| 1 | be0.a18: Log file opened: 5.0.20r106931 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa042ee00
|
|---|
| 2 | be0.a18: \SystemRoot\System32\ntdll.dll:
|
|---|
| 3 | be0.a18: CreationTime: 2018-04-11T23:34:22.383017500Z
|
|---|
| 4 | be0.a18: LastWriteTime: 2018-04-11T23:34:22.383017500Z
|
|---|
| 5 | be0.a18: ChangeTime: 2018-10-23T11:53:31.178823900Z
|
|---|
| 6 | be0.a18: FileAttributes: 0x20
|
|---|
| 7 | be0.a18: Size: 0x1db2c0
|
|---|
| 8 | be0.a18: NT Headers: 0xe8
|
|---|
| 9 | be0.a18: Timestamp: 0x207580e2
|
|---|
| 10 | be0.a18: Machine: 0x8664 - amd64
|
|---|
| 11 | be0.a18: Timestamp: 0x207580e2
|
|---|
| 12 | be0.a18: Image Version: 10.0
|
|---|
| 13 | be0.a18: SizeOfImage: 0x1e1000 (1970176)
|
|---|
| 14 | be0.a18: Resource Dir: 0x174000 LB 0x6b338
|
|---|
| 15 | be0.a18: ProductName: Microsoft® Windows® Operating System
|
|---|
| 16 | be0.a18: ProductVersion: 10.0.17134.1
|
|---|
| 17 | be0.a18: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
|
|---|
| 18 | be0.a18: FileDescription: NT Layer DLL
|
|---|
| 19 | be0.a18: \SystemRoot\System32\kernel32.dll:
|
|---|
| 20 | be0.a18: CreationTime: 2018-04-11T23:34:40.510607900Z
|
|---|
| 21 | be0.a18: LastWriteTime: 2018-04-11T23:34:40.510607900Z
|
|---|
| 22 | be0.a18: ChangeTime: 2018-05-20T22:37:44.975970400Z
|
|---|
| 23 | be0.a18: FileAttributes: 0x20
|
|---|
| 24 | be0.a18: Size: 0xafef8
|
|---|
| 25 | be0.a18: NT Headers: 0xe8
|
|---|
| 26 | be0.a18: Timestamp: 0x5f488a51
|
|---|
| 27 | be0.a18: Machine: 0x8664 - amd64
|
|---|
| 28 | be0.a18: Timestamp: 0x5f488a51
|
|---|
| 29 | be0.a18: Image Version: 10.0
|
|---|
| 30 | be0.a18: SizeOfImage: 0xb2000 (729088)
|
|---|
| 31 | be0.a18: Resource Dir: 0xb0000 LB 0x520
|
|---|
| 32 | be0.a18: ProductName: Microsoft® Windows® Operating System
|
|---|
| 33 | be0.a18: ProductVersion: 10.0.17134.1
|
|---|
| 34 | be0.a18: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
|
|---|
| 35 | be0.a18: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 36 | be0.a18: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 37 | be0.a18: CreationTime: 2018-04-11T23:34:20.976649600Z
|
|---|
| 38 | be0.a18: LastWriteTime: 2018-04-11T23:34:20.976649600Z
|
|---|
| 39 | be0.a18: ChangeTime: 2018-10-23T11:53:31.288191200Z
|
|---|
| 40 | be0.a18: FileAttributes: 0x20
|
|---|
| 41 | be0.a18: Size: 0x2731d0
|
|---|
| 42 | be0.a18: NT Headers: 0xf8
|
|---|
| 43 | be0.a18: Timestamp: 0x701ca188
|
|---|
| 44 | be0.a18: Machine: 0x8664 - amd64
|
|---|
| 45 | be0.a18: Timestamp: 0x701ca188
|
|---|
| 46 | be0.a18: Image Version: 10.0
|
|---|
| 47 | be0.a18: SizeOfImage: 0x273000 (2568192)
|
|---|
| 48 | be0.a18: Resource Dir: 0x251000 LB 0x548
|
|---|
| 49 | be0.a18: ProductName: Microsoft® Windows® Operating System
|
|---|
| 50 | be0.a18: ProductVersion: 10.0.17134.1
|
|---|
| 51 | be0.a18: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
|
|---|
| 52 | be0.a18: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 53 | be0.a18: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 54 | be0.a18: CreationTime: 2018-04-11T23:34:44.042150700Z
|
|---|
| 55 | be0.a18: LastWriteTime: 2018-04-11T23:34:44.042150700Z
|
|---|
| 56 | be0.a18: ChangeTime: 2018-05-21T02:27:07.907105200Z
|
|---|
| 57 | be0.a18: FileAttributes: 0x20
|
|---|
| 58 | be0.a18: Size: 0x1bd98
|
|---|
| 59 | be0.a18: NT Headers: 0xd0
|
|---|
| 60 | be0.a18: Timestamp: 0xd02ff418
|
|---|
| 61 | be0.a18: Machine: 0x8664 - amd64
|
|---|
| 62 | be0.a18: Timestamp: 0xd02ff418
|
|---|
| 63 | be0.a18: Image Version: 10.0
|
|---|
| 64 | be0.a18: SizeOfImage: 0x1c000 (114688)
|
|---|
| 65 | be0.a18: Resource Dir: 0x1b000 LB 0x408
|
|---|
| 66 | be0.a18: ProductName: Microsoft® Windows® Operating System
|
|---|
| 67 | be0.a18: ProductVersion: 10.0.17134.1
|
|---|
| 68 | be0.a18: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
|
|---|
| 69 | be0.a18: FileDescription: ApiSet Schema DLL
|
|---|
| 70 | be0.a18: supR3HardenedWinFindAdversaries: 0x0
|
|---|
| 71 | be0.a18: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
|
|---|
| 72 | be0.a18: Calling main()
|
|---|
| 73 | be0.a18: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
|
|---|
| 74 | be0.a18: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
|
|---|
| 75 | be0.a18: SUPR3HardenedMain: Respawn #1
|
|---|
| 76 | be0.a18: System32: \Device\HarddiskVolume2\Windows\System32
|
|---|
| 77 | be0.a18: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
|
|---|
| 78 | be0.a18: KnownDllPath: C:\WINDOWS\System32
|
|---|
| 79 | be0.a18: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 80 | be0.a18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
|
|---|
| 81 | be0.a18: supR3HardNtEnableThreadCreation:
|
|---|
| 82 | be0.a18: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe536630e0 pvNtTerminateThread=00007ffe5368a9e0
|
|---|
| 83 | be0.a18: supR3HardenedWinDoReSpawn(1): New child bec.be4 [kernel32].
|
|---|
| 84 | be0.a18: supR3HardNtChildGatherData: PebBaseAddress=00000000006fa000 cbPeb=0x388
|
|---|
| 85 | be0.a18: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffe535f0000 uNtDllChildAddr=00007ffe535f0000
|
|---|
| 86 | be0.a18: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffe536630e0
|
|---|
| 87 | be0.a18: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 88 | be0.a18: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 89 | be0.a18: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 17 sleeps
|
|---|
| 90 | be0.a18: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 91 | be0.a18: *0000000000000000-ffffffffffb2ffff 0x0001/0x0000 0x0000000
|
|---|
| 92 | be0.a18: *00000000004d0000-00000000004affff 0x0004/0x0004 0x0020000
|
|---|
| 93 | be0.a18: *00000000004f0000-00000000004d6fff 0x0002/0x0002 0x0040000
|
|---|
| 94 | be0.a18: 0000000000509000-0000000000501fff 0x0001/0x0000 0x0000000
|
|---|
| 95 | be0.a18: *0000000000510000-000000000050bfff 0x0002/0x0002 0x0040000
|
|---|
| 96 | be0.a18: 0000000000514000-0000000000507fff 0x0001/0x0000 0x0000000
|
|---|
| 97 | be0.a18: *0000000000520000-000000000051efff 0x0004/0x0004 0x0020000
|
|---|
| 98 | be0.a18: 0000000000521000-0000000000441fff 0x0001/0x0000 0x0000000
|
|---|
| 99 | be0.a18: *0000000000600000-0000000000505fff 0x0000/0x0004 0x0020000
|
|---|
| 100 | be0.a18: 00000000006fa000-00000000006f6fff 0x0004/0x0004 0x0020000
|
|---|
| 101 | be0.a18: 00000000006fd000-00000000005f9fff 0x0000/0x0004 0x0020000
|
|---|
| 102 | be0.a18: *0000000000800000-0000000000704fff 0x0000/0x0004 0x0020000
|
|---|
| 103 | be0.a18: 00000000008fb000-00000000008f7fff 0x0104/0x0004 0x0020000
|
|---|
| 104 | be0.a18: 00000000008fe000-00000000008fbfff 0x0004/0x0004 0x0020000
|
|---|
| 105 | be0.a18: 0000000000900000-ffffffff8121ffff 0x0001/0x0000 0x0000000
|
|---|
| 106 | be0.a18: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
|
|---|
| 107 | be0.a18: 000000007ffe1000-ffff800b52621fff 0x0001/0x0000 0x0000000
|
|---|
| 108 | be0.a18: *00007ff5ad9a0000-00007ff5ad97cfff 0x0002/0x0002 0x0040000
|
|---|
| 109 | be0.a18: 00007ff5ad9c3000-00007ff372cb5fff 0x0001/0x0000 0x0000000
|
|---|
| 110 | be0.a18: *00007ff7e86d0000-00007ff7e86d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 111 | be0.a18: 00007ff7e86d1000-00007ff7e8740fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 112 | be0.a18: 00007ff7e8741000-00007ff7e8741fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 113 | be0.a18: 00007ff7e8742000-00007ff7e8786fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 114 | be0.a18: 00007ff7e8787000-00007ff7e8787fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 115 | be0.a18: 00007ff7e8788000-00007ff7e8788fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 116 | be0.a18: 00007ff7e8789000-00007ff7e878dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 117 | be0.a18: 00007ff7e878e000-00007ff7e878efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 118 | be0.a18: 00007ff7e878f000-00007ff7e878ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 119 | be0.a18: 00007ff7e8790000-00007ff7e8793fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 120 | be0.a18: 00007ff7e8794000-00007ff7e87dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 121 | be0.a18: 00007ff7e87dc000-00007ff17d9c7fff 0x0001/0x0000 0x0000000
|
|---|
| 122 | be0.a18: *00007ffe535f0000-00007ffe535f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 123 | be0.a18: 00007ffe535f1000-00007ffe536fffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 124 | be0.a18: 00007ffe53700000-00007ffe53745fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 125 | be0.a18: 00007ffe53746000-00007ffe53750fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 126 | be0.a18: 00007ffe53751000-00007ffe5375efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 127 | be0.a18: 00007ffe5375f000-00007ffe5375ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 128 | be0.a18: 00007ffe53760000-00007ffe53762fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 129 | be0.a18: 00007ffe53763000-00007ffe537d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 130 | be0.a18: 00007ffe537d1000-00007ffca6fb1fff 0x0001/0x0000 0x0000000
|
|---|
| 131 | be0.a18: VirtualBox.exe: timestamp 0x57220aaf (rc=VINF_SUCCESS)
|
|---|
| 132 | be0.a18: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 133 | be0.a18: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
|
|---|
| 134 | be0.a18: supR3HardNtChildPurify: Done after 297 ms and 0 fixes (loop #0).
|
|---|
| 135 | bec.be4: Log file opened: 5.0.20r106931 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
|
|---|
| 136 | bec.be4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffe535f0000 g_uNtVerCombined=0xa042ee00
|
|---|
| 137 | bec.be4: ntdll.dll: timestamp 0x207580e2 (rc=VINF_SUCCESS)
|
|---|
| 138 | bec.be4: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1970176 allocation)
|
|---|
| 139 | be0.a18: supR3HardNtEnableThreadCreation:
|
|---|
| 140 | bec.be4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
|
|---|
| 141 | bec.be4: System32: \Device\HarddiskVolume2\Windows\System32
|
|---|
| 142 | bec.be4: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
|
|---|
| 143 | bec.be4: KnownDllPath: C:\WINDOWS\System32
|
|---|
| 144 | bec.be4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
|
|---|
| 145 | bec.be4: Error opening VBoxDrvStub: STATUS_OBJECT_NAME_NOT_FOUND
|
|---|
| 146 | bec.be4: supR3HardenedWinReadErrorInfoDevice: NtCreateFile -> 0xc0000034
|
|---|
| 147 | bec.be4: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3)
|
|---|
| 148 | bec.be4: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)
|
|---|
| 149 |
|
|---|
| 150 | Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
|
|---|
| 151 | be0.a18: supR3HardenedWinCheckChild: enmRequest=2 rc=-101 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)
|
|---|
| 152 |
|
|---|
| 153 | Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
|
|---|
| 154 | be0.a18: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3)
|
|---|
| 155 | be0.a18: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)
|
|---|
| 156 |
|
|---|
| 157 | Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
|
|---|