VirtualBox

Ticket #15752: VBoxHardening.log

File VBoxHardening.log, 16.8 KB (added by slattdog, 8 years ago)
Line 
1ca8.890: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000058 g_uNtVerCombined=0xa0295a00
2ca8.890: \SystemRoot\System32\ntdll.dll:
3ca8.890: CreationTime: 2016-08-05T14:44:27.558437800Z
4ca8.890: LastWriteTime: 2016-04-23T05:24:28.464629900Z
5ca8.890: ChangeTime: 2016-08-05T14:58:15.883958700Z
6ca8.890: FileAttributes: 0x20
7ca8.890: Size: 0x1bc248
8ca8.890: NT Headers: 0xe0
9ca8.890: Timestamp: 0x571af2eb
10ca8.890: Machine: 0x8664 - amd64
11ca8.890: Timestamp: 0x571af2eb
12ca8.890: Image Version: 10.0
13ca8.890: SizeOfImage: 0x1c1000 (1839104)
14ca8.890: Resource Dir: 0x159000 LB 0x66218
15ca8.890: ProductName: Microsoft® Windows® Operating System
16ca8.890: ProductVersion: 10.0.10586.306
17ca8.890: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
18ca8.890: FileDescription: NT Layer DLL
19ca8.890: \SystemRoot\System32\kernel32.dll:
20ca8.890: CreationTime: 2015-10-30T07:17:46.221743200Z
21ca8.890: LastWriteTime: 2015-10-30T07:17:46.221743200Z
22ca8.890: ChangeTime: 2016-08-04T22:35:08.473994800Z
23ca8.890: FileAttributes: 0x20
24ca8.890: Size: 0xac430
25ca8.890: NT Headers: 0xf0
26ca8.890: Timestamp: 0x5632d5aa
27ca8.890: Machine: 0x8664 - amd64
28ca8.890: Timestamp: 0x5632d5aa
29ca8.890: Image Version: 10.0
30ca8.890: SizeOfImage: 0xad000 (708608)
31ca8.890: Resource Dir: 0xab000 LB 0x528
32ca8.890: ProductName: Microsoft® Windows® Operating System
33ca8.890: ProductVersion: 10.0.10586.0
34ca8.890: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
35ca8.890: FileDescription: Windows NT BASE API Client DLL
36ca8.890: \SystemRoot\System32\KernelBase.dll:
37ca8.890: CreationTime: 2016-08-05T14:43:56.646389100Z
38ca8.890: LastWriteTime: 2016-07-01T04:49:21.864958900Z
39ca8.890: ChangeTime: 2016-08-05T14:58:14.821403600Z
40ca8.890: FileAttributes: 0x20
41ca8.890: Size: 0x1e7a10
42ca8.890: NT Headers: 0xf0
43ca8.890: Timestamp: 0x5775e4c5
44ca8.890: Machine: 0x8664 - amd64
45ca8.890: Timestamp: 0x5775e4c5
46ca8.890: Image Version: 10.0
47ca8.890: SizeOfImage: 0x1e8000 (1998848)
48ca8.890: Resource Dir: 0x1d1000 LB 0x548
49ca8.890: ProductName: Microsoft® Windows® Operating System
50ca8.890: ProductVersion: 10.0.10586.494
51ca8.890: FileVersion: 10.0.10586.494 (th2_release_sec.160630-1736)
52ca8.890: FileDescription: Windows NT BASE API Client DLL
53ca8.890: \SystemRoot\System32\apisetschema.dll:
54ca8.890: CreationTime: 2015-10-30T07:17:57.502957900Z
55ca8.890: LastWriteTime: 2015-10-30T07:17:57.502957900Z
56ca8.890: ChangeTime: 2016-08-04T23:23:28.221807700Z
57ca8.890: FileAttributes: 0x20
58ca8.890: Size: 0x16d60
59ca8.890: NT Headers: 0xc8
60ca8.890: Timestamp: 0x5632d94c
61ca8.890: Machine: 0x8664 - amd64
62ca8.890: Timestamp: 0x5632d94c
63ca8.890: Image Version: 10.0
64ca8.890: SizeOfImage: 0x18000 (98304)
65ca8.890: Resource Dir: 0x17000 LB 0x400
66ca8.890: ProductName: Microsoft® Windows® Operating System
67ca8.890: ProductVersion: 10.0.10586.0
68ca8.890: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
69ca8.890: FileDescription: ApiSet Schema DLL
70ca8.890: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71ca8.890: supR3HardenedWinFindAdversaries: 0x4000
72ca8.890: \SystemRoot\System32\drivers\cyprotectdrv64.sys:
73ca8.890: CreationTime: 2016-08-04T21:47:26.814099800Z
74ca8.890: LastWriteTime: 2016-04-29T09:24:28.000000000Z
75ca8.890: ChangeTime: 2016-08-05T14:59:41.550640100Z
76ca8.890: FileAttributes: 0x20
77ca8.890: Size: 0x22830
78ca8.890: NT Headers: 0xf0
79ca8.890: Timestamp: 0x5722eff1
80ca8.890: Machine: 0x8664 - amd64
81ca8.890: Timestamp: 0x5722eff1
82ca8.890: Image Version: 6.1
83ca8.890: SizeOfImage: 0x65000 (413696)
84ca8.890: Resource Dir: 0x63000 LB 0x2f0
85ca8.890: ProductName: CylancePROTECT
86ca8.890: ProductVersion: 1.2.1372.27
87ca8.890: FileVersion: 1.2.1372.27
88ca8.890: FileDescription: Cylance Protect Driver
89ca8.890: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
90ca8.890: Calling main()
91ca8.890: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
92ca8.890: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
93ca8.890: SUPR3HardenedMain: Respawn #1
94ca8.890: System32: \Device\HarddiskVolume4\Windows\System32
95ca8.890: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
96ca8.890: KnownDllPath: C:\Windows\system32
97ca8.890: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
98ca8.890: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
99ca8.890: supR3HardNtEnableThreadCreation:
100ca8.890: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb7a916d50 pvNtTerminateThread=00007ffb7a945b30
101ca8.890: supR3HardenedWinDoReSpawn(1): New child 960.8ec [kernel32].
102ca8.890: supR3HardNtChildGatherData: PebBaseAddress=00000000003dd000 cbPeb=0x388
103ca8.890: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb7a8a0000 uNtDllChildAddr=00007ffb7a8a0000
104ca8.890: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb7a916d50
105ca8.890: supR3HardenedWinSetupChildInit: Start child.
106ca8.890: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
107ca8.890: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 44 sleeps
108ca8.890: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
109ca8.890: *0000000000000000-ffffffffffe8ffff 0x0001/0x0000 0x0000000
110ca8.890: *0000000000170000-000000000014ffff 0x0004/0x0004 0x0020000
111ca8.890: *0000000000190000-000000000017afff 0x0002/0x0002 0x0040000
112ca8.890: 00000000001a5000-0000000000199fff 0x0001/0x0000 0x0000000
113ca8.890: *00000000001b0000-00000000001abfff 0x0002/0x0002 0x0040000
114ca8.890: 00000000001b4000-00000000001a7fff 0x0001/0x0000 0x0000000
115ca8.890: *00000000001c0000-00000000001bdfff 0x0004/0x0004 0x0020000
116ca8.890: 00000000001c2000-00000000001b3fff 0x0001/0x0000 0x0000000
117ca8.890: *00000000001d0000-00000000001cefff 0x0020/0x0020 0x0020000 !!
118ca8.890: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00000000001d0000 (LB 0x1000, 00000000001d0000 LB 0x1000)
119ca8.890: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00000000001d0000/00000000001d0000 LB 0/0x1000]
120ca8.890: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00000000001d0000 LB 0x30000 s=0x10000 ap=0x0 rp=0x00400100000001
121ca8.890: 00000000001d1000-00000000001a1fff 0x0001/0x0000 0x0000000
122ca8.890: *0000000000200000-0000000000022fff 0x0000/0x0004 0x0020000
123ca8.890: 00000000003dd000-00000000003d9fff 0x0004/0x0004 0x0020000
124ca8.890: 00000000003e0000-00000000003bffff 0x0000/0x0004 0x0020000
125ca8.890: *0000000000400000-0000000000304fff 0x0000/0x0004 0x0020000
126ca8.890: 00000000004fb000-00000000004f7fff 0x0104/0x0004 0x0020000
127ca8.890: 00000000004fe000-00000000004fbfff 0x0004/0x0004 0x0020000
128ca8.890: 0000000000500000-ffffffff80a1ffff 0x0001/0x0000 0x0000000
129ca8.890: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
130ca8.890: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
131ca8.890: 000000007fff0000-ffff800a82a1ffff 0x0001/0x0000 0x0000000
132ca8.890: *00007ff67d5c0000-00007ff67d59cfff 0x0002/0x0002 0x0040000
133ca8.890: 00007ff67d5e3000-00007ff67d4e5fff 0x0001/0x0000 0x0000000
134ca8.890: *00007ff67d6e0000-00007ff67d6e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
135ca8.890: 00007ff67d6e1000-00007ff67d74ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
136ca8.890: 00007ff67d750000-00007ff67d750fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
137ca8.890: 00007ff67d751000-00007ff67d794fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
138ca8.890: 00007ff67d795000-00007ff67d795fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
139ca8.890: 00007ff67d796000-00007ff67d796fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
140ca8.890: 00007ff67d797000-00007ff67d79bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
141ca8.890: 00007ff67d79c000-00007ff67d79cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
142ca8.890: 00007ff67d79d000-00007ff67d79dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
143ca8.890: 00007ff67d79e000-00007ff67d7a1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
144ca8.890: 00007ff67d7a2000-00007ff67d7e9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
145ca8.890: 00007ff67d7ea000-00007ff180733fff 0x0001/0x0000 0x0000000
146ca8.890: *00007ffb7a8a0000-00007ffb7a8a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
147ca8.890: 00007ffb7a8a1000-00007ffb7a99dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
148ca8.890: 00007ffb7a99e000-00007ffb7a9defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
149ca8.890: 00007ffb7a9df000-00007ffb7a9e7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
150ca8.890: 00007ffb7a9e8000-00007ffb7a9f4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
151ca8.890: 00007ffb7a9f5000-00007ffb7a9f5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
152ca8.890: 00007ffb7a9f6000-00007ffb7a9f8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
153ca8.890: 00007ffb7a9f9000-00007ffb7aa60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
154ca8.890: 00007ffb7aa61000-00007ff6f54e1fff 0x0001/0x0000 0x0000000
155ca8.890: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
156ca8.890: VirtualBox.exe: timestamp 0x5790f053 (rc=VINF_SUCCESS)
157ca8.890: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
158ca8.890: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
159ca8.890: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x4000
160ca8.890: supR3HardNtChildPurify: Startup delay kludge #1/1: 522 ms, 35 sleeps
161ca8.890: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
162ca8.890: *0000000000000000-ffffffffffe8ffff 0x0001/0x0000 0x0000000
163ca8.890: *0000000000170000-000000000014ffff 0x0004/0x0004 0x0020000
164ca8.890: *0000000000190000-000000000017afff 0x0002/0x0002 0x0040000
165ca8.890: 00000000001a5000-0000000000199fff 0x0001/0x0000 0x0000000
166ca8.890: *00000000001b0000-00000000001abfff 0x0002/0x0002 0x0040000
167ca8.890: 00000000001b4000-00000000001a7fff 0x0001/0x0000 0x0000000
168ca8.890: *00000000001c0000-00000000001bdfff 0x0004/0x0004 0x0020000
169ca8.890: 00000000001c2000-0000000000183fff 0x0001/0x0000 0x0000000
170ca8.890: *0000000000200000-0000000000022fff 0x0000/0x0004 0x0020000
171ca8.890: 00000000003dd000-00000000003d9fff 0x0004/0x0004 0x0020000
172ca8.890: 00000000003e0000-00000000003bffff 0x0000/0x0004 0x0020000
173ca8.890: *0000000000400000-0000000000304fff 0x0000/0x0004 0x0020000
174ca8.890: 00000000004fb000-00000000004f7fff 0x0104/0x0004 0x0020000
175ca8.890: 00000000004fe000-00000000004fbfff 0x0004/0x0004 0x0020000
176ca8.890: 0000000000500000-ffffffff80a1ffff 0x0001/0x0000 0x0000000
177ca8.890: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
178ca8.890: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
179ca8.890: 000000007fff0000-ffff800a82a1ffff 0x0001/0x0000 0x0000000
180ca8.890: *00007ff67d5c0000-00007ff67d59cfff 0x0002/0x0002 0x0040000
181ca8.890: 00007ff67d5e3000-00007ff67d4e5fff 0x0001/0x0000 0x0000000
182ca8.890: *00007ff67d6e0000-00007ff67d6e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
183ca8.890: 00007ff67d6e1000-00007ff67d74ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
184ca8.890: 00007ff67d750000-00007ff67d750fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
185ca8.890: 00007ff67d751000-00007ff67d794fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
186ca8.890: 00007ff67d795000-00007ff67d7a1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
187ca8.890: 00007ff67d7a2000-00007ff67d7e9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
188ca8.890: 00007ff67d7ea000-00007ff180733fff 0x0001/0x0000 0x0000000
189ca8.890: *00007ffb7a8a0000-00007ffb7a8a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
190ca8.890: 00007ffb7a8a1000-00007ffb7a99dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
191ca8.890: 00007ffb7a99e000-00007ffb7a9defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
192ca8.890: 00007ffb7a9df000-00007ffb7a9e2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
193ca8.890: 00007ffb7a9e3000-00007ffb7a9e7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
194ca8.890: 00007ffb7a9e8000-00007ffb7a9f4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
195ca8.890: 00007ffb7a9f5000-00007ffb7a9f5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
196ca8.890: 00007ffb7a9f6000-00007ffb7a9f8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
197ca8.890: 00007ffb7a9f9000-00007ffb7aa60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
198ca8.890: 00007ffb7aa61000-00007ff6f54e1fff 0x0001/0x0000 0x0000000
199ca8.890: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
200ca8.890: supR3HardNtChildPurify: Done after 1248 ms and 1 fixes (loop #1).
201960.8ec: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
202960.8ec: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb7a8a0000 g_uNtVerCombined=0xa0295a00
203960.8ec: ntdll.dll: timestamp 0x571af2eb (rc=VINF_SUCCESS)
204960.8ec: New simple heap: #1 0000000000600000 LB 0x400000 (for 1839104 allocation)
205ca8.890: supR3HardNtEnableThreadCreation:
206960.8ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
207960.8ec: System32: \Device\HarddiskVolume4\Windows\System32
208960.8ec: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
209960.8ec: KnownDllPath: C:\Windows\system32
210960.8ec: supR3HardenedVmProcessInit: Opening vboxdrv stub...
211960.8ec: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
212960.8ec: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
213960.8ec: Registered Dll notification callback with NTDLL.
214960.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
215960.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
216960.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
217960.8ec: supR3HardenedDllNotificationCallback: load 00007ffb779c0000 LB 0x001e8000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
218960.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
219960.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
220960.8ec: supR3HardenedDllNotificationCallback: load 00007ffb7a5b0000 LB 0x000ad000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
221960.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
222960.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a5b0000 'C:\Windows\system32\KERNEL32.DLL'
223960.8ec: supR3HardenedDllNotificationCallback: load 00007ff67d6e0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
224960.8ec: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
225960.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
226960.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
227ca8.890: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 156 ms, CloseEvents);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy