VirtualBox

Ticket #16878: VBoxHardening.2.log

File VBoxHardening.2.log, 11.4 KB (added by vlapr, 7 years ago)

VBoxHardening.log

Line 
1ca0.2a2c: Log file opened: 5.2.4r119785 g_hStartupLog=0000000000000070 g_uNtVerCombined=0xa0383900
2ca0.2a2c: \SystemRoot\System32\ntdll.dll:
3ca0.2a2c: CreationTime: 2017-09-14T07:01:46.664917300Z
4ca0.2a2c: LastWriteTime: 2017-09-07T06:03:35.589628500Z
5ca0.2a2c: ChangeTime: 2017-09-14T08:15:40.988885300Z
6ca0.2a2c: FileAttributes: 0x20
7ca0.2a2c: Size: 0x1cccb0
8ca0.2a2c: NT Headers: 0xd8
9ca0.2a2c: Timestamp: 0x59b0d03e
10ca0.2a2c: Machine: 0x8664 - amd64
11ca0.2a2c: Timestamp: 0x59b0d03e
12ca0.2a2c: Image Version: 10.0
13ca0.2a2c: SizeOfImage: 0x1d2000 (1908736)
14ca0.2a2c: Resource Dir: 0x169000 LB 0x67a50
15ca0.2a2c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16ca0.2a2c: [Raw version resource data: 0x1690f0 LB 0x398, codepage 0x0 (reserved 0x0)]
17ca0.2a2c: ProductName: Microsoft® Windows® Operating System
18ca0.2a2c: ProductVersion: 10.0.14393.1715
19ca0.2a2c: FileVersion: 10.0.14393.1715 (rs1_release_inmarket.170906-1810)
20ca0.2a2c: FileDescription: NT Layer DLL
21ca0.2a2c: \SystemRoot\System32\kernel32.dll:
22ca0.2a2c: CreationTime: 2017-09-14T07:02:03.004530200Z
23ca0.2a2c: LastWriteTime: 2017-04-28T00:49:43.332433600Z
24ca0.2a2c: ChangeTime: 2017-09-14T08:15:21.281079100Z
25ca0.2a2c: FileAttributes: 0x20
26ca0.2a2c: Size: 0xab208
27ca0.2a2c: NT Headers: 0xf0
28ca0.2a2c: Timestamp: 0x59028368
29ca0.2a2c: Machine: 0x8664 - amd64
30ca0.2a2c: Timestamp: 0x59028368
31ca0.2a2c: Image Version: 10.0
32ca0.2a2c: SizeOfImage: 0xac000 (704512)
33ca0.2a2c: Resource Dir: 0xaa000 LB 0x530
34ca0.2a2c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35ca0.2a2c: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)]
36ca0.2a2c: ProductName: Microsoft® Windows® Operating System
37ca0.2a2c: ProductVersion: 10.0.14393.1198
38ca0.2a2c: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353)
39ca0.2a2c: FileDescription: Windows NT BASE API Client DLL
40ca0.2a2c: \SystemRoot\System32\KernelBase.dll:
41ca0.2a2c: CreationTime: 2017-09-14T07:03:41.892462800Z
42ca0.2a2c: LastWriteTime: 2017-09-07T06:03:59.714868700Z
43ca0.2a2c: ChangeTime: 2017-09-14T08:15:37.972503200Z
44ca0.2a2c: FileAttributes: 0x20
45ca0.2a2c: Size: 0x21c780
46ca0.2a2c: NT Headers: 0xf8
47ca0.2a2c: Timestamp: 0x59b0d106
48ca0.2a2c: Machine: 0x8664 - amd64
49ca0.2a2c: Timestamp: 0x59b0d106
50ca0.2a2c: Image Version: 10.0
51ca0.2a2c: SizeOfImage: 0x21d000 (2215936)
52ca0.2a2c: Resource Dir: 0x201000 LB 0x560
53ca0.2a2c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54ca0.2a2c: [Raw version resource data: 0x2010b0 LB 0x3d4, codepage 0x0 (reserved 0x0)]
55ca0.2a2c: ProductName: Microsoft® Windows® Operating System
56ca0.2a2c: ProductVersion: 10.0.14393.1715
57ca0.2a2c: FileVersion: 10.0.14393.1715 (rs1_release_inmarket.170906-1810)
58ca0.2a2c: FileDescription: Windows NT BASE API Client DLL
59ca0.2a2c: \SystemRoot\System32\apisetschema.dll:
60ca0.2a2c: CreationTime: 2017-09-14T07:02:01.403113700Z
61ca0.2a2c: LastWriteTime: 2017-07-12T06:15:56.983190800Z
62ca0.2a2c: ChangeTime: 2017-09-14T08:15:31.752249900Z
63ca0.2a2c: FileAttributes: 0x20
64ca0.2a2c: Size: 0x18b60
65ca0.2a2c: NT Headers: 0xc8
66ca0.2a2c: Timestamp: 0x5965b2bd
67ca0.2a2c: Machine: 0x8664 - amd64
68ca0.2a2c: Timestamp: 0x5965b2bd
69ca0.2a2c: Image Version: 10.0
70ca0.2a2c: SizeOfImage: 0x19000 (102400)
71ca0.2a2c: Resource Dir: 0x18000 LB 0x408
72ca0.2a2c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73ca0.2a2c: [Raw version resource data: 0x18060 LB 0x3a4, codepage 0x0 (reserved 0x0)]
74ca0.2a2c: ProductName: Microsoft® Windows® Operating System
75ca0.2a2c: ProductVersion: 10.0.14393.1532
76ca0.2a2c: FileVersion: 10.0.14393.1532 (rs1_release_d.170711-1840)
77ca0.2a2c: FileDescription: ApiSet Schema DLL
78ca0.2a2c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79ca0.2a2c: supR3HardenedWinFindAdversaries: 0x0
80ca0.2a2c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
81ca0.2a2c: Calling main()
82ca0.2a2c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
83ca0.2a2c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
84ca0.2a2c: SUPR3HardenedMain: Respawn #1
85ca0.2a2c: System32: \Device\HarddiskVolume2\Windows\System32
86ca0.2a2c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
87ca0.2a2c: KnownDllPath: C:\WINDOWS\System32
88ca0.2a2c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
89ca0.2a2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
90ca0.2a2c: supR3HardNtEnableThreadCreation:
91ca0.2a2c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff3e789f60 pvNtTerminateThread=00007fff3e7b6af0
92ca0.2a2c: supR3HardenedWinDoReSpawn(1): New child 2328.2e04 [kernel32].
93ca0.2a2c: supR3HardNtChildGatherData: PebBaseAddress=0000000000826000 cbPeb=0x388
94ca0.2a2c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff3e710000 uNtDllChildAddr=00007fff3e710000
95ca0.2a2c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff3e789f60
96ca0.2a2c: supR3HardenedWinSetupChildInit: Start child.
97ca0.2a2c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
98ca0.2a2c: supR3HardNtChildPurify: Startup delay kludge #1/0: 258 ms, 31 sleeps
99ca0.2a2c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
100ca0.2a2c: *0000000000000000-000000000066ffff 0x0001/0x0000 0x0000000
101ca0.2a2c: *0000000000670000-000000000068ffff 0x0004/0x0004 0x0020000
102ca0.2a2c: *0000000000690000-00000000006a5fff 0x0002/0x0002 0x0040000
103ca0.2a2c: 00000000006a6000-00000000006affff 0x0001/0x0000 0x0000000
104ca0.2a2c: *00000000006b0000-00000000007aafff 0x0000/0x0004 0x0020000
105ca0.2a2c: 00000000007ab000-00000000007adfff 0x0104/0x0004 0x0020000
106ca0.2a2c: 00000000007ae000-00000000007affff 0x0004/0x0004 0x0020000
107ca0.2a2c: *00000000007b0000-00000000007b3fff 0x0002/0x0002 0x0040000
108ca0.2a2c: 00000000007b4000-00000000007bffff 0x0001/0x0000 0x0000000
109ca0.2a2c: *00000000007c0000-00000000007c1fff 0x0004/0x0004 0x0020000
110ca0.2a2c: 00000000007c2000-00000000007fffff 0x0001/0x0000 0x0000000
111ca0.2a2c: *0000000000800000-0000000000825fff 0x0000/0x0004 0x0020000
112ca0.2a2c: 0000000000826000-0000000000828fff 0x0004/0x0004 0x0020000
113ca0.2a2c: 0000000000829000-00000000009fffff 0x0000/0x0004 0x0020000
114ca0.2a2c: 0000000000a00000-00000000052affff 0x0001/0x0000 0x0000000
115ca0.2a2c: *00000000052b0000-00000000052b0fff 0x0020/0x0040 0x0020000 !!
116ca0.2a2c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00000000052b0000 (LB 0x1000, 00000000052b0000 LB 0x1000)
117ca0.2a2c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00000000052b0000/00000000052b0000 LB 0/0x1000]
118ca0.2a2c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00000000052b0000 LB 0x7ad30000 s=0x10000 ap=0x0 rp=0x00000000000001
119ca0.2a2c: 00000000052b1000-000000007ffdffff 0x0001/0x0000 0x0000000
120ca0.2a2c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
121ca0.2a2c: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
122ca0.2a2c: 000000007fff0000-00007ff72c9bffff 0x0001/0x0000 0x0000000
123ca0.2a2c: *00007ff72c9c0000-00007ff72c9e2fff 0x0002/0x0002 0x0040000
124ca0.2a2c: 00007ff72c9e3000-00007ff72d76ffff 0x0001/0x0000 0x0000000
125ca0.2a2c: *00007ff72d770000-00007ff72d770fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
126ca0.2a2c: supHardNtVpNewImage: 8dot3 -> long: '\Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
127ca0.2a2c: 00007ff72d771000-00007ff72d7e1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
128ca0.2a2c: 00007ff72d7e2000-00007ff72d7e2fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
129ca0.2a2c: 00007ff72d7e3000-00007ff72d828fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
130ca0.2a2c: 00007ff72d829000-00007ff72d829fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
131ca0.2a2c: 00007ff72d82a000-00007ff72d82afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
132ca0.2a2c: 00007ff72d82b000-00007ff72d82ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
133ca0.2a2c: 00007ff72d830000-00007ff72d830fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
134ca0.2a2c: 00007ff72d831000-00007ff72d831fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
135ca0.2a2c: 00007ff72d832000-00007ff72d835fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
136ca0.2a2c: 00007ff72d836000-00007ff72d87dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
137ca0.2a2c: 00007ff72d87e000-00007fff3e70ffff 0x0001/0x0000 0x0000000
138ca0.2a2c: *00007fff3e710000-00007fff3e710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
139ca0.2a2c: 00007fff3e711000-00007fff3e818fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
140ca0.2a2c: 00007fff3e819000-00007fff3e85cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
141ca0.2a2c: 00007fff3e85d000-00007fff3e865fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
142ca0.2a2c: 00007fff3e866000-00007fff3e873fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
143ca0.2a2c: 00007fff3e874000-00007fff3e874fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
144ca0.2a2c: 00007fff3e875000-00007fff3e877fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
145ca0.2a2c: 00007fff3e878000-00007fff3e8e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
146ca0.2a2c: 00007fff3e8e2000-00007ffffffdffff 0x0001/0x0000 0x0000000
147ca0.2a2c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
148ca0.2a2c: VirtualBox.exe: timestamp 0x5a37e337 (rc=VINF_SUCCESS)
149ca0.2a2c: Error (rc=-5618):
150ca0.2a2c: Process image name does not match the exectuable we found: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe vs \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE.
151ca0.2a2c: Error (rc=-5618):
152ca0.2a2c: supHardenedWinVerifyProcess failed with Unknown Status -5618 (0xffffea0e): Process image name does not match the exectuable we found: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe vs \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE.
153ca0.2a2c: Error -5618 in supR3HardNtChildPurify! (enmWhat=5)
154ca0.2a2c: supHardenedWinVerifyProcess failed with Unknown Status -5618 (0xffffea0e): Process image name does not match the exectuable we found: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe vs \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE.
155ca0.2a2c: supR3HardNtEnableThreadCreation:

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy