VirtualBox

Ticket #16998: VBoxHardening.log

File VBoxHardening.log, 16.8 KB (added by Ceddaerrix, 7 years ago)
Line 
15b0.16f4: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03fab00
25b0.16f4: \SystemRoot\System32\ntdll.dll:
35b0.16f4: CreationTime: 2018-02-20T00:08:50.390961500Z
45b0.16f4: LastWriteTime: 2018-02-10T06:15:34.902092600Z
55b0.16f4: ChangeTime: 2018-02-20T11:51:35.492825500Z
65b0.16f4: FileAttributes: 0x20
75b0.16f4: Size: 0x1dd100
85b0.16f4: NT Headers: 0xe0
95b0.16f4: Timestamp: 0xeffc9126
105b0.16f4: Machine: 0x8664 - amd64
115b0.16f4: Timestamp: 0xeffc9126
125b0.16f4: Image Version: 10.0
135b0.16f4: SizeOfImage: 0x1e0000 (1966080)
145b0.16f4: Resource Dir: 0x174000 LB 0x6a1d8
155b0.16f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
165b0.16f4: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
175b0.16f4: ProductName: Microsoft® Windows® Operating System
185b0.16f4: ProductVersion: 10.0.16299.248
195b0.16f4: FileVersion: 10.0.16299.248 (WinBuild.160101.0800)
205b0.16f4: FileDescription: NT Layer DLL
215b0.16f4: \SystemRoot\System32\kernel32.dll:
225b0.16f4: CreationTime: 2017-09-29T13:42:04.954227600Z
235b0.16f4: LastWriteTime: 2017-09-29T13:42:04.954227600Z
245b0.16f4: ChangeTime: 2018-01-08T17:21:26.779924100Z
255b0.16f4: FileAttributes: 0x20
265b0.16f4: Size: 0xab868
275b0.16f4: NT Headers: 0xe8
285b0.16f4: Timestamp: 0xc2cf900
295b0.16f4: Machine: 0x8664 - amd64
305b0.16f4: Timestamp: 0xc2cf900
315b0.16f4: Image Version: 10.0
325b0.16f4: SizeOfImage: 0xae000 (712704)
335b0.16f4: Resource Dir: 0xac000 LB 0x520
345b0.16f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
355b0.16f4: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
365b0.16f4: ProductName: Microsoft® Windows® Operating System
375b0.16f4: ProductVersion: 10.0.16299.15
385b0.16f4: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
395b0.16f4: FileDescription: Windows NT BASE API Client DLL
405b0.16f4: \SystemRoot\System32\KernelBase.dll:
415b0.16f4: CreationTime: 2018-02-20T00:08:34.680981400Z
425b0.16f4: LastWriteTime: 2018-02-10T06:15:53.408982400Z
435b0.16f4: ChangeTime: 2018-02-20T11:51:31.398635500Z
445b0.16f4: FileAttributes: 0x20
455b0.16f4: Size: 0x266000
465b0.16f4: NT Headers: 0xf0
475b0.16f4: Timestamp: 0x4414ec23
485b0.16f4: Machine: 0x8664 - amd64
495b0.16f4: Timestamp: 0x4414ec23
505b0.16f4: Image Version: 10.0
515b0.16f4: SizeOfImage: 0x266000 (2514944)
525b0.16f4: Resource Dir: 0x245000 LB 0x548
535b0.16f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
545b0.16f4: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
555b0.16f4: ProductName: Microsoft® Windows® Operating System
565b0.16f4: ProductVersion: 10.0.16299.248
575b0.16f4: FileVersion: 10.0.16299.248 (WinBuild.160101.0800)
585b0.16f4: FileDescription: Windows NT BASE API Client DLL
595b0.16f4: \SystemRoot\System32\apisetschema.dll:
605b0.16f4: CreationTime: 2017-09-29T13:42:07.095026600Z
615b0.16f4: LastWriteTime: 2017-09-29T13:42:07.095026600Z
625b0.16f4: ChangeTime: 2018-02-20T00:18:10.804032900Z
635b0.16f4: FileAttributes: 0x20
645b0.16f4: Size: 0x1b398
655b0.16f4: NT Headers: 0xc8
665b0.16f4: Timestamp: 0xf30abf31
675b0.16f4: Machine: 0x8664 - amd64
685b0.16f4: Timestamp: 0xf30abf31
695b0.16f4: Image Version: 10.0
705b0.16f4: SizeOfImage: 0x1c000 (114688)
715b0.16f4: Resource Dir: 0x1b000 LB 0x408
725b0.16f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
735b0.16f4: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
745b0.16f4: ProductName: Microsoft® Windows® Operating System
755b0.16f4: ProductVersion: 10.0.16299.15
765b0.16f4: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
775b0.16f4: FileDescription: ApiSet Schema DLL
785b0.16f4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
795b0.16f4: supR3HardenedWinFindAdversaries: 0x2020
805b0.16f4: \SystemRoot\System32\drivers\mfeavfk.sys:
815b0.16f4: CreationTime: 2017-07-26T16:43:32.195825300Z
825b0.16f4: LastWriteTime: 2018-02-22T23:03:58.453438500Z
835b0.16f4: ChangeTime: 2018-02-22T23:03:58.453438500Z
845b0.16f4: FileAttributes: 0x20
855b0.16f4: Size: 0x56de8
865b0.16f4: NT Headers: 0xf8
875b0.16f4: Timestamp: 0x59ceade6
885b0.16f4: Machine: 0x8664 - amd64
895b0.16f4: Timestamp: 0x59ceade6
905b0.16f4: Image Version: 0.0
915b0.16f4: SizeOfImage: 0x57000 (356352)
925b0.16f4: Resource Dir: 0x55000 LB 0x750
935b0.16f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
945b0.16f4: [Raw version resource data: 0x55110 LB 0x32c, codepage 0x0 (reserved 0x0)]
955b0.16f4: ProductName: SYSCORE
965b0.16f4: ProductVersion: 15.7.0.665
975b0.16f4: FileVersion: SYSCORE.15.7.0.665
985b0.16f4: PrivateBuild: SYSCORE.15.7.0.665 F15,F16,F19
995b0.16f4: FileDescription: Anti-Virus File System Filter Driver
1005b0.16f4: \SystemRoot\System32\drivers\mfefirek.sys:
1015b0.16f4: CreationTime: 2017-07-26T16:43:42.187712600Z
1025b0.16f4: LastWriteTime: 2018-02-22T23:03:59.204439900Z
1035b0.16f4: ChangeTime: 2018-02-22T23:03:59.204439900Z
1045b0.16f4: FileAttributes: 0x20
1055b0.16f4: Size: 0x7b9e8
1065b0.16f4: NT Headers: 0xe0
1075b0.16f4: Timestamp: 0x59ceaea4
1085b0.16f4: Machine: 0x8664 - amd64
1095b0.16f4: Timestamp: 0x59ceaea4
1105b0.16f4: Image Version: 0.0
1115b0.16f4: SizeOfImage: 0x7d000 (512000)
1125b0.16f4: Resource Dir: 0x79000 LB 0x380
1135b0.16f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1145b0.16f4: [Raw version resource data: 0x79060 LB 0x320, codepage 0x0 (reserved 0x0)]
1155b0.16f4: ProductName: SYSCORE
1165b0.16f4: ProductVersion: 15.7.0.665
1175b0.16f4: FileVersion: SYSCORE.15.7.0.665
1185b0.16f4: PrivateBuild: SYSCORE.15.7.0.665 F17,F18
1195b0.16f4: FileDescription: McAfee Core Firewall Engine Driver
1205b0.16f4: \SystemRoot\System32\drivers\mfehidk.sys:
1215b0.16f4: CreationTime: 2017-07-26T16:43:29.095377100Z
1225b0.16f4: LastWriteTime: 2018-02-22T23:03:58.646954500Z
1235b0.16f4: ChangeTime: 2018-02-22T23:03:58.646954500Z
1245b0.16f4: FileAttributes: 0x20
1255b0.16f4: Size: 0xe51e8
1265b0.16f4: NT Headers: 0xf8
1275b0.16f4: Timestamp: 0x59cead55
1285b0.16f4: Machine: 0x8664 - amd64
1295b0.16f4: Timestamp: 0x59cead55
1305b0.16f4: Image Version: 0.0
1315b0.16f4: SizeOfImage: 0xf0000 (983040)
1325b0.16f4: Resource Dir: 0xec000 LB 0x750
1335b0.16f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1345b0.16f4: [Raw version resource data: 0xec110 LB 0x318, codepage 0x0 (reserved 0x0)]
1355b0.16f4: ProductName: SYSCORE
1365b0.16f4: ProductVersion: 15.7.0.665
1375b0.16f4: FileVersion: SYSCORE.15.7.0.665
1385b0.16f4: PrivateBuild: SYSCORE.15.7.0.665 F14,F15,F16,F18,F20
1395b0.16f4: FileDescription: McAfee Link Driver
1405b0.16f4: \SystemRoot\System32\drivers\mfewfpk.sys:
1415b0.16f4: CreationTime: 2017-07-26T16:43:28.147101200Z
1425b0.16f4: LastWriteTime: 2018-02-22T23:03:58.794346800Z
1435b0.16f4: ChangeTime: 2018-02-22T23:03:58.794346800Z
1445b0.16f4: FileAttributes: 0x20
1455b0.16f4: Size: 0x3dbe8
1465b0.16f4: NT Headers: 0x100
1475b0.16f4: Timestamp: 0x59cead75
1485b0.16f4: Machine: 0x8664 - amd64
1495b0.16f4: Timestamp: 0x59cead75
1505b0.16f4: Image Version: 0.0
1515b0.16f4: SizeOfImage: 0x59000 (364544)
1525b0.16f4: Resource Dir: 0x57000 LB 0x378
1535b0.16f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1545b0.16f4: [Raw version resource data: 0x57060 LB 0x318, codepage 0x0 (reserved 0x0)]
1555b0.16f4: ProductName: SYSCORE
1565b0.16f4: ProductVersion: 15.7.0.665
1575b0.16f4: FileVersion: SYSCORE.15.7.0.665
1585b0.16f4: PrivateBuild: SYSCORE.15.7.0.665 F17,F18
1595b0.16f4: FileDescription: Anti-Virus Mini-Firewall Driver
1605b0.16f4: \SystemRoot\System32\drivers\dgmaster.sys:
1615b0.16f4: CreationTime: 2017-10-17T17:18:39.207673500Z
1625b0.16f4: LastWriteTime: 2017-07-18T22:11:22.000000000Z
1635b0.16f4: ChangeTime: 2018-01-08T17:37:57.358708200Z
1645b0.16f4: FileAttributes: 0x20
1655b0.16f4: Size: 0x253a80
1665b0.16f4: NT Headers: 0x108
1675b0.16f4: Timestamp: 0x596ea8c3
1685b0.16f4: Machine: 0x8664 - amd64
1695b0.16f4: Timestamp: 0x596ea8c3
1705b0.16f4: Image Version: 6.3
1715b0.16f4: SizeOfImage: 0x32c000 (3325952)
1725b0.16f4: Resource Dir: 0x2ec000 LB 0x35f68
1735b0.16f4: [Version info resource found at 0x270! (ID/Name: 0x1; SubID/SubName: 0x409)]
1745b0.16f4: [Raw version resource data: 0x321c30 LB 0x338, codepage 0x0 (reserved 0x0)]
1755b0.16f4: ProductName: Digital Guardian
1765b0.16f4: ProductVersion: 7.3
1775b0.16f4: FileVersion: 7.3.2.0442
1785b0.16f4: FileDescription: Digital Guardian Agent Master
1795b0.16f4: supR3HardenedWinFindAdversaries: Found newer version: 0x2020 -> 0x4020
1805b0.16f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1815b0.16f4: Calling main()
1825b0.16f4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1835b0.16f4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1845b0.16f4: SUPR3HardenedMain: Respawn #1
1855b0.16f4: System32: \Device\HarddiskVolume3\Windows\System32
1865b0.16f4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
1875b0.16f4: KnownDllPath: C:\WINDOWS\System32
1885b0.16f4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1895b0.16f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1905b0.16f4: supR3HardNtEnableThreadCreation:
1915b0.16f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdee3391e0 pvNtTerminateThread=00007ffdee3608d0
1925b0.16f4: supR3HardenedWinDoReSpawn(1): New child 6c0.36a0 [kernel32].
1935b0.16f4: supR3HardNtChildGatherData: PebBaseAddress=0000000000919000 cbPeb=0x388
1945b0.16f4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffdee2c0000 uNtDllChildAddr=00007ffdee2c0000
1955b0.16f4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffdee3391e0
1965b0.16f4: supR3HardenedWinSetupChildInit: Start child.
1975b0.16f4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1985b0.16f4: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps
1995b0.16f4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2005b0.16f4: *0000000000000000-00000000007affff 0x0001/0x0000 0x0000000
2015b0.16f4: *00000000007b0000-00000000007cffff 0x0004/0x0004 0x0020000
2025b0.16f4: *00000000007d0000-00000000007e8fff 0x0002/0x0002 0x0040000
2035b0.16f4: 00000000007e9000-00000000007effff 0x0001/0x0000 0x0000000
2045b0.16f4: *00000000007f0000-00000000007f3fff 0x0002/0x0002 0x0040000
2055b0.16f4: 00000000007f4000-00000000007fffff 0x0001/0x0000 0x0000000
2065b0.16f4: *0000000000800000-0000000000918fff 0x0000/0x0004 0x0020000
2075b0.16f4: 0000000000919000-000000000091bfff 0x0004/0x0004 0x0020000
2085b0.16f4: 000000000091c000-00000000009fffff 0x0000/0x0004 0x0020000
2095b0.16f4: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000
2105b0.16f4: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000
2115b0.16f4: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000
2125b0.16f4: *0000000000b00000-0000000000b00fff 0x0004/0x0004 0x0020000
2135b0.16f4: 0000000000b01000-000000007ffdffff 0x0001/0x0000 0x0000000
2145b0.16f4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2155b0.16f4: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2165b0.16f4: 000000007fff0000-00007ff7049bffff 0x0001/0x0000 0x0000000
2175b0.16f4: *00007ff7049c0000-00007ff7049e2fff 0x0002/0x0002 0x0040000
2185b0.16f4: 00007ff7049e3000-00007ff70569ffff 0x0001/0x0000 0x0000000
2195b0.16f4: *00007ff7056a0000-00007ff7056a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2205b0.16f4: 00007ff7056a1000-00007ff705711fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2215b0.16f4: 00007ff705712000-00007ff705712fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2225b0.16f4: 00007ff705713000-00007ff705758fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2235b0.16f4: 00007ff705759000-00007ff705759fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2245b0.16f4: 00007ff70575a000-00007ff70575afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2255b0.16f4: 00007ff70575b000-00007ff70575ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2265b0.16f4: 00007ff705760000-00007ff705760fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2275b0.16f4: 00007ff705761000-00007ff705761fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2285b0.16f4: 00007ff705762000-00007ff705765fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2295b0.16f4: 00007ff705766000-00007ff7057adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2305b0.16f4: 00007ff7057ae000-00007ffdee2bffff 0x0001/0x0000 0x0000000
2315b0.16f4: *00007ffdee2c0000-00007ffdee2c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2325b0.16f4: 00007ffdee2c1000-00007ffdee3d2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2335b0.16f4: 00007ffdee3d3000-00007ffdee418fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2345b0.16f4: 00007ffdee419000-00007ffdee420fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2355b0.16f4: 00007ffdee421000-00007ffdee42efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2365b0.16f4: 00007ffdee42f000-00007ffdee42ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2375b0.16f4: 00007ffdee430000-00007ffdee432fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2385b0.16f4: 00007ffdee433000-00007ffdee49ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2395b0.16f4: 00007ffdee4a0000-00007ffffffdffff 0x0001/0x0000 0x0000000
2405b0.16f4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
2415b0.16f4: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS)
2425b0.16f4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2435b0.16f4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2445b0.16f4: supR3HardNtChildPurify: Done after 578 ms and 0 fixes (loop #0).
2455b0.16f4: supR3HardNtEnableThreadCreation:
2466c0.36a0: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
2476c0.36a0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffdee2c0000 g_uNtVerCombined=0xa03fab00
2486c0.36a0: ntdll.dll: timestamp 0xeffc9126 (rc=VINF_SUCCESS)
2496c0.36a0: New simple heap: #1 0000000000c10000 LB 0x400000 (for 1966080 allocation)
2506c0.36a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2516c0.36a0: System32: \Device\HarddiskVolume3\Windows\System32
2526c0.36a0: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
2536c0.36a0: KnownDllPath: C:\WINDOWS\System32
2546c0.36a0: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2556c0.36a0: Error opening VBoxDrvStub: STATUS_OBJECT_NAME_NOT_FOUND
2566c0.36a0: supR3HardenedWinReadErrorInfoDevice: NtCreateFile -> 0xc0000034
2576c0.36a0: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3)
2586c0.36a0: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)
259
260Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
2615b0.16f4: supR3HardenedWinCheckChild: enmRequest=2 rc=-101 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)
262
263Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
2645b0.16f4: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3)
2655b0.16f4: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)
266
267Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy