| 1 | c64.c68: Log file opened: 5.1.10r112026 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
|
|---|
| 2 | c64.c68: \SystemRoot\System32\ntdll.dll:
|
|---|
| 3 | c64.c68: CreationTime: 2016-12-02T04:34:06.918875000Z
|
|---|
| 4 | c64.c68: LastWriteTime: 2016-10-07T15:35:29.838228900Z
|
|---|
| 5 | c64.c68: ChangeTime: 2016-12-02T12:25:01.387625000Z
|
|---|
| 6 | c64.c68: FileAttributes: 0x20
|
|---|
| 7 | c64.c68: Size: 0x1a7100
|
|---|
| 8 | c64.c68: NT Headers: 0xe0
|
|---|
| 9 | c64.c68: Timestamp: 0x57f7c06e
|
|---|
| 10 | c64.c68: Machine: 0x8664 - amd64
|
|---|
| 11 | c64.c68: Timestamp: 0x57f7c06e
|
|---|
| 12 | c64.c68: Image Version: 6.1
|
|---|
| 13 | c64.c68: SizeOfImage: 0x1aa000 (1744896)
|
|---|
| 14 | c64.c68: Resource Dir: 0x14e000 LB 0x5a028
|
|---|
| 15 | c64.c68: ProductName: Microsoft® Windows® Operating System
|
|---|
| 16 | c64.c68: ProductVersion: 6.1.7601.23569
|
|---|
| 17 | c64.c68: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
|
|---|
| 18 | c64.c68: FileDescription: NT Layer DLL
|
|---|
| 19 | c64.c68: \SystemRoot\System32\kernel32.dll:
|
|---|
| 20 | c64.c68: CreationTime: 2016-12-02T04:34:03.653250000Z
|
|---|
| 21 | c64.c68: LastWriteTime: 2016-10-07T15:32:25.787000000Z
|
|---|
| 22 | c64.c68: ChangeTime: 2016-12-02T12:25:03.262625000Z
|
|---|
| 23 | c64.c68: FileAttributes: 0x20
|
|---|
| 24 | c64.c68: Size: 0x11c000
|
|---|
| 25 | c64.c68: NT Headers: 0xe0
|
|---|
| 26 | c64.c68: Timestamp: 0x57f7c0b3
|
|---|
| 27 | c64.c68: Machine: 0x8664 - amd64
|
|---|
| 28 | c64.c68: Timestamp: 0x57f7c0b3
|
|---|
| 29 | c64.c68: Image Version: 6.1
|
|---|
| 30 | c64.c68: SizeOfImage: 0x11f000 (1175552)
|
|---|
| 31 | c64.c68: Resource Dir: 0x116000 LB 0x528
|
|---|
| 32 | c64.c68: ProductName: Microsoft® Windows® Operating System
|
|---|
| 33 | c64.c68: ProductVersion: 6.1.7601.23569
|
|---|
| 34 | c64.c68: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
|
|---|
| 35 | c64.c68: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 36 | c64.c68: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 37 | c64.c68: CreationTime: 2016-12-02T04:34:04.122000000Z
|
|---|
| 38 | c64.c68: LastWriteTime: 2016-10-07T15:32:25.802000000Z
|
|---|
| 39 | c64.c68: ChangeTime: 2016-12-02T12:25:03.262625000Z
|
|---|
| 40 | c64.c68: FileAttributes: 0x20
|
|---|
| 41 | c64.c68: Size: 0x66800
|
|---|
| 42 | c64.c68: NT Headers: 0xe8
|
|---|
| 43 | c64.c68: Timestamp: 0x57f7c0b4
|
|---|
| 44 | c64.c68: Machine: 0x8664 - amd64
|
|---|
| 45 | c64.c68: Timestamp: 0x57f7c0b4
|
|---|
| 46 | c64.c68: Image Version: 6.1
|
|---|
| 47 | c64.c68: SizeOfImage: 0x6a000 (434176)
|
|---|
| 48 | c64.c68: Resource Dir: 0x68000 LB 0x530
|
|---|
| 49 | c64.c68: ProductName: Microsoft® Windows® Operating System
|
|---|
| 50 | c64.c68: ProductVersion: 6.1.7601.23569
|
|---|
| 51 | c64.c68: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
|
|---|
| 52 | c64.c68: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 53 | c64.c68: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 54 | c64.c68: CreationTime: 2016-12-02T04:33:58.637625000Z
|
|---|
| 55 | c64.c68: LastWriteTime: 2016-10-07T15:32:20.717000000Z
|
|---|
| 56 | c64.c68: ChangeTime: 2016-12-02T12:25:01.340750000Z
|
|---|
| 57 | c64.c68: FileAttributes: 0x20
|
|---|
| 58 | c64.c68: Size: 0x1a00
|
|---|
| 59 | c64.c68: NT Headers: 0xc0
|
|---|
| 60 | c64.c68: Timestamp: 0x57f7c04d
|
|---|
| 61 | c64.c68: Machine: 0x8664 - amd64
|
|---|
| 62 | c64.c68: Timestamp: 0x57f7c04d
|
|---|
| 63 | c64.c68: Image Version: 6.1
|
|---|
| 64 | c64.c68: SizeOfImage: 0x50000 (327680)
|
|---|
| 65 | c64.c68: Resource Dir: 0x30000 LB 0x3f8
|
|---|
| 66 | c64.c68: ProductName: Microsoft® Windows® Operating System
|
|---|
| 67 | c64.c68: ProductVersion: 6.1.7601.23569
|
|---|
| 68 | c64.c68: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
|
|---|
| 69 | c64.c68: FileDescription: ApiSet Schema DLL
|
|---|
| 70 | c64.c68: Found driver dgmaster (0x2000)
|
|---|
| 71 | c64.c68: supR3HardenedWinFindAdversaries: 0x2000
|
|---|
| 72 | c64.c68: \SystemRoot\System32\drivers\dgmaster.sys:
|
|---|
| 73 | c64.c68: CreationTime: 2016-12-02T16:30:06.506835900Z
|
|---|
| 74 | c64.c68: LastWriteTime: 2016-12-02T02:31:46.000000000Z
|
|---|
| 75 | c64.c68: ChangeTime: 2016-12-02T16:30:06.584960900Z
|
|---|
| 76 | c64.c68: FileAttributes: 0x2020
|
|---|
| 77 | c64.c68: Size: 0x2505c0
|
|---|
| 78 | c64.c68: NT Headers: 0x108
|
|---|
| 79 | c64.c68: Timestamp: 0x5840dcd7
|
|---|
| 80 | c64.c68: Machine: 0x8664 - amd64
|
|---|
| 81 | c64.c68: Timestamp: 0x5840dcd7
|
|---|
| 82 | c64.c68: Image Version: 6.3
|
|---|
| 83 | c64.c68: SizeOfImage: 0x30a000 (3186688)
|
|---|
| 84 | c64.c68: Resource Dir: 0x2ca000 LB 0x35f48
|
|---|
| 85 | c64.c68: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
|
|---|
| 86 | c64.c68: Calling main()
|
|---|
| 87 | c64.c68: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
|
|---|
| 88 | c64.c68: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
|
|---|
| 89 | c64.c68: SUPR3HardenedMain: Respawn #1
|
|---|
| 90 | c64.c68: System32: \Device\HarddiskVolume2\Windows\System32
|
|---|
| 91 | c64.c68: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
|
|---|
| 92 | c64.c68: KnownDllPath: C:\Windows\system32
|
|---|
| 93 | c64.c68: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 94 | c64.c68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
|
|---|
| 95 | c64.c68: supR3HardNtEnableThreadCreation:
|
|---|
| 96 | c64.c68: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007710a360 pvNtTerminateThread=000000007712c260
|
|---|
| 97 | c64.c68: supR3HardenedWinDoReSpawn(1): New child c6c.c70 [kernel32].
|
|---|
| 98 | c64.c68: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdb000 cbPeb=0x380
|
|---|
| 99 | c64.c68: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000770e0000 uNtDllChildAddr=00000000770e0000
|
|---|
| 100 | c64.c68: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007710a360
|
|---|
| 101 | c64.c68: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 102 | c64.c68: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 16 ms.
|
|---|
| 103 | c64.c68: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
|
|---|
| 104 | c64.c68: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 105 | c64.c68: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 106 | c64.c68: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
|
|---|
| 107 | c64.c68: *0000000000030000-000000000002efff 0x0040/0x0040 0x0020000 !!
|
|---|
| 108 | c64.c68: supHardNtVpFreeOrReplacePrivateExecMemory: Replacing exec mem at 0000000000030000 (LB 0x1000, 0000000000030000 LB 0x1000)
|
|---|
| 109 | c64.c68: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000030000/0000000000030000 LB 0/0x1000]
|
|---|
| 110 | c64.c68: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000030000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
|
|---|
| 111 | c64.c68: Error (rc=-5673):
|
|---|
| 112 | c64.c68: NtAllocateVirtualMemory (0000000000030000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
|
|---|
| 113 | c64.c68: Error (rc=-5645):
|
|---|
| 114 | c64.c68: Too many virtual memory regions.
|
|---|
| 115 |
|
|---|
| 116 | c64.c68: Error (rc=-5673):
|
|---|
| 117 | c64.c68: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (0000000000030000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
|
|---|
| 118 | [rc=-5645] Too many virtual memory regions.
|
|---|
| 119 | c64.c68: Error -5673 in supR3HardNtChildPurify! (enmWhat=5)
|
|---|
| 120 | c64.c68: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (0000000000030000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
|
|---|
| 121 | [rc=-5645] Too many virtual memory regions.
|
|---|
| 122 | c64.c68: supR3HardNtEnableThreadCreation:
|
|---|