VirtualBox

Ticket #15752: VBoxHardening.2.log

File VBoxHardening.2.log, 19.7 KB (added by Sachin, 8 years ago)

file add by Sachin -

Line 
1316c.3064: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000028 g_uNtVerCombined=0x611db110
2316c.3064: \SystemRoot\System32\ntdll.dll:
3316c.3064: CreationTime: 2016-07-07T20:49:54.521575000Z
4316c.3064: LastWriteTime: 2016-04-09T06:59:27.660769000Z
5316c.3064: ChangeTime: 2016-07-08T19:12:56.838545300Z
6316c.3064: FileAttributes: 0x20
7316c.3064: Size: 0x1a7100
8316c.3064: NT Headers: 0xe0
9316c.3064: Timestamp: 0x5708a857
10316c.3064: Machine: 0x8664 - amd64
11316c.3064: Timestamp: 0x5708a857
12316c.3064: Image Version: 6.1
13316c.3064: SizeOfImage: 0x1aa000 (1744896)
14316c.3064: Resource Dir: 0x14e000 LB 0x5a028
15316c.3064: ProductName: Microsoft® Windows® Operating System
16316c.3064: ProductVersion: 6.1.7601.23418
17316c.3064: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
18316c.3064: FileDescription: NT Layer DLL
19316c.3064: \SystemRoot\System32\kernel32.dll:
20316c.3064: CreationTime: 2016-07-07T20:49:54.771149400Z
21316c.3064: LastWriteTime: 2016-04-09T06:57:53.879000000Z
22316c.3064: ChangeTime: 2016-07-08T19:13:09.669873300Z
23316c.3064: FileAttributes: 0x20
24316c.3064: Size: 0x11c000
25316c.3064: NT Headers: 0xe0
26316c.3064: Timestamp: 0x5708a89b
27316c.3064: Machine: 0x8664 - amd64
28316c.3064: Timestamp: 0x5708a89b
29316c.3064: Image Version: 6.1
30316c.3064: SizeOfImage: 0x11f000 (1175552)
31316c.3064: Resource Dir: 0x116000 LB 0x528
32316c.3064: ProductName: Microsoft® Windows® Operating System
33316c.3064: ProductVersion: 6.1.7601.23418
34316c.3064: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
35316c.3064: FileDescription: Windows NT BASE API Client DLL
36316c.3064: \SystemRoot\System32\KernelBase.dll:
37316c.3064: CreationTime: 2016-07-07T20:49:56.892531800Z
38316c.3064: LastWriteTime: 2016-04-09T06:57:53.879000000Z
39316c.3064: ChangeTime: 2016-07-08T19:13:09.778877300Z
40316c.3064: FileAttributes: 0x20
41316c.3064: Size: 0x66800
42316c.3064: NT Headers: 0xe8
43316c.3064: Timestamp: 0x5708a89c
44316c.3064: Machine: 0x8664 - amd64
45316c.3064: Timestamp: 0x5708a89c
46316c.3064: Image Version: 6.1
47316c.3064: SizeOfImage: 0x6a000 (434176)
48316c.3064: Resource Dir: 0x68000 LB 0x530
49316c.3064: ProductName: Microsoft® Windows® Operating System
50316c.3064: ProductVersion: 6.1.7601.23418
51316c.3064: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
52316c.3064: FileDescription: Windows NT BASE API Client DLL
53316c.3064: \SystemRoot\System32\apisetschema.dll:
54316c.3064: CreationTime: 2016-07-07T20:50:02.492357400Z
55316c.3064: LastWriteTime: 2016-04-09T06:57:48.684000000Z
56316c.3064: ChangeTime: 2016-07-08T19:12:55.374777300Z
57316c.3064: FileAttributes: 0x20
58316c.3064: Size: 0x1a00
59316c.3064: NT Headers: 0xc0
60316c.3064: Timestamp: 0x5708a835
61316c.3064: Machine: 0x8664 - amd64
62316c.3064: Timestamp: 0x5708a835
63316c.3064: Image Version: 6.1
64316c.3064: SizeOfImage: 0x50000 (327680)
65316c.3064: Resource Dir: 0x30000 LB 0x3f8
66316c.3064: ProductName: Microsoft® Windows® Operating System
67316c.3064: ProductVersion: 6.1.7601.23418
68316c.3064: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
69316c.3064: FileDescription: ApiSet Schema DLL
70316c.3064: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71316c.3064: supR3HardenedWinFindAdversaries: 0x4003
72316c.3064: \SystemRoot\System32\drivers\SysPlant.sys:
73316c.3064: CreationTime: 2016-07-06T00:29:20.399609600Z
74316c.3064: LastWriteTime: 2016-07-06T00:29:20.399609600Z
75316c.3064: ChangeTime: 2016-07-06T00:29:20.399609600Z
76316c.3064: FileAttributes: 0x20
77316c.3064: Size: 0x26f40
78316c.3064: NT Headers: 0x100
79316c.3064: Timestamp: 0x5413cb4e
80316c.3064: Machine: 0x8664 - amd64
81316c.3064: Timestamp: 0x5413cb4e
82316c.3064: Image Version: 5.0
83316c.3064: SizeOfImage: 0x2d000 (184320)
84316c.3064: Resource Dir: 0x2b000 LB 0x498
85316c.3064: ProductName: Symantec CMC Firewall
86316c.3064: ProductVersion: 12.1.5337.5000
87316c.3064: FileVersion: 12.1.5337.5000
88316c.3064: FileDescription: Symantec CMC Firewall SysPlant
89316c.3064: \SystemRoot\System32\sysfer.dll:
90316c.3064: CreationTime: 2016-07-06T00:29:20.399609600Z
91316c.3064: LastWriteTime: 2016-07-06T00:29:20.399609600Z
92316c.3064: ChangeTime: 2016-07-06T00:29:20.399609600Z
93316c.3064: FileAttributes: 0x20
94316c.3064: Size: 0x70f60
95316c.3064: NT Headers: 0xe8
96316c.3064: Timestamp: 0x5413cb55
97316c.3064: Machine: 0x8664 - amd64
98316c.3064: Timestamp: 0x5413cb55
99316c.3064: Image Version: 0.0
100316c.3064: SizeOfImage: 0x88000 (557056)
101316c.3064: Resource Dir: 0x86000 LB 0x630
102316c.3064: ProductName: Symantec CMC Firewall
103316c.3064: ProductVersion: 12.1.5337.5000
104316c.3064: FileVersion: 12.1.5337.5000
105316c.3064: FileDescription: Symantec CMC Firewall sysfer
106316c.3064: \SystemRoot\System32\drivers\symevent64x86.sys:
107316c.3064: CreationTime: 2016-07-06T00:31:08.019446400Z
108316c.3064: LastWriteTime: 2016-07-06T00:31:08.003844800Z
109316c.3064: ChangeTime: 2016-07-06T00:31:08.003844800Z
110316c.3064: FileAttributes: 0x20
111316c.3064: Size: 0x2b658
112316c.3064: NT Headers: 0xe8
113316c.3064: Timestamp: 0x51f32ff2
114316c.3064: Machine: 0x8664 - amd64
115316c.3064: Timestamp: 0x51f32ff2
116316c.3064: Image Version: 6.0
117316c.3064: SizeOfImage: 0x38000 (229376)
118316c.3064: Resource Dir: 0x36000 LB 0x3c8
119316c.3064: ProductName: SYMEVENT
120316c.3064: ProductVersion: 12.9.5.2
121316c.3064: FileVersion: 12.9.5.2
122316c.3064: FileDescription: Symantec Event Library
123316c.3064: \SystemRoot\System32\drivers\cyprotectdrv64.sys:
124316c.3064: CreationTime: 2016-07-06T00:48:50.755634000Z
125316c.3064: LastWriteTime: 2016-07-28T14:57:55.118601000Z
126316c.3064: ChangeTime: 2016-08-04T18:22:08.040899400Z
127316c.3064: FileAttributes: 0x20
128316c.3064: Size: 0x23e30
129316c.3064: NT Headers: 0xf8
130316c.3064: Timestamp: 0x577438a2
131316c.3064: Machine: 0x8664 - amd64
132316c.3064: Timestamp: 0x577438a2
133316c.3064: Image Version: 6.1
134316c.3064: SizeOfImage: 0xb6000 (745472)
135316c.3064: Resource Dir: 0xb4000 LB 0x2f0
136316c.3064: ProductName: CylancePROTECT
137316c.3064: ProductVersion: 1.2.1390.55
138316c.3064: FileVersion: 1.2.1390.55
139316c.3064: FileDescription: Cylance Protect Driver
140316c.3064: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
141316c.3064: Calling main()
142316c.3064: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
143316c.3064: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
144316c.3064: SUPR3HardenedMain: Respawn #1
145316c.3064: System32: \Device\HarddiskVolume2\Windows\System32
146316c.3064: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
147316c.3064: KnownDllPath: C:\windows\system32
148316c.3064: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
149316c.3064: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
150316c.3064: supR3HardNtEnableThreadCreation:
151316c.3064: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007759a0e0 pvNtTerminateThread=00000000775bc060
152316c.3064: supR3HardenedWinDoReSpawn(1): New child 2354.2bf4 [kernel32].
153316c.3064: supR3HardNtChildGatherData: PebBaseAddress=000007fffffda000 cbPeb=0x380
154316c.3064: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077570000 uNtDllChildAddr=0000000077570000
155316c.3064: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007759a0e0
156316c.3064: supR3HardenedWinSetupChildInit: Start child.
157316c.3064: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
158316c.3064: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 63 sleeps
159316c.3064: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
160316c.3064: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
161316c.3064: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
162316c.3064: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
163316c.3064: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
164316c.3064: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
165316c.3064: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
166316c.3064: *0000000000050000-000000000004efff 0x0020/0x0020 0x0020000 !!
167316c.3064: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000050000 (LB 0x1000, 0000000000050000 LB 0x1000)
168316c.3064: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000050000/0000000000050000 LB 0/0x1000]
169316c.3064: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000050000 LB 0x1a0000 s=0x10000 ap=0x0 rp=0x00000000000001
170316c.3064: 0000000000051000-ffffffffffeb1fff 0x0001/0x0000 0x0000000
171316c.3064: *00000000001f0000-00000000000f3fff 0x0000/0x0004 0x0020000
172316c.3064: 00000000002ec000-00000000002e9fff 0x0104/0x0004 0x0020000
173316c.3064: 00000000002ee000-00000000002ebfff 0x0004/0x0004 0x0020000
174316c.3064: 00000000002f0000-ffffffff8906ffff 0x0001/0x0000 0x0000000
175316c.3064: *0000000077570000-0000000077570fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
176316c.3064: 0000000077571000-000000007766dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
177316c.3064: 000000007766e000-000000007769cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
178316c.3064: 000000007769d000-00000000776a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
179316c.3064: 00000000776a7000-00000000776a7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
180316c.3064: 00000000776a8000-00000000776aafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
181316c.3064: 00000000776ab000-0000000077719fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
182316c.3064: 000000007771a000-000000006fe53fff 0x0001/0x0000 0x0000000
183316c.3064: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
184316c.3064: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
185316c.3064: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
186316c.3064: 000000007fff0000-ffffffffc02affff 0x0001/0x0000 0x0000000
187316c.3064: *000000013fd30000-000000013fd30fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
188316c.3064: 000000013fd31000-000000013fd9ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
189316c.3064: 000000013fda0000-000000013fda0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
190316c.3064: 000000013fda1000-000000013fde4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
191316c.3064: 000000013fde5000-000000013fde5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
192316c.3064: 000000013fde6000-000000013fde6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
193316c.3064: 000000013fde7000-000000013fdebfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
194316c.3064: 000000013fdec000-000000013fdecfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
195316c.3064: 000000013fded000-000000013fdedfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
196316c.3064: 000000013fdee000-000000013fdf1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
197316c.3064: 000000013fdf2000-000000013fe39fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
198316c.3064: 000000013fe3a000-000000013fe33fff 0x0001/0x0000 0x0000000
199316c.3064: *000000013fe40000-000000013fe3efff 0x0040/0x0040 0x0020000 !!
200316c.3064: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000000013fe40000 (LB 0x1000, 000000013fe40000 LB 0x1000)
201316c.3064: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000000013fe40000/000000013fe40000 LB 0/0x1000]
202316c.3064: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000000013fe40000 LB 0x7fdbfa50000 s=0x10000 ap=0x0 rp=0x00000000000001
203316c.3064: 000000013fe41000-fffff803803f1fff 0x0001/0x0000 0x0000000
204316c.3064: *000007feff890000-000007feff890fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
205316c.3064: 000007feff891000-000007fdff171fff 0x0001/0x0000 0x0000000
206316c.3064: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
207316c.3064: 000007fffffd3000-000007fffffcbfff 0x0001/0x0000 0x0000000
208316c.3064: *000007fffffda000-000007fffffd8fff 0x0004/0x0004 0x0020000
209316c.3064: 000007fffffdb000-000007fffffd7fff 0x0001/0x0000 0x0000000
210316c.3064: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
211316c.3064: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
212316c.3064: apisetschema.dll: timestamp 0x5708a835 (rc=VINF_SUCCESS)
213316c.3064: VirtualBox.exe: timestamp 0x5790f053 (rc=VINF_SUCCESS)
214316c.3064: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
215316c.3064: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
216316c.3064: 000000013fd30172 / 0x0000172: 00 != 11
217316c.3064: 000000013fd30174 / 0x0000174: 00 != f0
218316c.3064: 000000013fd301c8 / 0x00001c8: 00 != f0
219316c.3064: 000000013fd301ca / 0x00001ca: 00 != 11
220316c.3064: 000000013fd301cc / 0x00001cc: 00 != 20
221316c.3064: Restored 0x400 bytes of original file content at 000000013fd30000
222316c.3064: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
223316c.3064: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
224316c.3064: supR3HardNtChildPurify: cFixes=3 g_fSupAdversaries=0x4003 cPatchCount=0
225316c.3064: supR3HardNtChildPurify: Startup delay kludge #1/1: 514 ms, 64 sleeps
226316c.3064: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
227316c.3064: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
228316c.3064: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
229316c.3064: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
230316c.3064: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
231316c.3064: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
232316c.3064: 0000000000041000-ffffffffffe91fff 0x0001/0x0000 0x0000000
233316c.3064: *00000000001f0000-00000000000f3fff 0x0000/0x0004 0x0020000
234316c.3064: 00000000002ec000-00000000002e9fff 0x0104/0x0004 0x0020000
235316c.3064: 00000000002ee000-00000000002ebfff 0x0004/0x0004 0x0020000
236316c.3064: 00000000002f0000-ffffffff8906ffff 0x0001/0x0000 0x0000000
237316c.3064: *0000000077570000-0000000077570fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
238316c.3064: 0000000077571000-000000007766dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
239316c.3064: 000000007766e000-000000007769cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
240316c.3064: 000000007769d000-00000000776a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
241316c.3064: 00000000776a7000-00000000776a7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
242316c.3064: 00000000776a8000-00000000776a8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
243316c.3064: 00000000776a9000-00000000776aafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
244316c.3064: 00000000776ab000-0000000077719fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
245316c.3064: 000000007771a000-000000006fe53fff 0x0001/0x0000 0x0000000
246316c.3064: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
247316c.3064: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
248316c.3064: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
249316c.3064: 000000007fff0000-ffffffffc02affff 0x0001/0x0000 0x0000000
250316c.3064: *000000013fd30000-000000013fd30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
251316c.3064: 000000013fd31000-000000013fd9ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
252316c.3064: 000000013fda0000-000000013fda0fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
253316c.3064: 000000013fda1000-000000013fde4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
254316c.3064: 000000013fde5000-000000013fdf1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
255316c.3064: 000000013fdf2000-000000013fe39fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
256316c.3064: 000000013fe3a000-fffff803803e3fff 0x0001/0x0000 0x0000000
257316c.3064: *000007feff890000-000007feff890fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
258316c.3064: 000007feff891000-000007fdff171fff 0x0001/0x0000 0x0000000
259316c.3064: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
260316c.3064: 000007fffffd3000-000007fffffcbfff 0x0001/0x0000 0x0000000
261316c.3064: *000007fffffda000-000007fffffd8fff 0x0004/0x0004 0x0020000
262316c.3064: 000007fffffdb000-000007fffffd7fff 0x0001/0x0000 0x0000000
263316c.3064: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
264316c.3064: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
265316c.3064: supR3HardNtChildPurify: Done after 1423 ms and 3 fixes (loop #1).
266316c.3064: supR3HardNtEnableThreadCreation:
2672354.2bf4: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
2682354.2bf4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077570000 g_uNtVerCombined=0x611db100
2692354.2bf4: ntdll.dll: timestamp 0x5708a857 (rc=VINF_SUCCESS)
2702354.2bf4: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1744896 allocation)
2712354.2bf4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2722354.2bf4: System32: \Device\HarddiskVolume2\Windows\System32
2732354.2bf4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
2742354.2bf4: KnownDllPath: C:\windows\system32
2752354.2bf4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2762354.2bf4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2772354.2bf4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2782354.2bf4: Registered Dll notification callback with NTDLL.
2792354.2bf4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2802354.2bf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2812354.2bf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2822354.2bf4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
283316c.3064: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2038 ms, CloseEvents);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy