f64.1d20: ChangeTime: 2016-04-23T00:41:00.276131400Z
325f64.1d20: FileAttributes: 0x20
326f64.1d20: Size: 0x17e300
327f64.1d20: NT Headers: 0xe8
328f64.1d20: Timestamp: 0x571585b7
329f64.1d20: Machine: 0x14c - i386
330f64.1d20: Timestamp: 0x571585b7
331f64.1d20: Image Version: 10.0
332f64.1d20: SizeOfImage: 0x180000 (1572864)
333f64.1d20: Resource Dir: 0x114000 LB 0x66fe8
334f64.1d20: ProductName: Microsoft® Windows® Operating System
335f64.1d20: ProductVersion: 10.0.14328.1000
336f64.1d20: FileVersion: 10.0.14328.1000 (rs1_release.160418-1609)
337f64.1d20: FileDescription: NT Layer DLL
338f64.1d20: \SystemRoot\System32\kernel32.dll:
339f64.1d20: CreationTime: 2016-04-19T05:54:33.980956600Z
340f64.1d20: LastWriteTime: 2016-04-19T05:54:33.980956600Z
341f64.1d20: ChangeTime: 2016-04-23T00:40:56.635498100Z
342f64.1d20: FileAttributes: 0x20
343f64.1d20: Size: 0x996a8
344f64.1d20: NT Headers: 0xf8
345f64.1d20: Timestamp: 0x571585f7
346f64.1d20: Machine: 0x14c - i386
347f64.1d20: Timestamp: 0x571585f7
348f64.1d20: Image Version: 10.0
349f64.1d20: SizeOfImage: 0x97000 (618496)
350f64.1d20: Resource Dir: 0x91000 LB 0x528
351f64.1d20: ProductName: Microsoft® Windows® Operating System
352f64.1d20: ProductVersion: 10.0.14328.1000
353f64.1d20: FileVersion: 10.0.14328.1000 (rs1_release.160418-1609)
354f64.1d20: FileDescription: Windows NT BASE API Client DLL
355f64.1d20: \SystemRoot\System32\KernelBase.dll:
356f64.1d20: CreationTime: 2016-04-19T05:54:51.202209400Z
357f64.1d20: LastWriteTime: 2016-04-19T05:54:51.202209400Z
358f64.1d20: ChangeTime: 2016-04-23T00:40:56.682374300Z
359f64.1d20: FileAttributes: 0x20
360f64.1d20: Size: 0x1998f0
361f64.1d20: NT Headers: 0xf0
362f64.1d20: Timestamp: 0x57158653
363f64.1d20: Machine: 0x14c - i386
364f64.1d20: Timestamp: 0x57158653
365f64.1d20: Image Version: 10.0
366f64.1d20: SizeOfImage: 0x19c000 (1687552)
367f64.1d20: Resource Dir: 0x17a000 LB 0x540
368f64.1d20: ProductName: Microsoft® Windows® Operating System
369f64.1d20: ProductVersion: 10.0.14328.1000
370f64.1d20: FileVersion: 10.0.14328.1000 (rs1_release.160418-1609)
371f64.1d20: FileDescription: Windows NT BASE API Client DLL
372f64.1d20: \SystemRoot\System32\apisetschema.dll:
373f64.1d20: CreationTime: 2016-04-19T05:54:40.481920400Z
374f64.1d20: LastWriteTime: 2016-04-19T05:54:40.481920400Z
375f64.1d20: ChangeTime: 2016-04-23T00:40:44.588603500Z
376f64.1d20: FileAttributes: 0x20
377f64.1d20: Size: 0x17510
378f64.1d20: NT Headers: 0xc8
379f64.1d20: Timestamp: 0x571588de
380f64.1d20: Machine: 0x14c - i386
381f64.1d20: Timestamp: 0x571588de
382f64.1d20: Image Version: 10.0
383f64.1d20: SizeOfImage: 0x19000 (102400)
384f64.1d20: Resource Dir: 0x18000 LB 0x400
385f64.1d20: ProductName: Microsoft® Windows® Operating System
386f64.1d20: ProductVersion: 10.0.14328.1000
387f64.1d20: FileVersion: 10.0.14328.1000 (rs1_release.160418-1609)
388f64.1d20: FileDescription: ApiSet Schema DLL
389f64.1d20: NtOpenDirectoryObject failed on \Driver: 0xc0000022
390f64.1d20: supR3HardenedWinFindAdversaries: 0x0
391f64.1d20: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
392f64.1d20: Calling main()
393f64.1d20: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
394f64.1d20: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
395f64.1d20: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
396f64.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
397f64.1d20: SUPR3HardenedMain: Final process, opening VBoxDrv...
398f64.1d20: supR3HardenedEarlyCompact: Removed heap 1 (0x500000 LB 0x400000)
399f64.1d20: supR3HardNtEnableThreadCreation:
400f64.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
401f64.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
402f64.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801:<flags> [calling]
403f64.1d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
404f64.1d20: supR3HardenedDllNotificationCallback: load 6dc30000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
405f64.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
406f64.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
407f64.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
408f64.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
409f64.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
410f64.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
411f64.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
412f64.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
413f64.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
414f64.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
415f64.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
416f64.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
417f64.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
418f64.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
419f64.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
420f64.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
421f64.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
422f64.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
423f64.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
424f64.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
425f64.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
426f64.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
427f64.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
428f64.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
429f64.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
430f64.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
431f64.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
432f64.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
433f64.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
434f64.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
435f64.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
436f64.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
437f64.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
438f64.1d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
439f64.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801:<flags> [calling]
440f64.1d20: supR3HardenedDllNotificationCallback: load 77ad0000 LB 0x000be000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
441f64.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
442f64.1d20: supR3HardenedDllNotificationCallback: load 74980000 LB 0x0000e000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
443f64.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
444f64.1d20: supR3HardenedDllNotificationCallback: load 74b80000 LB 0x000df000 C:\WINDOWS\system32\ucrtbase.dll [fFlags=0x0]
445f64.1d20: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume1\Windows\System32\ucrtbase.dll)
446f64.1d20: Error (rc=0):
447f64.1d20: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume1\Windows\System32\ucrtbase.dll: Unexpected load config dir size of 124 bytes (dir 64); supported sized: 120, 104, 92, 72, or 64
448f64.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ucrtbase.dll
449f64.1d20: Fatal error:
450f64.1d20: supR3HardenedDllNotificationCallback: supR3HardenedScreenImage failed on 'C:\WINDOWS\system32\ucrtbase.dll' / '\??\C:\WINDOWS\system32\ucrtbase.dll': 0xc0000190
4517d4.1cec: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 185 ms, the end);
4521858.158c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 790 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy