VirtualBox

Ticket #18791: VBoxHardening.log

File VBoxHardening.log, 17.4 KB (added by tkang007, 5 years ago)
Line 
12238.26b4: Log file opened: 5.2.33r132271 g_hStartupLog=000000000000001c g_uNtVerCombined=0x611db110
22238.26b4: \SystemRoot\System32\ntdll.dll:
32238.26b4: CreationTime: 2019-06-22T05:24:09.202909900Z
42238.26b4: LastWriteTime: 2019-05-16T15:08:29.092007100Z
52238.26b4: ChangeTime: 2019-06-22T08:53:51.194029100Z
62238.26b4: FileAttributes: 0x20
72238.26b4: Size: 0x196560
82238.26b4: NT Headers: 0xe0
92238.26b4: Timestamp: 0x5cdd7d10
102238.26b4: Machine: 0x8664 - amd64
112238.26b4: Timestamp: 0x5cdd7d10
122238.26b4: Image Version: 6.1
132238.26b4: SizeOfImage: 0x19f000 (1699840)
142238.26b4: Resource Dir: 0x142000 LB 0x5a028
152238.26b4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162238.26b4: [Raw version resource data: 0x1420f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172238.26b4: ProductName: Microsoft® Windows® Operating System
182238.26b4: ProductVersion: 6.1.7601.24475
192238.26b4: FileVersion: 6.1.7601.24475 (win7sp1_ldr.190516-0600)
202238.26b4: FileDescription: NT Layer DLL
212238.26b4: \SystemRoot\System32\kernel32.dll:
222238.26b4: CreationTime: 2019-06-22T05:24:20.858630900Z
232238.26b4: LastWriteTime: 2019-05-16T15:07:06.536000000Z
242238.26b4: ChangeTime: 2019-06-22T08:53:55.569057100Z
252238.26b4: FileAttributes: 0x20
262238.26b4: Size: 0x11be00
272238.26b4: NT Headers: 0xe0
282238.26b4: Timestamp: 0x5cdd7d44
292238.26b4: Machine: 0x8664 - amd64
302238.26b4: Timestamp: 0x5cdd7d44
312238.26b4: Image Version: 6.1
322238.26b4: SizeOfImage: 0x11f000 (1175552)
332238.26b4: Resource Dir: 0x116000 LB 0x528
342238.26b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352238.26b4: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362238.26b4: ProductName: Microsoft® Windows® Operating System
372238.26b4: ProductVersion: 6.1.7601.24475
382238.26b4: FileVersion: 6.1.7601.24475 (win7sp1_ldr.190516-0600)
392238.26b4: FileDescription: Windows NT BASE API Client DLL
402238.26b4: \SystemRoot\System32\KernelBase.dll:
412238.26b4: CreationTime: 2019-06-22T05:24:19.691593900Z
422238.26b4: LastWriteTime: 2019-05-16T15:07:06.536000000Z
432238.26b4: ChangeTime: 2019-06-22T08:53:55.615932400Z
442238.26b4: FileAttributes: 0x20
452238.26b4: Size: 0x63c00
462238.26b4: NT Headers: 0xe8
472238.26b4: Timestamp: 0x5cdd7d45
482238.26b4: Machine: 0x8664 - amd64
492238.26b4: Timestamp: 0x5cdd7d45
502238.26b4: Image Version: 6.1
512238.26b4: SizeOfImage: 0x67000 (421888)
522238.26b4: Resource Dir: 0x65000 LB 0x530
532238.26b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542238.26b4: [Raw version resource data: 0x650b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
552238.26b4: ProductName: Microsoft® Windows® Operating System
562238.26b4: ProductVersion: 6.1.7601.24475
572238.26b4: FileVersion: 6.1.7601.24475 (win7sp1_ldr.190516-0600)
582238.26b4: FileDescription: Windows NT BASE API Client DLL
592238.26b4: \SystemRoot\System32\apisetschema.dll:
602238.26b4: CreationTime: 2019-06-22T05:24:32.749712500Z
612238.26b4: LastWriteTime: 2019-05-16T15:06:08.558000000Z
622238.26b4: ChangeTime: 2019-06-22T08:53:51.022153000Z
632238.26b4: FileAttributes: 0x20
642238.26b4: Size: 0x1a00
652238.26b4: NT Headers: 0xc0
662238.26b4: Timestamp: 0x5cdd7ca9
672238.26b4: Machine: 0x8664 - amd64
682238.26b4: Timestamp: 0x5cdd7ca9
692238.26b4: Image Version: 6.1
702238.26b4: SizeOfImage: 0x50000 (327680)
712238.26b4: Resource Dir: 0x30000 LB 0x3f8
722238.26b4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732238.26b4: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
742238.26b4: ProductName: Microsoft® Windows® Operating System
752238.26b4: ProductVersion: 6.1.7601.24475
762238.26b4: FileVersion: 6.1.7601.24475 (win7sp1_ldr.190516-0600)
772238.26b4: FileDescription: ApiSet Schema DLL
782238.26b4: Found driver SymNetS (0x2)
792238.26b4: Found driver SRTSPX (0x2)
802238.26b4: Found driver SymEvent (0x2)
812238.26b4: Found driver SymIRON (0x2)
822238.26b4: supR3HardenedWinFindAdversaries: 0x2
832238.26b4: \SystemRoot\System32\drivers\symevent64x86.sys:
842238.26b4: CreationTime: 2019-07-24T05:40:43.014013900Z
852238.26b4: LastWriteTime: 2019-07-24T05:40:41.473915700Z
862238.26b4: ChangeTime: 2019-07-24T05:40:41.473915700Z
872238.26b4: FileAttributes: 0x2020
882238.26b4: Size: 0x18650
892238.26b4: NT Headers: 0xe8
902238.26b4: Timestamp: 0x5a95cc4b
912238.26b4: Machine: 0x8664 - amd64
922238.26b4: Timestamp: 0x5a95cc4b
932238.26b4: Image Version: 6.3
942238.26b4: SizeOfImage: 0x21000 (135168)
952238.26b4: Resource Dir: 0x1f000 LB 0x3c8
962238.26b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
972238.26b4: [Raw version resource data: 0x1f0b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
982238.26b4: ProductName: SYMEVENT
992238.26b4: ProductVersion: 14.0.6.27
1002238.26b4: FileVersion: 14.0.6.27
1012238.26b4: FileDescription: Symantec Event Library
1022238.26b4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1032238.26b4: Calling main()
1042238.26b4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1052238.26b4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1062238.26b4: SUPR3HardenedMain: Respawn #1
1072238.26b4: System32: \Device\HarddiskVolume2\Windows\System32
1082238.26b4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1092238.26b4: KnownDllPath: C:\Windows\system32
1102238.26b4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1112238.26b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1122238.26b4: supR3HardNtEnableThreadCreation:
1132238.26b4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b73710 pvNtTerminateThread=0000000077b99db0
1142238.26b4: supR3HardenedWinDoReSpawn(1): New child 1a78.eac [kernel32].
1152238.26b4: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
1162238.26b4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077b30000 uNtDllChildAddr=0000000077b30000
1172238.26b4: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077b73710
1182238.26b4: supR3HardenedWinSetupChildInit: Start child.
1192238.26b4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
1202238.26b4: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 59 sleeps
1212238.26b4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1222238.26b4: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
1232238.26b4: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
1242238.26b4: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
1252238.26b4: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
1262238.26b4: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
1272238.26b4: 0000000000041000-000000000004ffff 0x0001/0x0000 0x0000000
1282238.26b4: *0000000000050000-0000000000050fff 0x0020/0x0004 0x0020000 !!
1292238.26b4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000050000 (LB 0x1000, 0000000000050000 LB 0x1000)
1302238.26b4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000050000/0000000000050000 LB 0/0x1000]
1312238.26b4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000050000 LB 0x1c0000 s=0x10000 ap=0x0 rp=0x00000000000001
1322238.26b4: 0000000000051000-000000000020ffff 0x0001/0x0000 0x0000000
1332238.26b4: *0000000000210000-000000000030bfff 0x0000/0x0004 0x0020000
1342238.26b4: 000000000030c000-000000000030dfff 0x0104/0x0004 0x0020000
1352238.26b4: 000000000030e000-000000000030ffff 0x0004/0x0004 0x0020000
1362238.26b4: 0000000000310000-0000000077b2ffff 0x0001/0x0000 0x0000000
1372238.26b4: *0000000077b30000-0000000077b30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1382238.26b4: 0000000077b31000-0000000077c54fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1392238.26b4: 0000000077c55000-0000000077c5afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1402238.26b4: 0000000077c5b000-0000000077c5bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1412238.26b4: 0000000077c5c000-0000000077c63fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1422238.26b4: 0000000077c64000-0000000077ccefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1432238.26b4: 0000000077ccf000-000000007efdffff 0x0001/0x0000 0x0000000
1442238.26b4: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
1452238.26b4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1462238.26b4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1472238.26b4: 000000007fff0000-000000013fc4ffff 0x0001/0x0000 0x0000000
1482238.26b4: *000000013fc50000-000000013fc50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1492238.26b4: 000000013fc51000-000000013fcc1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1502238.26b4: 000000013fcc2000-000000013fcc2fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1512238.26b4: 000000013fcc3000-000000013fd09fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1522238.26b4: 000000013fd0a000-000000013fd0afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1532238.26b4: 000000013fd0b000-000000013fd0bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1542238.26b4: 000000013fd0c000-000000013fd10fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1552238.26b4: 000000013fd11000-000000013fd11fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1562238.26b4: 000000013fd12000-000000013fd12fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1572238.26b4: 000000013fd13000-000000013fd16fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1582238.26b4: 000000013fd17000-000000013fd5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1592238.26b4: 000000013fd5f000-000007feffe2ffff 0x0001/0x0000 0x0000000
1602238.26b4: *000007feffe30000-000007feffe30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
1612238.26b4: 000007feffe31000-000007fffffaffff 0x0001/0x0000 0x0000000
1622238.26b4: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
1632238.26b4: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
1642238.26b4: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
1652238.26b4: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
1662238.26b4: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
1672238.26b4: apisetschema.dll: timestamp 0x5cdd7ca9 (rc=VINF_SUCCESS)
1682238.26b4: VirtualBox.exe: timestamp 0x5d318309 (rc=VINF_SUCCESS)
1692238.26b4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1702238.26b4: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
1712238.26b4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1722238.26b4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x2 cPatchCount=0
1732238.26b4: supR3HardNtChildPurify: Startup delay kludge #1/1: 519 ms, 59 sleeps
1742238.26b4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1752238.26b4: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
1762238.26b4: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
1772238.26b4: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
1782238.26b4: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
1792238.26b4: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
1802238.26b4: 0000000000041000-000000000020ffff 0x0001/0x0000 0x0000000
1812238.26b4: *0000000000210000-000000000030bfff 0x0000/0x0004 0x0020000
1822238.26b4: 000000000030c000-000000000030dfff 0x0104/0x0004 0x0020000
1832238.26b4: 000000000030e000-000000000030ffff 0x0004/0x0004 0x0020000
1842238.26b4: 0000000000310000-0000000077b2ffff 0x0001/0x0000 0x0000000
1852238.26b4: *0000000077b30000-0000000077b30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1862238.26b4: 0000000077b31000-0000000077c54fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1872238.26b4: 0000000077c55000-0000000077c5afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1882238.26b4: 0000000077c5b000-0000000077c63fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1892238.26b4: 0000000077c64000-0000000077ccefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1902238.26b4: 0000000077ccf000-000000007efdffff 0x0001/0x0000 0x0000000
1912238.26b4: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
1922238.26b4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1932238.26b4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1942238.26b4: 000000007fff0000-000000013fc4ffff 0x0001/0x0000 0x0000000
1952238.26b4: *000000013fc50000-000000013fc50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1962238.26b4: 000000013fc51000-000000013fcc1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1972238.26b4: 000000013fcc2000-000000013fcc2fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1982238.26b4: 000000013fcc3000-000000013fd09fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1992238.26b4: 000000013fd0a000-000000013fd16fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2002238.26b4: 000000013fd17000-000000013fd5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2012238.26b4: 000000013fd5f000-000007feffe2ffff 0x0001/0x0000 0x0000000
2022238.26b4: *000007feffe30000-000007feffe30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
2032238.26b4: 000007feffe31000-000007fffffaffff 0x0001/0x0000 0x0000000
2042238.26b4: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
2052238.26b4: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
2062238.26b4: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
2072238.26b4: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
2082238.26b4: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
2092238.26b4: supR3HardNtChildPurify: Done after 1616 ms and 1 fixes (loop #1).
2102238.26b4: supR3HardNtEnableThreadCreation:
2111a78.eac: Log file opened: 5.2.33r132271 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
2121a78.eac: supR3HardenedVmProcessInit: uNtDllAddr=0000000077b30000 g_uNtVerCombined=0x611db100
2131a78.eac: ntdll.dll: timestamp 0x5cdd7d10 (rc=VINF_SUCCESS)
2141a78.eac: New simple heap: #1 0000000000310000 LB 0x400000 (for 1699840 allocation)
2151a78.eac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2161a78.eac: System32: \Device\HarddiskVolume2\Windows\System32
2171a78.eac: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
2181a78.eac: KnownDllPath: C:\Windows\system32
2191a78.eac: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2201a78.eac: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2211a78.eac: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2221a78.eac: Registered Dll notification callback with NTDLL.
2231a78.eac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2241a78.eac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2251a78.eac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2261a78.eac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2271a78.eac: supR3HardenedDllNotificationCallback: load 0000000077a10000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
2281a78.eac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2291a78.eac: supR3HardenedDllNotificationCallback: load 000007fefd800000 LB 0x00067000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
2301a78.eac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2311a78.eac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2321a78.eac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a10000 'C:\Windows\system32\kernel32.dll'
2332238.26b4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 68 ms, CloseEvents);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy