API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 31st, 2024
62
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 54.05 KB | None | 0 0
raw download clone embed print report
  1. 5050.2ed0: \SystemRoot\System32\ntdll.dll:
  2. 5050.2ed0: CreationTime: 2024-12-27T04:46:48.085800000Z
  3. 5050.2ed0: LastWriteTime: 2024-12-27T04:46:48.230755400Z
  4. 5050.2ed0: ChangeTime: 2024-12-27T10:39:59.823242500Z
  5. 5050.2ed0: FileAttributes: 0x20
  6. 5050.2ed0: Size: 0x216050
  7. 5050.2ed0: NT Headers: 0xe8
  8. 5050.2ed0: Timestamp: 0xe7035eba
  9. 5050.2ed0: Machine: 0x8664 - amd64
  10. 5050.2ed0: Timestamp: 0xe7035eba
  11. 5050.2ed0: Image Version: 10.0
  12. 5050.2ed0: SizeOfImage: 0x217000 (2191360)
  13. 5050.2ed0: Resource Dir: 0x1a0000 LB 0x759a8
  14. 5050.2ed0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
  15. 5050.2ed0: [Raw version resource data: 0x1a00f0 LB 0x380, codepage 0x0 (reserved 0x0)]
  16. 5050.2ed0: ProductName: Microsoft® Windows® Operating System
  17. 5050.2ed0: ProductVersion: 10.0.22621.4541
  18. 5050.2ed0: FileVersion: 10.0.22621.4541 (WinBuild.160101.0800)
  19. 5050.2ed0: FileDescription: NT Layer DLL
  20. 5050.2ed0: \SystemRoot\System32\kernel32.dll:
  21. 5050.2ed0: CreationTime: 2024-12-27T04:46:46.481290000Z
  22. 5050.2ed0: LastWriteTime: 2024-12-27T04:46:46.553985700Z
  23. 5050.2ed0: ChangeTime: 2024-12-27T10:39:47.087420300Z
  24. 5050.2ed0: FileAttributes: 0x20
  25. 5050.2ed0: Size: 0xc71e0
  26. 5050.2ed0: NT Headers: 0xe8
  27. 5050.2ed0: Timestamp: 0x1ef15383
  28. 5050.2ed0: Machine: 0x8664 - amd64
  29. 5050.2ed0: Timestamp: 0x1ef15383
  30. 5050.2ed0: Image Version: 10.0
  31. 5050.2ed0: SizeOfImage: 0xc4000 (802816)
  32. 5050.2ed0: Resource Dir: 0xc2000 LB 0x520
  33. 5050.2ed0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  34. 5050.2ed0: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
  35. 5050.2ed0: ProductName: Microsoft® Windows® Operating System
  36. 5050.2ed0: ProductVersion: 10.0.22621.4391
  37. 5050.2ed0: FileVersion: 10.0.22621.4391 (WinBuild.160101.0800)
  38. 5050.2ed0: FileDescription: Windows NT BASE API Client DLL
  39. 5050.2ed0: \SystemRoot\System32\KernelBase.dll:
  40. 5050.2ed0: CreationTime: 2024-12-27T04:46:50.984447700Z
  41. 5050.2ed0: LastWriteTime: 2024-12-27T04:46:51.497833800Z
  42. 5050.2ed0: ChangeTime: 2024-12-27T10:39:57.596691700Z
  43. 5050.2ed0: FileAttributes: 0x20
  44. 5050.2ed0: Size: 0x3c0bb0
  45. 5050.2ed0: NT Headers: 0xf8
  46. 5050.2ed0: Timestamp: 0x8ca6fab8
  47. 5050.2ed0: Machine: 0x8664 - amd64
  48. 5050.2ed0: Timestamp: 0x8ca6fab8
  49. 5050.2ed0: Image Version: 10.0
  50. 5050.2ed0: SizeOfImage: 0x3ba000 (3907584)
  51. 5050.2ed0: Resource Dir: 0x389000 LB 0x548
  52. 5050.2ed0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  53. 5050.2ed0: [Raw version resource data: 0x3890b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
  54. 5050.2ed0: ProductName: Microsoft® Windows® Operating System
  55. 5050.2ed0: ProductVersion: 10.0.22621.4541
  56. 5050.2ed0: FileVersion: 10.0.22621.4541 (WinBuild.160101.0800)
  57. 5050.2ed0: FileDescription: Windows NT BASE API Client DLL
  58. 5050.2ed0: \SystemRoot\System32\apisetschema.dll:
  59. 5050.2ed0: CreationTime: 2024-12-23T14:22:41.175102100Z
  60. 5050.2ed0: LastWriteTime: 2024-12-23T14:22:41.175102100Z
  61. 5050.2ed0: ChangeTime: 2024-12-27T04:53:23.177148400Z
  62. 5050.2ed0: FileAttributes: 0x20
  63. 5050.2ed0: Size: 0x245e0
  64. 5050.2ed0: NT Headers: 0xc8
  65. 5050.2ed0: Timestamp: 0x8f476251
  66. 5050.2ed0: Machine: 0x8664 - amd64
  67. 5050.2ed0: Timestamp: 0x8f476251
  68. 5050.2ed0: Image Version: 10.0
  69. 5050.2ed0: SizeOfImage: 0x23000 (143360)
  70. 5050.2ed0: Resource Dir: 0x22000 LB 0x408
  71. 5050.2ed0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  72. 5050.2ed0: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
  73. 5050.2ed0: ProductName: Microsoft® Windows® Operating System
  74. 5050.2ed0: ProductVersion: 10.0.22621.3958
  75. 5050.2ed0: FileVersion: 10.0.22621.3958 (WinBuild.160101.0800)
  76. 5050.2ed0: FileDescription: ApiSet Schema DLL
  77. 5050.2ed0: supR3HardenedWinFindAdversaries: 0x0
  78. 5050.2ed0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Windows'
  79. 5050.2ed0: Calling main()
  80. 5050.2ed0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
  81. 5050.2ed0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Windows'
  82. 5050.2ed0: SUPR3HardenedMain: Respawn #1
  83. 5050.2ed0: System32: \Device\HarddiskVolume3\Windows\System32
  84. 5050.2ed0: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
  85. 5050.2ed0: KnownDllPath: C:\Windows\System32
  86. 5050.2ed0: supR3HardenedWinInit: Performing a limited self purification...
  87. 5050.2ed0: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
  88. 5050.2ed0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
  89. 5050.2ed0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  90. 5050.2ed0: 000000007ffe1000-000000007ffe7fff 0x0001/0x0000 0x0000000
  91. 5050.2ed0: *000000007ffe8000-000000007ffe8fff 0x0002/0x0002 0x0020000
  92. 5050.2ed0: 000000007ffe9000-000000d6715fffff 0x0001/0x0000 0x0000000
  93. 5050.2ed0: *000000d671600000-000000d671745fff 0x0000/0x0004 0x0020000
  94. 5050.2ed0: 000000d671746000-000000d671748fff 0x0004/0x0004 0x0020000
  95. 5050.2ed0: 000000d671749000-000000d6717fffff 0x0000/0x0004 0x0020000
  96. 5050.2ed0: *000000d671800000-000000d6718b8fff 0x0000/0x0004 0x0020000
  97. 5050.2ed0: 000000d6718b9000-000000d6718bbfff 0x0104/0x0004 0x0020000
  98. 5050.2ed0: 000000d6718bc000-000000d6718fffff 0x0004/0x0004 0x0020000
  99. 5050.2ed0: 000000d671900000-000001ed518dffff 0x0001/0x0000 0x0000000
  100. 5050.2ed0: *000001ed518e0000-000001ed518effff 0x0004/0x0004 0x0040000
  101. 5050.2ed0: *000001ed518f0000-000001ed518f2fff 0x0002/0x0002 0x0040000
  102. 5050.2ed0: 000001ed518f3000-000001ed518fffff 0x0001/0x0000 0x0000000
  103. 5050.2ed0: *000001ed51900000-000001ed5191efff 0x0002/0x0002 0x0040000
  104. 5050.2ed0: 000001ed5191f000-000001ed5191ffff 0x0001/0x0000 0x0000000
  105. 5050.2ed0: *000001ed51920000-000001ed51923fff 0x0002/0x0002 0x0040000
  106. 5050.2ed0: 000001ed51924000-000001ed5192ffff 0x0001/0x0000 0x0000000
  107. 5050.2ed0: *000001ed51930000-000001ed51930fff 0x0002/0x0002 0x0040000
  108. 5050.2ed0: 000001ed51931000-000001ed5193ffff 0x0001/0x0000 0x0000000
  109. 5050.2ed0: *000001ed51940000-000001ed51941fff 0x0004/0x0004 0x0020000
  110. 5050.2ed0: 000001ed51942000-000001ed5194ffff 0x0001/0x0000 0x0000000
  111. 5050.2ed0: *000001ed51950000-000001ed51952fff 0x0002/0x0002 0x0040000
  112. 5050.2ed0: 000001ed51953000-000001ed5195ffff 0x0001/0x0000 0x0000000
  113. 5050.2ed0: *000001ed51960000-000001ed51961fff 0x0004/0x0004 0x0020000
  114. 5050.2ed0: 000001ed51962000-000001ed519c1fff 0x0000/0x0004 0x0020000
  115. 5050.2ed0: 000001ed519c2000-000001ed519cffff 0x0001/0x0000 0x0000000
  116. 5050.2ed0: *000001ed519d0000-000001ed519d3fff 0x0002/0x0002 0x0040000
  117. 5050.2ed0: 000001ed519d4000-000001ed519dffff 0x0001/0x0000 0x0000000
  118. 5050.2ed0: *000001ed519e0000-000001ed519e3fff 0x0002/0x0002 0x0040000
  119. 5050.2ed0: 000001ed519e4000-000001ed519effff 0x0001/0x0000 0x0000000
  120. 5050.2ed0: *000001ed519f0000-000001ed519f1fff 0x0002/0x0002 0x0040000
  121. 5050.2ed0: 000001ed519f2000-000001ed51a3ffff 0x0001/0x0000 0x0000000
  122. 5050.2ed0: *000001ed51a40000-000001ed51a49fff 0x0004/0x0004 0x0020000
  123. 5050.2ed0: 000001ed51a4a000-000001ed51b3ffff 0x0000/0x0004 0x0020000
  124. 5050.2ed0: *000001ed51b40000-000001ed51c0dfff 0x0002/0x0002 0x0040000
  125. 5050.2ed0: 000001ed51c0e000-000001ed51c0ffff 0x0001/0x0000 0x0000000
  126. 5050.2ed0: *000001ed51c10000-000001ed51c11fff 0x0004/0x0004 0x0020000
  127. 5050.2ed0: 000001ed51c12000-000001ed51c71fff 0x0000/0x0004 0x0020000
  128. 5050.2ed0: 000001ed51c72000-000001ed51d1ffff 0x0001/0x0000 0x0000000
  129. 5050.2ed0: *000001ed51d20000-000001ed51d2efff 0x0004/0x0004 0x0020000
  130. 5050.2ed0: 000001ed51d2f000-000001ed51d2ffff 0x0000/0x0004 0x0020000
  131. 5050.2ed0: *000001ed51d30000-000001ed51d3cfff 0x0000/0x0004 0x0020000
  132. 5050.2ed0: 000001ed51d3d000-000001ed51f54fff 0x0004/0x0004 0x0020000
  133. 5050.2ed0: 000001ed51f55000-000001ed51f55fff 0x0000/0x0004 0x0020000
  134. 5050.2ed0: 000001ed51f56000-000001ed51f5ffff 0x0001/0x0000 0x0000000
  135. 5050.2ed0: *000001ed51f60000-000001ed51f89fff 0x0004/0x0004 0x0020000
  136. 5050.2ed0: 000001ed51f8a000-000001ed5205ffff 0x0000/0x0004 0x0020000
  137. 5050.2ed0: 000001ed52060000-00007df4d84fffff 0x0001/0x0000 0x0000000
  138. 5050.2ed0: *00007df4d8500000-00007df4d8504fff 0x0002/0x0002 0x0040000
  139. 5050.2ed0: 00007df4d8505000-00007df4d85fffff 0x0000/0x0002 0x0040000
  140. 5050.2ed0: *00007df4d8600000-00007df5d861ffff 0x0000/0x0004 0x0020000
  141. 5050.2ed0: *00007df5d8620000-00007df5da61ffff 0x0000/0x0004 0x0020000
  142. 5050.2ed0: 00007df5da620000-00007df5da620fff 0x0004/0x0004 0x0020000
  143. 5050.2ed0: 00007df5da621000-00007df5da62ffff 0x0001/0x0000 0x0000000
  144. 5050.2ed0: *00007df5da630000-00007df5da630fff 0x0002/0x0002 0x0040000
  145. 5050.2ed0: 00007df5da631000-00007df5da63ffff 0x0001/0x0000 0x0000000
  146. 5050.2ed0: *00007df5da640000-00007df5dba6ffff 0x0000/0x0001 0x0040000
  147. 5050.2ed0: 00007df5dba70000-00007df5dba76fff 0x0001/0x0001 0x0040000
  148. 5050.2ed0: 00007df5dba77000-00007df5dc3f7fff 0x0000/0x0001 0x0040000
  149. 5050.2ed0: 00007df5dc3f8000-00007df5dc431fff 0x0001/0x0001 0x0040000
  150. 5050.2ed0: 00007df5dc432000-00007ff5b52ddfff 0x0000/0x0001 0x0040000
  151. 5050.2ed0: 00007ff5b52de000-00007ff5b52e2fff 0x0002/0x0001 0x0040000
  152. 5050.2ed0: 00007ff5b52e3000-00007ff5ca54afff 0x0000/0x0001 0x0040000
  153. 5050.2ed0: 00007ff5ca54b000-00007ff5cd0eefff 0x0001/0x0001 0x0040000
  154. 5050.2ed0: 00007ff5cd0ef000-00007ff5cd0fefff 0x0002/0x0001 0x0040000
  155. 5050.2ed0: 00007ff5cd0ff000-00007ff5cd182fff 0x0001/0x0001 0x0040000
  156. 5050.2ed0: 00007ff5cd183000-00007ff5cd186fff 0x0002/0x0001 0x0040000
  157. 5050.2ed0: 00007ff5cd187000-00007ff5cd190fff 0x0001/0x0001 0x0040000
  158. 5050.2ed0: 00007ff5cd191000-00007ff5cd199fff 0x0002/0x0001 0x0040000
  159. 5050.2ed0: 00007ff5cd19a000-00007ff5da63ffff 0x0000/0x0001 0x0040000
  160. 5050.2ed0: 00007ff5da640000-00007ff6b279ffff 0x0001/0x0000 0x0000000
  161. 5050.2ed0: *00007ff6b27a0000-00007ff6b27a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  162. 5050.2ed0: 00007ff6b27a1000-00007ff6b280bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  163. 5050.2ed0: 00007ff6b280c000-00007ff6b280cfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  164. 5050.2ed0: 00007ff6b280d000-00007ff6b2860fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  165. 5050.2ed0: 00007ff6b2861000-00007ff6b2863fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  166. 5050.2ed0: 00007ff6b2864000-00007ff6b2866fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  167. 5050.2ed0: 00007ff6b2867000-00007ff6b2869fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  168. 5050.2ed0: 00007ff6b286a000-00007ff6b286afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  169. 5050.2ed0: 00007ff6b286b000-00007ff6b286cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  170. 5050.2ed0: 00007ff6b286d000-00007ff6b286dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  171. 5050.2ed0: 00007ff6b286e000-00007ff6b28a7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  172. 5050.2ed0: 00007ff6b28a8000-00007ffcaabeffff 0x0001/0x0000 0x0000000
  173. 5050.2ed0: *00007ffcaabf0000-00007ffcaabf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
  174. 5050.2ed0: 00007ffcaabf1000-00007ffcaad90fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
  175. 5050.2ed0: 00007ffcaad91000-00007ffcaaf57fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
  176. 5050.2ed0: 00007ffcaaf58000-00007ffcaaf5cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
  177. 5050.2ed0: 00007ffcaaf5d000-00007ffcaaf5dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
  178. 5050.2ed0: 00007ffcaaf5e000-00007ffcaafa9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
  179. 5050.2ed0: 00007ffcaafaa000-00007ffcad0bffff 0x0001/0x0000 0x0000000
  180. 5050.2ed0: *00007ffcad0c0000-00007ffcad0c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
  181. 5050.2ed0: 00007ffcad0c1000-00007ffcad141fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
  182. 5050.2ed0: 00007ffcad142000-00007ffcad178fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
  183. 5050.2ed0: 00007ffcad179000-00007ffcad179fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
  184. 5050.2ed0: 00007ffcad17a000-00007ffcad17afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
  185. 5050.2ed0: 00007ffcad17b000-00007ffcad183fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
  186. 5050.2ed0: 00007ffcad184000-00007ffcad44ffff 0x0001/0x0000 0x0000000
  187. 5050.2ed0: *00007ffcad450000-00007ffcad450fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  188. 5050.2ed0: 00007ffcad451000-00007ffcad581fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  189. 5050.2ed0: 00007ffcad582000-00007ffcad5cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  190. 5050.2ed0: 00007ffcad5d0000-00007ffcad5d0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  191. 5050.2ed0: 00007ffcad5d1000-00007ffcad5d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  192. 5050.2ed0: 00007ffcad5d3000-00007ffcad5dbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  193. 5050.2ed0: 00007ffcad5dc000-00007ffcad666fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  194. 5050.2ed0: 00007ffcad667000-00007ffffffeffff 0x0001/0x0000 0x0000000
  195. 5050.2ed0: kernel32.dll: timestamp 0x1ef15383 (rc=VINF_SUCCESS)
  196. 5050.2ed0: kernelbase.dll: timestamp 0x8ca6fab8 (rc=VINF_SUCCESS)
  197. 5050.2ed0: VirtualBoxVM.exe: timestamp 0x670807b4 (rc=VINF_SUCCESS)
  198. 5050.2ed0: '\Device\HarddiskVolume3\Windows\VirtualBoxVM.exe' has no imports
  199. 5050.2ed0: VirtualBoxVM.exe: Differences in section #7 (.00cfg) between file and memory:
  200. 5050.2ed0: 00007ff6b2875000 / 0x00d5000: 10 != 30
  201. 5050.2ed0: 00007ff6b2875001 / 0x00d5001: e5 != f2
  202. 5050.2ed0: 00007ff6b2875002 / 0x00d5002: 7b != 4d
  203. 5050.2ed0: 00007ff6b2875003 / 0x00d5003: b2 != ad
  204. 5050.2ed0: 00007ff6b2875004 / 0x00d5004: f6 != fc
  205. 5050.2ed0: 00007ff6b2875008 / 0x00d5008: 10 != 30
  206. 5050.2ed0: 00007ff6b2875009 / 0x00d5009: e5 != f2
  207. 5050.2ed0: 00007ff6b287500a / 0x00d500a: 7b != 4d
  208. 5050.2ed0: 00007ff6b287500b / 0x00d500b: b2 != ad
  209. 5050.2ed0: 00007ff6b287500c / 0x00d500c: f6 != fc
  210. 5050.2ed0: 00007ff6b2875010 / 0x00d5010: 00 != 70
  211. 5050.2ed0: 00007ff6b2875011 / 0x00d5011: b3 != f3
  212. 5050.2ed0: 00007ff6b2875012 / 0x00d5012: 80 != 4d
  213. 5050.2ed0: 00007ff6b2875013 / 0x00d5013: b2 != ad
  214. 5050.2ed0: 00007ff6b2875014 / 0x00d5014: f6 != fc
  215. 5050.2ed0: 00007ff6b2875018 / 0x00d5018: 20 != 70
  216. 5050.2ed0: 00007ff6b2875019 / 0x00d5019: b3 != f3
  217. 5050.2ed0: 00007ff6b287501a / 0x00d501a: 80 != 4d
  218. 5050.2ed0: 00007ff6b287501b / 0x00d501b: b2 != ad
  219. 5050.2ed0: 00007ff6b287501c / 0x00d501c: f6 != fc
  220. 5050.2ed0: 00007ff6b2875020 / 0x00d5020: 20 != 70
  221. 5050.2ed0: 00007ff6b2875021 / 0x00d5021: b3 != f3
  222. 5050.2ed0: 00007ff6b2875022 / 0x00d5022: 80 != 4d
  223. 5050.2ed0: 00007ff6b2875023 / 0x00d5023: b2 != ad
  224. 5050.2ed0: 00007ff6b2875024 / 0x00d5024: f6 != fc
  225. 5050.2ed0: Restored 0x28 bytes of original file content at 00007ff6b2875000
  226. 5050.2ed0: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
  227. 5050.2ed0: 00007ff6b28a6b28 / 0x0106b28: 00 != 50
  228. 5050.2ed0: 00007ff6b28a6b29 / 0x0106b29: 00 != 41
  229. 5050.2ed0: 00007ff6b28a6b2a / 0x0106b2a: 00 != 44
  230. 5050.2ed0: 00007ff6b28a6b2b / 0x0106b2b: 00 != 44
  231. 5050.2ed0: 00007ff6b28a6b2c / 0x0106b2c: 00 != 49
  232. 5050.2ed0: 00007ff6b28a6b2d / 0x0106b2d: 00 != 4e
  233. 5050.2ed0: 00007ff6b28a6b2e / 0x0106b2e: 00 != 47
  234. 5050.2ed0: 00007ff6b28a6b2f / 0x0106b2f: 00 != 58
  235. 5050.2ed0: 00007ff6b28a6b30 / 0x0106b30: 00 != 58
  236. 5050.2ed0: 00007ff6b28a6b31 / 0x0106b31: 00 != 50
  237. 5050.2ed0: 00007ff6b28a6b32 / 0x0106b32: 00 != 41
  238. 5050.2ed0: 00007ff6b28a6b33 / 0x0106b33: 00 != 44
  239. 5050.2ed0: 00007ff6b28a6b34 / 0x0106b34: 00 != 44
  240. 5050.2ed0: 00007ff6b28a6b35 / 0x0106b35: 00 != 49
  241. 5050.2ed0: 00007ff6b28a6b36 / 0x0106b36: 00 != 4e
  242. 5050.2ed0: 00007ff6b28a6b37 / 0x0106b37: 00 != 47
  243. 5050.2ed0: 00007ff6b28a6b38 / 0x0106b38: 00 != 50
  244. 5050.2ed0: 00007ff6b28a6b39 / 0x0106b39: 00 != 41
  245. 5050.2ed0: 00007ff6b28a6b3a / 0x0106b3a: 00 != 44
  246. 5050.2ed0: 00007ff6b28a6b3b / 0x0106b3b: 00 != 44
  247. 5050.2ed0: 00007ff6b28a6b3c / 0x0106b3c: 00 != 49
  248. 5050.2ed0: 00007ff6b28a6b3d / 0x0106b3d: 00 != 4e
  249. 5050.2ed0: 00007ff6b28a6b3e / 0x0106b3e: 00 != 47
  250. 5050.2ed0: 00007ff6b28a6b3f / 0x0106b3f: 00 != 58
  251. 5050.2ed0: 00007ff6b28a6b40 / 0x0106b40: 00 != 58
  252. 5050.2ed0: 00007ff6b28a6b41 / 0x0106b41: 00 != 50
  253. 5050.2ed0: 00007ff6b28a6b42 / 0x0106b42: 00 != 41
  254. 5050.2ed0: 00007ff6b28a6b43 / 0x0106b43: 00 != 44
  255. 5050.2ed0: 00007ff6b28a6b44 / 0x0106b44: 00 != 44
  256. 5050.2ed0: 00007ff6b28a6b45 / 0x0106b45: 00 != 49
  257. 5050.2ed0: 00007ff6b28a6b46 / 0x0106b46: 00 != 4e
  258. 5050.2ed0: 00007ff6b28a6b47 / 0x0106b47: 00 != 47
  259. 5050.2ed0: 00007ff6b28a6b48 / 0x0106b48: 00 != 50
  260. 5050.2ed0: 00007ff6b28a6b49 / 0x0106b49: 00 != 41
  261. 5050.2ed0: 00007ff6b28a6b4a / 0x0106b4a: 00 != 44
  262. 5050.2ed0: 00007ff6b28a6b4b / 0x0106b4b: 00 != 44
  263. 5050.2ed0: 00007ff6b28a6b4c / 0x0106b4c: 00 != 49
  264. 5050.2ed0: 00007ff6b28a6b4d / 0x0106b4d: 00 != 4e
  265. 5050.2ed0: 00007ff6b28a6b4e / 0x0106b4e: 00 != 47
  266. 5050.2ed0: 00007ff6b28a6b4f / 0x0106b4f: 00 != 58
  267. 5050.2ed0: 00007ff6b28a6b50 / 0x0106b50: 00 != 58
  268. 5050.2ed0: 00007ff6b28a6b51 / 0x0106b51: 00 != 50
  269. 5050.2ed0: 00007ff6b28a6b52 / 0x0106b52: 00 != 41
  270. 5050.2ed0: 00007ff6b28a6b53 / 0x0106b53: 00 != 44
  271. 5050.2ed0: 00007ff6b28a6b54 / 0x0106b54: 00 != 44
  272. 5050.2ed0: 00007ff6b28a6b55 / 0x0106b55: 00 != 49
  273. 5050.2ed0: 00007ff6b28a6b56 / 0x0106b56: 00 != 4e
  274. 5050.2ed0: 00007ff6b28a6b57 / 0x0106b57: 00 != 47
  275. 5050.2ed0: 00007ff6b28a6b58 / 0x0106b58: 00 != 50
  276. 5050.2ed0: 00007ff6b28a6b59 / 0x0106b59: 00 != 41
  277. 5050.2ed0: 00007ff6b28a6b5a / 0x0106b5a: 00 != 44
  278. 5050.2ed0: 00007ff6b28a6b5b / 0x0106b5b: 00 != 44
  279. 5050.2ed0: 00007ff6b28a6b5c / 0x0106b5c: 00 != 49
  280. 5050.2ed0: 00007ff6b28a6b5d / 0x0106b5d: 00 != 4e
  281. 5050.2ed0: 00007ff6b28a6b5e / 0x0106b5e: 00 != 47
  282. 5050.2ed0: 00007ff6b28a6b5f / 0x0106b5f: 00 != 58
  283. 5050.2ed0: 00007ff6b28a6b60 / 0x0106b60: 00 != 58
  284. 5050.2ed0: 00007ff6b28a6b61 / 0x0106b61: 00 != 50
  285. 5050.2ed0: 00007ff6b28a6b62 / 0x0106b62: 00 != 41
  286. 5050.2ed0: 00007ff6b28a6b63 / 0x0106b63: 00 != 44
  287. 5050.2ed0: 00007ff6b28a6b64 / 0x0106b64: 00 != 44
  288. 5050.2ed0: 00007ff6b28a6b65 / 0x0106b65: 00 != 49
  289. 5050.2ed0: 00007ff6b28a6b66 / 0x0106b66: 00 != 4e
  290. 5050.2ed0: 00007ff6b28a6b67 / 0x0106b67: 00 != 47
  291. 5050.2ed0: 00007ff6b28a6b68 / 0x0106b68: 00 != 50
  292. 5050.2ed0: 00007ff6b28a6b69 / 0x0106b69: 00 != 41
  293. 5050.2ed0: 00007ff6b28a6b6a / 0x0106b6a: 00 != 44
  294. 5050.2ed0: 00007ff6b28a6b6b / 0x0106b6b: 00 != 44
  295. 5050.2ed0: 00007ff6b28a6b6c / 0x0106b6c: 00 != 49
  296. 5050.2ed0: 00007ff6b28a6b6d / 0x0106b6d: 00 != 4e
  297. 5050.2ed0: 00007ff6b28a6b6e / 0x0106b6e: 00 != 47
  298. 5050.2ed0: 00007ff6b28a6b6f / 0x0106b6f: 00 != 58
  299. 5050.2ed0: 00007ff6b28a6b70 / 0x0106b70: 00 != 58
  300. 5050.2ed0: 00007ff6b28a6b71 / 0x0106b71: 00 != 50
  301. 5050.2ed0: 00007ff6b28a6b72 / 0x0106b72: 00 != 41
  302. 5050.2ed0: 00007ff6b28a6b73 / 0x0106b73: 00 != 44
  303. 5050.2ed0: 00007ff6b28a6b74 / 0x0106b74: 00 != 44
  304. 5050.2ed0: 00007ff6b28a6b75 / 0x0106b75: 00 != 49
  305. 5050.2ed0: 00007ff6b28a6b76 / 0x0106b76: 00 != 4e
  306. 5050.2ed0: 00007ff6b28a6b77 / 0x0106b77: 00 != 47
  307. 5050.2ed0: 00007ff6b28a6b78 / 0x0106b78: 00 != 50
  308. 5050.2ed0: 00007ff6b28a6b79 / 0x0106b79: 00 != 41
  309. 5050.2ed0: 00007ff6b28a6b7a / 0x0106b7a: 00 != 44
  310. 5050.2ed0: 00007ff6b28a6b7b / 0x0106b7b: 00 != 44
  311. 5050.2ed0: 00007ff6b28a6b7c / 0x0106b7c: 00 != 49
  312. 5050.2ed0: 00007ff6b28a6b7d / 0x0106b7d: 00 != 4e
  313. 5050.2ed0: 00007ff6b28a6b7e / 0x0106b7e: 00 != 47
  314. 5050.2ed0: 00007ff6b28a6b7f / 0x0106b7f: 00 != 58
  315. 5050.2ed0: 00007ff6b28a6b80 / 0x0106b80: 00 != 58
  316. 5050.2ed0: 00007ff6b28a6b81 / 0x0106b81: 00 != 50
  317. 5050.2ed0: 00007ff6b28a6b82 / 0x0106b82: 00 != 41
  318. 5050.2ed0: 00007ff6b28a6b83 / 0x0106b83: 00 != 44
  319. 5050.2ed0: 00007ff6b28a6b84 / 0x0106b84: 00 != 44
  320. 5050.2ed0: 00007ff6b28a6b85 / 0x0106b85: 00 != 49
  321. 5050.2ed0: 00007ff6b28a6b86 / 0x0106b86: 00 != 4e
  322. 5050.2ed0: 00007ff6b28a6b87 / 0x0106b87: 00 != 47
  323. 5050.2ed0: 00007ff6b28a6b88 / 0x0106b88: 00 != 50
  324. 5050.2ed0: 00007ff6b28a6b89 / 0x0106b89: 00 != 41
  325. 5050.2ed0: 00007ff6b28a6b8a / 0x0106b8a: 00 != 44
  326. 5050.2ed0: 00007ff6b28a6b8b / 0x0106b8b: 00 != 44
  327. 5050.2ed0: 00007ff6b28a6b8c / 0x0106b8c: 00 != 49
  328. 5050.2ed0: 00007ff6b28a6b8d / 0x0106b8d: 00 != 4e
  329. 5050.2ed0: 00007ff6b28a6b8e / 0x0106b8e: 00 != 47
  330. 5050.2ed0: 00007ff6b28a6b8f / 0x0106b8f: 00 != 58
  331. 5050.2ed0: 00007ff6b28a6b90 / 0x0106b90: 00 != 58
  332. 5050.2ed0: 00007ff6b28a6b91 / 0x0106b91: 00 != 50
  333. 5050.2ed0: 00007ff6b28a6b92 / 0x0106b92: 00 != 41
  334. 5050.2ed0: 00007ff6b28a6b93 / 0x0106b93: 00 != 44
  335. 5050.2ed0: 00007ff6b28a6b94 / 0x0106b94: 00 != 44
  336. 5050.2ed0: 00007ff6b28a6b95 / 0x0106b95: 00 != 49
  337. 5050.2ed0: 00007ff6b28a6b96 / 0x0106b96: 00 != 4e
  338. 5050.2ed0: 00007ff6b28a6b97 / 0x0106b97: 00 != 47
  339. 5050.2ed0: 00007ff6b28a6b98 / 0x0106b98: 00 != 50
  340. 5050.2ed0: 00007ff6b28a6b99 / 0x0106b99: 00 != 41
  341. 5050.2ed0: 00007ff6b28a6b9a / 0x0106b9a: 00 != 44
  342. 5050.2ed0: 00007ff6b28a6b9b / 0x0106b9b: 00 != 44
  343. 5050.2ed0: 00007ff6b28a6b9c / 0x0106b9c: 00 != 49
  344. 5050.2ed0: 00007ff6b28a6b9d / 0x0106b9d: 00 != 4e
  345. 5050.2ed0: 00007ff6b28a6b9e / 0x0106b9e: 00 != 47
  346. 5050.2ed0: 00007ff6b28a6b9f / 0x0106b9f: 00 != 58
  347. 5050.2ed0: 00007ff6b28a6ba0 / 0x0106ba0: 00 != 58
  348. 5050.2ed0: 00007ff6b28a6ba1 / 0x0106ba1: 00 != 50
  349. 5050.2ed0: 00007ff6b28a6ba2 / 0x0106ba2: 00 != 41
  350. 5050.2ed0: 00007ff6b28a6ba3 / 0x0106ba3: 00 != 44
  351. 5050.2ed0: 00007ff6b28a6ba4 / 0x0106ba4: 00 != 44
  352. 5050.2ed0: 00007ff6b28a6ba5 / 0x0106ba5: 00 != 49
  353. 5050.2ed0: 00007ff6b28a6ba6 / 0x0106ba6: 00 != 4e
  354. 5050.2ed0: 00007ff6b28a6ba7 / 0x0106ba7: 00 != 47
  355. 5050.2ed0: 00007ff6b28a6ba8 / 0x0106ba8: 00 != 50
  356. 5050.2ed0: 00007ff6b28a6ba9 / 0x0106ba9: 00 != 41
  357. 5050.2ed0: 00007ff6b28a6baa / 0x0106baa: 00 != 44
  358. 5050.2ed0: 00007ff6b28a6bab / 0x0106bab: 00 != 44
  359. 5050.2ed0: 00007ff6b28a6bac / 0x0106bac: 00 != 49
  360. 5050.2ed0: 00007ff6b28a6bad / 0x0106bad: 00 != 4e
  361. 5050.2ed0: 00007ff6b28a6bae / 0x0106bae: 00 != 47
  362. 5050.2ed0: 00007ff6b28a6baf / 0x0106baf: 00 != 58
  363. 5050.2ed0: 00007ff6b28a6bb0 / 0x0106bb0: 00 != 58
  364. 5050.2ed0: 00007ff6b28a6bb1 / 0x0106bb1: 00 != 50
  365. 5050.2ed0: 00007ff6b28a6bb2 / 0x0106bb2: 00 != 41
  366. 5050.2ed0: 00007ff6b28a6bb3 / 0x0106bb3: 00 != 44
  367. 5050.2ed0: 00007ff6b28a6bb4 / 0x0106bb4: 00 != 44
  368. 5050.2ed0: 00007ff6b28a6bb5 / 0x0106bb5: 00 != 49
  369. 5050.2ed0: 00007ff6b28a6bb6 / 0x0106bb6: 00 != 4e
  370. 5050.2ed0: 00007ff6b28a6bb7 / 0x0106bb7: 00 != 47
  371. 5050.2ed0: 00007ff6b28a6bb8 / 0x0106bb8: 00 != 50
  372. 5050.2ed0: 00007ff6b28a6bb9 / 0x0106bb9: 00 != 41
  373. 5050.2ed0: 00007ff6b28a6bba / 0x0106bba: 00 != 44
  374. 5050.2ed0: 00007ff6b28a6bbb / 0x0106bbb: 00 != 44
  375. 5050.2ed0: 00007ff6b28a6bbc / 0x0106bbc: 00 != 49
  376. 5050.2ed0: 00007ff6b28a6bbd / 0x0106bbd: 00 != 4e
  377. 5050.2ed0: 00007ff6b28a6bbe / 0x0106bbe: 00 != 47
  378. 5050.2ed0: 00007ff6b28a6bbf / 0x0106bbf: 00 != 58
  379. 5050.2ed0: 00007ff6b28a6bc0 / 0x0106bc0: 00 != 58
  380. 5050.2ed0: 00007ff6b28a6bc1 / 0x0106bc1: 00 != 50
  381. 5050.2ed0: 00007ff6b28a6bc2 / 0x0106bc2: 00 != 41
  382. 5050.2ed0: 00007ff6b28a6bc3 / 0x0106bc3: 00 != 44
  383. 5050.2ed0: 00007ff6b28a6bc4 / 0x0106bc4: 00 != 44
  384. 5050.2ed0: 00007ff6b28a6bc5 / 0x0106bc5: 00 != 49
  385. 5050.2ed0: 00007ff6b28a6bc6 / 0x0106bc6: 00 != 4e
  386. 5050.2ed0: 00007ff6b28a6bc7 / 0x0106bc7: 00 != 47
  387. 5050.2ed0: 00007ff6b28a6bc8 / 0x0106bc8: 00 != 50
  388. 5050.2ed0: 00007ff6b28a6bc9 / 0x0106bc9: 00 != 41
  389. 5050.2ed0: 00007ff6b28a6bca / 0x0106bca: 00 != 44
  390. 5050.2ed0: 00007ff6b28a6bcb / 0x0106bcb: 00 != 44
  391. 5050.2ed0: 00007ff6b28a6bcc / 0x0106bcc: 00 != 49
  392. 5050.2ed0: 00007ff6b28a6bcd / 0x0106bcd: 00 != 4e
  393. 5050.2ed0: 00007ff6b28a6bce / 0x0106bce: 00 != 47
  394. 5050.2ed0: 00007ff6b28a6bcf / 0x0106bcf: 00 != 58
  395. 5050.2ed0: 00007ff6b28a6bd0 / 0x0106bd0: 00 != 58
  396. 5050.2ed0: 00007ff6b28a6bd1 / 0x0106bd1: 00 != 50
  397. 5050.2ed0: 00007ff6b28a6bd2 / 0x0106bd2: 00 != 41
  398. 5050.2ed0: 00007ff6b28a6bd3 / 0x0106bd3: 00 != 44
  399. 5050.2ed0: 00007ff6b28a6bd4 / 0x0106bd4: 00 != 44
  400. 5050.2ed0: 00007ff6b28a6bd5 / 0x0106bd5: 00 != 49
  401. 5050.2ed0: 00007ff6b28a6bd6 / 0x0106bd6: 00 != 4e
  402. 5050.2ed0: 00007ff6b28a6bd7 / 0x0106bd7: 00 != 47
  403. 5050.2ed0: 00007ff6b28a6bd8 / 0x0106bd8: 00 != 50
  404. 5050.2ed0: 00007ff6b28a6bd9 / 0x0106bd9: 00 != 41
  405. 5050.2ed0: 00007ff6b28a6bda / 0x0106bda: 00 != 44
  406. 5050.2ed0: 00007ff6b28a6bdb / 0x0106bdb: 00 != 44
  407. 5050.2ed0: 00007ff6b28a6bdc / 0x0106bdc: 00 != 49
  408. 5050.2ed0: 00007ff6b28a6bdd / 0x0106bdd: 00 != 4e
  409. 5050.2ed0: 00007ff6b28a6bde / 0x0106bde: 00 != 47
  410. 5050.2ed0: 00007ff6b28a6bdf / 0x0106bdf: 00 != 58
  411. 5050.2ed0: 00007ff6b28a6be0 / 0x0106be0: 00 != 58
  412. 5050.2ed0: 00007ff6b28a6be1 / 0x0106be1: 00 != 50
  413. 5050.2ed0: 00007ff6b28a6be2 / 0x0106be2: 00 != 41
  414. 5050.2ed0: 00007ff6b28a6be3 / 0x0106be3: 00 != 44
  415. 5050.2ed0: 00007ff6b28a6be4 / 0x0106be4: 00 != 44
  416. 5050.2ed0: 00007ff6b28a6be5 / 0x0106be5: 00 != 49
  417. 5050.2ed0: 00007ff6b28a6be6 / 0x0106be6: 00 != 4e
  418. 5050.2ed0: 00007ff6b28a6be7 / 0x0106be7: 00 != 47
  419. 5050.2ed0: 00007ff6b28a6be8 / 0x0106be8: 00 != 50
  420. 5050.2ed0: 00007ff6b28a6be9 / 0x0106be9: 00 != 41
  421. 5050.2ed0: 00007ff6b28a6bea / 0x0106bea: 00 != 44
  422. 5050.2ed0: 00007ff6b28a6beb / 0x0106beb: 00 != 44
  423. 5050.2ed0: 00007ff6b28a6bec / 0x0106bec: 00 != 49
  424. 5050.2ed0: 00007ff6b28a6bed / 0x0106bed: 00 != 4e
  425. 5050.2ed0: 00007ff6b28a6bee / 0x0106bee: 00 != 47
  426. 5050.2ed0: 00007ff6b28a6bef / 0x0106bef: 00 != 58
  427. 5050.2ed0: 00007ff6b28a6bf0 / 0x0106bf0: 00 != 58
  428. 5050.2ed0: 00007ff6b28a6bf1 / 0x0106bf1: 00 != 50
  429. 5050.2ed0: 00007ff6b28a6bf2 / 0x0106bf2: 00 != 41
  430. 5050.2ed0: 00007ff6b28a6bf3 / 0x0106bf3: 00 != 44
  431. 5050.2ed0: 00007ff6b28a6bf4 / 0x0106bf4: 00 != 44
  432. 5050.2ed0: 00007ff6b28a6bf5 / 0x0106bf5: 00 != 49
  433. 5050.2ed0: 00007ff6b28a6bf6 / 0x0106bf6: 00 != 4e
  434. 5050.2ed0: 00007ff6b28a6bf7 / 0x0106bf7: 00 != 47
  435. 5050.2ed0: 00007ff6b28a6bf8 / 0x0106bf8: 00 != 50
  436. 5050.2ed0: 00007ff6b28a6bf9 / 0x0106bf9: 00 != 41
  437. 5050.2ed0: 00007ff6b28a6bfa / 0x0106bfa: 00 != 44
  438. 5050.2ed0: 00007ff6b28a6bfb / 0x0106bfb: 00 != 44
  439. 5050.2ed0: 00007ff6b28a6bfc / 0x0106bfc: 00 != 49
  440. 5050.2ed0: 00007ff6b28a6bfd / 0x0106bfd: 00 != 4e
  441. 5050.2ed0: 00007ff6b28a6bfe / 0x0106bfe: 00 != 47
  442. 5050.2ed0: 00007ff6b28a6bff / 0x0106bff: 00 != 58
  443. 5050.2ed0: Restored 0x4d8 bytes of original file content at 00007ff6b28a6b28
  444. 5050.2ed0: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
  445. 5050.2ed0: ntdll.dll: Differences in section #9 (.00cfg) between file and memory:
  446. 5050.2ed0: 00007ffcad5ef000 / 0x019f000: 50 != 70
  447. 5050.2ed0: 00007ffcad5ef001 / 0x019f001: 40 != f3
  448. 5050.2ed0: 00007ffcad5ef002 / 0x019f002: 4f != 4d
  449. 5050.2ed0: 00007ffcad5ef008 / 0x019f008: 20 != 30
  450. 5050.2ed0: 00007ffcad5ef009 / 0x019f009: f1 != f2
  451. 5050.2ed0: 00007ffcad5ef011 / 0x019f011: 40 != f3
  452. 5050.2ed0: 00007ffcad5ef012 / 0x019f012: 4f != 4d
  453. 5050.2ed0: 00007ffcad5ef019 / 0x019f019: 40 != f3
  454. 5050.2ed0: 00007ffcad5ef01a / 0x019f01a: 4f != 4d
  455. 5050.2ed0: Restored 0x28 bytes of original file content at 00007ffcad5ef000
  456. 5050.2ed0: kernel32.dll: Differences in section #2 (.rdata) between file and memory:
  457. 5050.2ed0: 00007ffcad1466b8 / 0x00866b8: 10 != 30
  458. 5050.2ed0: 00007ffcad1466b9 / 0x00866b9: 01 != f2
  459. 5050.2ed0: 00007ffcad1466ba / 0x00866ba: 0e != 4d
  460. 5050.2ed0: 00007ffcad1466c0 / 0x00866c0: e0 != 70
  461. 5050.2ed0: 00007ffcad1466c1 / 0x00866c1: 46 != f3
  462. 5050.2ed0: 00007ffcad1466c2 / 0x00866c2: 0e != 4d
  463. 5050.2ed0: 00007ffcad1466c8 / 0x00866c8: 10 != 30
  464. 5050.2ed0: 00007ffcad1466c9 / 0x00866c9: 01 != f2
  465. 5050.2ed0: 00007ffcad1466ca / 0x00866ca: 0e != 4d
  466. 5050.2ed0: 00007ffcad1466d0 / 0x00866d0: 00 != 70
  467. 5050.2ed0: 00007ffcad1466d1 / 0x00866d1: 47 != f3
  468. 5050.2ed0: 00007ffcad1466d2 / 0x00866d2: 0e != 4d
  469. 5050.2ed0: 00007ffcad1466d8 / 0x00866d8: 00 != 70
  470. 5050.2ed0: 00007ffcad1466d9 / 0x00866d9: 47 != f3
  471. 5050.2ed0: 00007ffcad1466da / 0x00866da: 0e != 4d
  472. 5050.2ed0: Restored 0x2000 bytes of original file content at 00007ffcad146000
  473. 5050.2ed0: kernelbase.dll: Differences in section #2 (.rdata) between file and memory:
  474. 5050.2ed0: 00007ffcaae61e21 / 0x0271e21: db != f2
  475. 5050.2ed0: 00007ffcaae61e22 / 0x0271e22: cc != 4d
  476. 5050.2ed0: 00007ffcaae61e23 / 0x0271e23: aa != ad
  477. 5050.2ed0: 00007ffcaae61e28 / 0x0271e28: e0 != 70
  478. 5050.2ed0: 00007ffcaae61e29 / 0x0271e29: de != f3
  479. 5050.2ed0: 00007ffcaae61e2a / 0x0271e2a: cc != 4d
  480. 5050.2ed0: 00007ffcaae61e2b / 0x0271e2b: aa != ad
  481. 5050.2ed0: 00007ffcaae61e31 / 0x0271e31: db != f2
  482. 5050.2ed0: 00007ffcaae61e32 / 0x0271e32: cc != 4d
  483. 5050.2ed0: 00007ffcaae61e33 / 0x0271e33: aa != ad
  484. 5050.2ed0: 00007ffcaae61e38 / 0x0271e38: 00 != 70
  485. 5050.2ed0: 00007ffcaae61e39 / 0x0271e39: df != f3
  486. 5050.2ed0: 00007ffcaae61e3a / 0x0271e3a: cc != 4d
  487. 5050.2ed0: 00007ffcaae61e3b / 0x0271e3b: aa != ad
  488. 5050.2ed0: 00007ffcaae61e40 / 0x0271e40: 00 != 70
  489. 5050.2ed0: 00007ffcaae61e41 / 0x0271e41: df != f3
  490. 5050.2ed0: 00007ffcaae61e42 / 0x0271e42: cc != 4d
  491. 5050.2ed0: 00007ffcaae61e43 / 0x0271e43: aa != ad
  492. 5050.2ed0: Restored 0x2000 bytes of original file content at 00007ffcaae61000
  493. 5050.2ed0: supHardNtVpCheckHandles:
  494. 5050.2ed0: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=5
  495. 5050.2ed0: '\Device\HarddiskVolume3\Windows\VirtualBoxVM.exe' has no imports
  496. 5050.2ed0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\VirtualBoxVM.exe)
  497. 5050.2ed0: supR3HardNtEnableThreadCreationEx:
  498. 5050.2ed0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcad4c4400 pvNtTerminateThread=00007ffcad4f0df0
  499. 5050.2ed0: supR3HardenedWinDoReSpawn(1): New child 1f00.2bac [kernel32].
  500. 5050.2ed0: supR3HardNtChildGatherData: PebBaseAddress=000000bd60ea9000 cbPeb=0x388
  501. 5050.2ed0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffcad450000 uNtDllChildAddr=00007ffcad450000
  502. 5050.2ed0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffcad4c4400
  503. 5050.2ed0: supR3HardenedWinSetupChildInit: Initial context:
  504. rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6b27ab790 rdx=000000bd60ea9000
  505. rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
  506. r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  507. r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
  508. rip=00007ffcad4aaf10 rsp=000000bd610ffab8 rbp=0000000000000000 ctxflags=0010001b
  509. cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
  510. P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
  511. dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
  512. dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
  513. lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
  514. 5050.2ed0: supR3HardenedWinSetupChildInit: Start child.
  515. 5050.2ed0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
  516. 5050.2ed0: supR3HardNtChildPurify: Startup delay kludge #1/0: 267 ms, 18 sleeps
  517. 5050.2ed0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  518. 5050.2ed0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
  519. 5050.2ed0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  520. 5050.2ed0: 000000007ffe1000-000000007ffe7fff 0x0001/0x0000 0x0000000
  521. 5050.2ed0: *000000007ffe8000-000000007ffe8fff 0x0002/0x0002 0x0020000
  522. 5050.2ed0: 000000007ffe9000-000000bd60dfffff 0x0001/0x0000 0x0000000
  523. 5050.2ed0: *000000bd60e00000-000000bd60ea8fff 0x0000/0x0004 0x0020000
  524. 5050.2ed0: 000000bd60ea9000-000000bd60eabfff 0x0004/0x0004 0x0020000
  525. 5050.2ed0: 000000bd60eac000-000000bd60ffffff 0x0000/0x0004 0x0020000
  526. 5050.2ed0: *000000bd61000000-000000bd610fafff 0x0000/0x0004 0x0020000
  527. 5050.2ed0: 000000bd610fb000-000000bd610fdfff 0x0104/0x0004 0x0020000
  528. 5050.2ed0: 000000bd610fe000-000000bd610fffff 0x0004/0x0004 0x0020000
  529. 5050.2ed0: 000000bd61100000-000001fbfa60ffff 0x0001/0x0000 0x0000000
  530. 5050.2ed0: *000001fbfa610000-000001fbfa62ffff 0x0004/0x0004 0x0020000
  531. 5050.2ed0: *000001fbfa630000-000001fbfa64efff 0x0002/0x0002 0x0040000
  532. 5050.2ed0: 000001fbfa64f000-000001fbfa64ffff 0x0001/0x0000 0x0000000
  533. 5050.2ed0: *000001fbfa650000-000001fbfa653fff 0x0002/0x0002 0x0040000
  534. 5050.2ed0: 000001fbfa654000-000001fbfa65ffff 0x0001/0x0000 0x0000000
  535. 5050.2ed0: *000001fbfa660000-000001fbfa660fff 0x0002/0x0002 0x0040000
  536. 5050.2ed0: 000001fbfa661000-000001fbfa66ffff 0x0001/0x0000 0x0000000
  537. 5050.2ed0: *000001fbfa670000-000001fbfa671fff 0x0004/0x0004 0x0020000
  538. 5050.2ed0: 000001fbfa672000-00007df5c706ffff 0x0001/0x0000 0x0000000
  539. 5050.2ed0: *00007df5c7070000-00007df5c7070fff 0x0002/0x0002 0x0040000
  540. 5050.2ed0: 00007df5c7071000-00007df5c707ffff 0x0001/0x0000 0x0000000
  541. 5050.2ed0: *00007df5c7080000-00007df5c84affff 0x0000/0x0001 0x0040000
  542. 5050.2ed0: 00007df5c84b0000-00007df5c84b6fff 0x0001/0x0001 0x0040000
  543. 5050.2ed0: 00007df5c84b7000-00007df5c8e37fff 0x0000/0x0001 0x0040000
  544. 5050.2ed0: 00007df5c8e38000-00007df5c8e71fff 0x0001/0x0001 0x0040000
  545. 5050.2ed0: 00007df5c8e72000-00007ff5a1d1dfff 0x0000/0x0001 0x0040000
  546. 5050.2ed0: 00007ff5a1d1e000-00007ff5a1d22fff 0x0002/0x0001 0x0040000
  547. 5050.2ed0: 00007ff5a1d23000-00007ff5b6f8afff 0x0000/0x0001 0x0040000
  548. 5050.2ed0: 00007ff5b6f8b000-00007ff5b9bd0fff 0x0001/0x0001 0x0040000
  549. 5050.2ed0: 00007ff5b9bd1000-00007ff5b9bd9fff 0x0002/0x0001 0x0040000
  550. 5050.2ed0: 00007ff5b9bda000-00007ff5c707ffff 0x0000/0x0001 0x0040000
  551. 5050.2ed0: 00007ff5c7080000-00007ff6b279ffff 0x0001/0x0000 0x0000000
  552. 5050.2ed0: *00007ff6b27a0000-00007ff6b27a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  553. 5050.2ed0: 00007ff6b27a1000-00007ff6b280bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  554. 5050.2ed0: 00007ff6b280c000-00007ff6b280cfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  555. 5050.2ed0: 00007ff6b280d000-00007ff6b2860fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  556. 5050.2ed0: 00007ff6b2861000-00007ff6b2861fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  557. 5050.2ed0: 00007ff6b2862000-00007ff6b2862fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  558. 5050.2ed0: 00007ff6b2863000-00007ff6b2867fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  559. 5050.2ed0: 00007ff6b2868000-00007ff6b286dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  560. 5050.2ed0: 00007ff6b286e000-00007ff6b28a7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  561. 5050.2ed0: 00007ff6b28a8000-00007ffcad44ffff 0x0001/0x0000 0x0000000
  562. 5050.2ed0: *00007ffcad450000-00007ffcad450fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  563. 5050.2ed0: 00007ffcad451000-00007ffcad581fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  564. 5050.2ed0: 00007ffcad582000-00007ffcad5cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  565. 5050.2ed0: 00007ffcad5d0000-00007ffcad5dbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  566. 5050.2ed0: 00007ffcad5dc000-00007ffcad5eafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  567. 5050.2ed0: 00007ffcad5eb000-00007ffcad5ebfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  568. 5050.2ed0: 00007ffcad5ec000-00007ffcad5eefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  569. 5050.2ed0: 00007ffcad5ef000-00007ffcad666fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  570. 5050.2ed0: 00007ffcad667000-00007ffffffeffff 0x0001/0x0000 0x0000000
  571. 5050.2ed0: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
  572. 5050.2ed0: 00007ff6b28a6b28 / 0x0106b28: 00 != 50
  573. 5050.2ed0: 00007ff6b28a6b29 / 0x0106b29: 00 != 41
  574. 5050.2ed0: 00007ff6b28a6b2a / 0x0106b2a: 00 != 44
  575. 5050.2ed0: 00007ff6b28a6b2b / 0x0106b2b: 00 != 44
  576. 5050.2ed0: 00007ff6b28a6b2c / 0x0106b2c: 00 != 49
  577. 5050.2ed0: 00007ff6b28a6b2d / 0x0106b2d: 00 != 4e
  578. 5050.2ed0: 00007ff6b28a6b2e / 0x0106b2e: 00 != 47
  579. 5050.2ed0: 00007ff6b28a6b2f / 0x0106b2f: 00 != 58
  580. 5050.2ed0: 00007ff6b28a6b30 / 0x0106b30: 00 != 58
  581. 5050.2ed0: 00007ff6b28a6b31 / 0x0106b31: 00 != 50
  582. 5050.2ed0: 00007ff6b28a6b32 / 0x0106b32: 00 != 41
  583. 5050.2ed0: 00007ff6b28a6b33 / 0x0106b33: 00 != 44
  584. 5050.2ed0: 00007ff6b28a6b34 / 0x0106b34: 00 != 44
  585. 5050.2ed0: 00007ff6b28a6b35 / 0x0106b35: 00 != 49
  586. 5050.2ed0: 00007ff6b28a6b36 / 0x0106b36: 00 != 4e
  587. 5050.2ed0: 00007ff6b28a6b37 / 0x0106b37: 00 != 47
  588. 5050.2ed0: 00007ff6b28a6b38 / 0x0106b38: 00 != 50
  589. 5050.2ed0: 00007ff6b28a6b39 / 0x0106b39: 00 != 41
  590. 5050.2ed0: 00007ff6b28a6b3a / 0x0106b3a: 00 != 44
  591. 5050.2ed0: 00007ff6b28a6b3b / 0x0106b3b: 00 != 44
  592. 5050.2ed0: 00007ff6b28a6b3c / 0x0106b3c: 00 != 49
  593. 5050.2ed0: 00007ff6b28a6b3d / 0x0106b3d: 00 != 4e
  594. 5050.2ed0: 00007ff6b28a6b3e / 0x0106b3e: 00 != 47
  595. 5050.2ed0: 00007ff6b28a6b3f / 0x0106b3f: 00 != 58
  596. 5050.2ed0: 00007ff6b28a6b40 / 0x0106b40: 00 != 58
  597. 5050.2ed0: 00007ff6b28a6b41 / 0x0106b41: 00 != 50
  598. 5050.2ed0: 00007ff6b28a6b42 / 0x0106b42: 00 != 41
  599. 5050.2ed0: 00007ff6b28a6b43 / 0x0106b43: 00 != 44
  600. 5050.2ed0: 00007ff6b28a6b44 / 0x0106b44: 00 != 44
  601. 5050.2ed0: 00007ff6b28a6b45 / 0x0106b45: 00 != 49
  602. 5050.2ed0: 00007ff6b28a6b46 / 0x0106b46: 00 != 4e
  603. 5050.2ed0: 00007ff6b28a6b47 / 0x0106b47: 00 != 47
  604. 5050.2ed0: 00007ff6b28a6b48 / 0x0106b48: 00 != 50
  605. 5050.2ed0: 00007ff6b28a6b49 / 0x0106b49: 00 != 41
  606. 5050.2ed0: 00007ff6b28a6b4a / 0x0106b4a: 00 != 44
  607. 5050.2ed0: 00007ff6b28a6b4b / 0x0106b4b: 00 != 44
  608. 5050.2ed0: 00007ff6b28a6b4c / 0x0106b4c: 00 != 49
  609. 5050.2ed0: 00007ff6b28a6b4d / 0x0106b4d: 00 != 4e
  610. 5050.2ed0: 00007ff6b28a6b4e / 0x0106b4e: 00 != 47
  611. 5050.2ed0: 00007ff6b28a6b4f / 0x0106b4f: 00 != 58
  612. 5050.2ed0: 00007ff6b28a6b50 / 0x0106b50: 00 != 58
  613. 5050.2ed0: 00007ff6b28a6b51 / 0x0106b51: 00 != 50
  614. 5050.2ed0: 00007ff6b28a6b52 / 0x0106b52: 00 != 41
  615. 5050.2ed0: 00007ff6b28a6b53 / 0x0106b53: 00 != 44
  616. 5050.2ed0: 00007ff6b28a6b54 / 0x0106b54: 00 != 44
  617. 5050.2ed0: 00007ff6b28a6b55 / 0x0106b55: 00 != 49
  618. 5050.2ed0: 00007ff6b28a6b56 / 0x0106b56: 00 != 4e
  619. 5050.2ed0: 00007ff6b28a6b57 / 0x0106b57: 00 != 47
  620. 5050.2ed0: 00007ff6b28a6b58 / 0x0106b58: 00 != 50
  621. 5050.2ed0: 00007ff6b28a6b59 / 0x0106b59: 00 != 41
  622. 5050.2ed0: 00007ff6b28a6b5a / 0x0106b5a: 00 != 44
  623. 5050.2ed0: 00007ff6b28a6b5b / 0x0106b5b: 00 != 44
  624. 5050.2ed0: 00007ff6b28a6b5c / 0x0106b5c: 00 != 49
  625. 5050.2ed0: 00007ff6b28a6b5d / 0x0106b5d: 00 != 4e
  626. 5050.2ed0: 00007ff6b28a6b5e / 0x0106b5e: 00 != 47
  627. 5050.2ed0: 00007ff6b28a6b5f / 0x0106b5f: 00 != 58
  628. 5050.2ed0: 00007ff6b28a6b60 / 0x0106b60: 00 != 58
  629. 5050.2ed0: 00007ff6b28a6b61 / 0x0106b61: 00 != 50
  630. 5050.2ed0: 00007ff6b28a6b62 / 0x0106b62: 00 != 41
  631. 5050.2ed0: 00007ff6b28a6b63 / 0x0106b63: 00 != 44
  632. 5050.2ed0: 00007ff6b28a6b64 / 0x0106b64: 00 != 44
  633. 5050.2ed0: 00007ff6b28a6b65 / 0x0106b65: 00 != 49
  634. 5050.2ed0: 00007ff6b28a6b66 / 0x0106b66: 00 != 4e
  635. 5050.2ed0: 00007ff6b28a6b67 / 0x0106b67: 00 != 47
  636. 5050.2ed0: 00007ff6b28a6b68 / 0x0106b68: 00 != 50
  637. 5050.2ed0: 00007ff6b28a6b69 / 0x0106b69: 00 != 41
  638. 5050.2ed0: 00007ff6b28a6b6a / 0x0106b6a: 00 != 44
  639. 5050.2ed0: 00007ff6b28a6b6b / 0x0106b6b: 00 != 44
  640. 5050.2ed0: 00007ff6b28a6b6c / 0x0106b6c: 00 != 49
  641. 5050.2ed0: 00007ff6b28a6b6d / 0x0106b6d: 00 != 4e
  642. 5050.2ed0: 00007ff6b28a6b6e / 0x0106b6e: 00 != 47
  643. 5050.2ed0: 00007ff6b28a6b6f / 0x0106b6f: 00 != 58
  644. 5050.2ed0: 00007ff6b28a6b70 / 0x0106b70: 00 != 58
  645. 5050.2ed0: 00007ff6b28a6b71 / 0x0106b71: 00 != 50
  646. 5050.2ed0: 00007ff6b28a6b72 / 0x0106b72: 00 != 41
  647. 5050.2ed0: 00007ff6b28a6b73 / 0x0106b73: 00 != 44
  648. 5050.2ed0: 00007ff6b28a6b74 / 0x0106b74: 00 != 44
  649. 5050.2ed0: 00007ff6b28a6b75 / 0x0106b75: 00 != 49
  650. 5050.2ed0: 00007ff6b28a6b76 / 0x0106b76: 00 != 4e
  651. 5050.2ed0: 00007ff6b28a6b77 / 0x0106b77: 00 != 47
  652. 5050.2ed0: 00007ff6b28a6b78 / 0x0106b78: 00 != 50
  653. 5050.2ed0: 00007ff6b28a6b79 / 0x0106b79: 00 != 41
  654. 5050.2ed0: 00007ff6b28a6b7a / 0x0106b7a: 00 != 44
  655. 5050.2ed0: 00007ff6b28a6b7b / 0x0106b7b: 00 != 44
  656. 5050.2ed0: 00007ff6b28a6b7c / 0x0106b7c: 00 != 49
  657. 5050.2ed0: 00007ff6b28a6b7d / 0x0106b7d: 00 != 4e
  658. 5050.2ed0: 00007ff6b28a6b7e / 0x0106b7e: 00 != 47
  659. 5050.2ed0: 00007ff6b28a6b7f / 0x0106b7f: 00 != 58
  660. 5050.2ed0: 00007ff6b28a6b80 / 0x0106b80: 00 != 58
  661. 5050.2ed0: 00007ff6b28a6b81 / 0x0106b81: 00 != 50
  662. 5050.2ed0: 00007ff6b28a6b82 / 0x0106b82: 00 != 41
  663. 5050.2ed0: 00007ff6b28a6b83 / 0x0106b83: 00 != 44
  664. 5050.2ed0: 00007ff6b28a6b84 / 0x0106b84: 00 != 44
  665. 5050.2ed0: 00007ff6b28a6b85 / 0x0106b85: 00 != 49
  666. 5050.2ed0: 00007ff6b28a6b86 / 0x0106b86: 00 != 4e
  667. 5050.2ed0: 00007ff6b28a6b87 / 0x0106b87: 00 != 47
  668. 5050.2ed0: 00007ff6b28a6b88 / 0x0106b88: 00 != 50
  669. 5050.2ed0: 00007ff6b28a6b89 / 0x0106b89: 00 != 41
  670. 5050.2ed0: 00007ff6b28a6b8a / 0x0106b8a: 00 != 44
  671. 5050.2ed0: 00007ff6b28a6b8b / 0x0106b8b: 00 != 44
  672. 5050.2ed0: 00007ff6b28a6b8c / 0x0106b8c: 00 != 49
  673. 5050.2ed0: 00007ff6b28a6b8d / 0x0106b8d: 00 != 4e
  674. 5050.2ed0: 00007ff6b28a6b8e / 0x0106b8e: 00 != 47
  675. 5050.2ed0: 00007ff6b28a6b8f / 0x0106b8f: 00 != 58
  676. 5050.2ed0: 00007ff6b28a6b90 / 0x0106b90: 00 != 58
  677. 5050.2ed0: 00007ff6b28a6b91 / 0x0106b91: 00 != 50
  678. 5050.2ed0: 00007ff6b28a6b92 / 0x0106b92: 00 != 41
  679. 5050.2ed0: 00007ff6b28a6b93 / 0x0106b93: 00 != 44
  680. 5050.2ed0: 00007ff6b28a6b94 / 0x0106b94: 00 != 44
  681. 5050.2ed0: 00007ff6b28a6b95 / 0x0106b95: 00 != 49
  682. 5050.2ed0: 00007ff6b28a6b96 / 0x0106b96: 00 != 4e
  683. 5050.2ed0: 00007ff6b28a6b97 / 0x0106b97: 00 != 47
  684. 5050.2ed0: 00007ff6b28a6b98 / 0x0106b98: 00 != 50
  685. 5050.2ed0: 00007ff6b28a6b99 / 0x0106b99: 00 != 41
  686. 5050.2ed0: 00007ff6b28a6b9a / 0x0106b9a: 00 != 44
  687. 5050.2ed0: 00007ff6b28a6b9b / 0x0106b9b: 00 != 44
  688. 5050.2ed0: 00007ff6b28a6b9c / 0x0106b9c: 00 != 49
  689. 5050.2ed0: 00007ff6b28a6b9d / 0x0106b9d: 00 != 4e
  690. 5050.2ed0: 00007ff6b28a6b9e / 0x0106b9e: 00 != 47
  691. 5050.2ed0: 00007ff6b28a6b9f / 0x0106b9f: 00 != 58
  692. 5050.2ed0: 00007ff6b28a6ba0 / 0x0106ba0: 00 != 58
  693. 5050.2ed0: 00007ff6b28a6ba1 / 0x0106ba1: 00 != 50
  694. 5050.2ed0: 00007ff6b28a6ba2 / 0x0106ba2: 00 != 41
  695. 5050.2ed0: 00007ff6b28a6ba3 / 0x0106ba3: 00 != 44
  696. 5050.2ed0: 00007ff6b28a6ba4 / 0x0106ba4: 00 != 44
  697. 5050.2ed0: 00007ff6b28a6ba5 / 0x0106ba5: 00 != 49
  698. 5050.2ed0: 00007ff6b28a6ba6 / 0x0106ba6: 00 != 4e
  699. 5050.2ed0: 00007ff6b28a6ba7 / 0x0106ba7: 00 != 47
  700. 5050.2ed0: 00007ff6b28a6ba8 / 0x0106ba8: 00 != 50
  701. 5050.2ed0: 00007ff6b28a6ba9 / 0x0106ba9: 00 != 41
  702. 5050.2ed0: 00007ff6b28a6baa / 0x0106baa: 00 != 44
  703. 5050.2ed0: 00007ff6b28a6bab / 0x0106bab: 00 != 44
  704. 5050.2ed0: 00007ff6b28a6bac / 0x0106bac: 00 != 49
  705. 5050.2ed0: 00007ff6b28a6bad / 0x0106bad: 00 != 4e
  706. 5050.2ed0: 00007ff6b28a6bae / 0x0106bae: 00 != 47
  707. 5050.2ed0: 00007ff6b28a6baf / 0x0106baf: 00 != 58
  708. 5050.2ed0: 00007ff6b28a6bb0 / 0x0106bb0: 00 != 58
  709. 5050.2ed0: 00007ff6b28a6bb1 / 0x0106bb1: 00 != 50
  710. 5050.2ed0: 00007ff6b28a6bb2 / 0x0106bb2: 00 != 41
  711. 5050.2ed0: 00007ff6b28a6bb3 / 0x0106bb3: 00 != 44
  712. 5050.2ed0: 00007ff6b28a6bb4 / 0x0106bb4: 00 != 44
  713. 5050.2ed0: 00007ff6b28a6bb5 / 0x0106bb5: 00 != 49
  714. 5050.2ed0: 00007ff6b28a6bb6 / 0x0106bb6: 00 != 4e
  715. 5050.2ed0: 00007ff6b28a6bb7 / 0x0106bb7: 00 != 47
  716. 5050.2ed0: 00007ff6b28a6bb8 / 0x0106bb8: 00 != 50
  717. 5050.2ed0: 00007ff6b28a6bb9 / 0x0106bb9: 00 != 41
  718. 5050.2ed0: 00007ff6b28a6bba / 0x0106bba: 00 != 44
  719. 5050.2ed0: 00007ff6b28a6bbb / 0x0106bbb: 00 != 44
  720. 5050.2ed0: 00007ff6b28a6bbc / 0x0106bbc: 00 != 49
  721. 5050.2ed0: 00007ff6b28a6bbd / 0x0106bbd: 00 != 4e
  722. 5050.2ed0: 00007ff6b28a6bbe / 0x0106bbe: 00 != 47
  723. 5050.2ed0: 00007ff6b28a6bbf / 0x0106bbf: 00 != 58
  724. 5050.2ed0: 00007ff6b28a6bc0 / 0x0106bc0: 00 != 58
  725. 5050.2ed0: 00007ff6b28a6bc1 / 0x0106bc1: 00 != 50
  726. 5050.2ed0: 00007ff6b28a6bc2 / 0x0106bc2: 00 != 41
  727. 5050.2ed0: 00007ff6b28a6bc3 / 0x0106bc3: 00 != 44
  728. 5050.2ed0: 00007ff6b28a6bc4 / 0x0106bc4: 00 != 44
  729. 5050.2ed0: 00007ff6b28a6bc5 / 0x0106bc5: 00 != 49
  730. 5050.2ed0: 00007ff6b28a6bc6 / 0x0106bc6: 00 != 4e
  731. 5050.2ed0: 00007ff6b28a6bc7 / 0x0106bc7: 00 != 47
  732. 5050.2ed0: 00007ff6b28a6bc8 / 0x0106bc8: 00 != 50
  733. 5050.2ed0: 00007ff6b28a6bc9 / 0x0106bc9: 00 != 41
  734. 5050.2ed0: 00007ff6b28a6bca / 0x0106bca: 00 != 44
  735. 5050.2ed0: 00007ff6b28a6bcb / 0x0106bcb: 00 != 44
  736. 5050.2ed0: 00007ff6b28a6bcc / 0x0106bcc: 00 != 49
  737. 5050.2ed0: 00007ff6b28a6bcd / 0x0106bcd: 00 != 4e
  738. 5050.2ed0: 00007ff6b28a6bce / 0x0106bce: 00 != 47
  739. 5050.2ed0: 00007ff6b28a6bcf / 0x0106bcf: 00 != 58
  740. 5050.2ed0: 00007ff6b28a6bd0 / 0x0106bd0: 00 != 58
  741. 5050.2ed0: 00007ff6b28a6bd1 / 0x0106bd1: 00 != 50
  742. 5050.2ed0: 00007ff6b28a6bd2 / 0x0106bd2: 00 != 41
  743. 5050.2ed0: 00007ff6b28a6bd3 / 0x0106bd3: 00 != 44
  744. 5050.2ed0: 00007ff6b28a6bd4 / 0x0106bd4: 00 != 44
  745. 5050.2ed0: 00007ff6b28a6bd5 / 0x0106bd5: 00 != 49
  746. 5050.2ed0: 00007ff6b28a6bd6 / 0x0106bd6: 00 != 4e
  747. 5050.2ed0: 00007ff6b28a6bd7 / 0x0106bd7: 00 != 47
  748. 5050.2ed0: 00007ff6b28a6bd8 / 0x0106bd8: 00 != 50
  749. 5050.2ed0: 00007ff6b28a6bd9 / 0x0106bd9: 00 != 41
  750. 5050.2ed0: 00007ff6b28a6bda / 0x0106bda: 00 != 44
  751. 5050.2ed0: 00007ff6b28a6bdb / 0x0106bdb: 00 != 44
  752. 5050.2ed0: 00007ff6b28a6bdc / 0x0106bdc: 00 != 49
  753. 5050.2ed0: 00007ff6b28a6bdd / 0x0106bdd: 00 != 4e
  754. 5050.2ed0: 00007ff6b28a6bde / 0x0106bde: 00 != 47
  755. 5050.2ed0: 00007ff6b28a6bdf / 0x0106bdf: 00 != 58
  756. 5050.2ed0: 00007ff6b28a6be0 / 0x0106be0: 00 != 58
  757. 5050.2ed0: 00007ff6b28a6be1 / 0x0106be1: 00 != 50
  758. 5050.2ed0: 00007ff6b28a6be2 / 0x0106be2: 00 != 41
  759. 5050.2ed0: 00007ff6b28a6be3 / 0x0106be3: 00 != 44
  760. 5050.2ed0: 00007ff6b28a6be4 / 0x0106be4: 00 != 44
  761. 5050.2ed0: 00007ff6b28a6be5 / 0x0106be5: 00 != 49
  762. 5050.2ed0: 00007ff6b28a6be6 / 0x0106be6: 00 != 4e
  763. 5050.2ed0: 00007ff6b28a6be7 / 0x0106be7: 00 != 47
  764. 5050.2ed0: 00007ff6b28a6be8 / 0x0106be8: 00 != 50
  765. 5050.2ed0: 00007ff6b28a6be9 / 0x0106be9: 00 != 41
  766. 5050.2ed0: 00007ff6b28a6bea / 0x0106bea: 00 != 44
  767. 5050.2ed0: 00007ff6b28a6beb / 0x0106beb: 00 != 44
  768. 5050.2ed0: 00007ff6b28a6bec / 0x0106bec: 00 != 49
  769. 5050.2ed0: 00007ff6b28a6bed / 0x0106bed: 00 != 4e
  770. 5050.2ed0: 00007ff6b28a6bee / 0x0106bee: 00 != 47
  771. 5050.2ed0: 00007ff6b28a6bef / 0x0106bef: 00 != 58
  772. 5050.2ed0: 00007ff6b28a6bf0 / 0x0106bf0: 00 != 58
  773. 5050.2ed0: 00007ff6b28a6bf1 / 0x0106bf1: 00 != 50
  774. 5050.2ed0: 00007ff6b28a6bf2 / 0x0106bf2: 00 != 41
  775. 5050.2ed0: 00007ff6b28a6bf3 / 0x0106bf3: 00 != 44
  776. 5050.2ed0: 00007ff6b28a6bf4 / 0x0106bf4: 00 != 44
  777. 5050.2ed0: 00007ff6b28a6bf5 / 0x0106bf5: 00 != 49
  778. 5050.2ed0: 00007ff6b28a6bf6 / 0x0106bf6: 00 != 4e
  779. 5050.2ed0: 00007ff6b28a6bf7 / 0x0106bf7: 00 != 47
  780. 5050.2ed0: 00007ff6b28a6bf8 / 0x0106bf8: 00 != 50
  781. 5050.2ed0: 00007ff6b28a6bf9 / 0x0106bf9: 00 != 41
  782. 5050.2ed0: 00007ff6b28a6bfa / 0x0106bfa: 00 != 44
  783. 5050.2ed0: 00007ff6b28a6bfb / 0x0106bfb: 00 != 44
  784. 5050.2ed0: 00007ff6b28a6bfc / 0x0106bfc: 00 != 49
  785. 5050.2ed0: 00007ff6b28a6bfd / 0x0106bfd: 00 != 4e
  786. 5050.2ed0: 00007ff6b28a6bfe / 0x0106bfe: 00 != 47
  787. 5050.2ed0: 00007ff6b28a6bff / 0x0106bff: 00 != 58
  788. 5050.2ed0: Restored 0x4d8 bytes of original file content at 00007ff6b28a6b28
  789. 5050.2ed0: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
  790. 5050.2ed0: supR3HardNtChildPurify: Startup delay kludge #1/1: 516 ms, 36 sleeps
  791. 5050.2ed0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  792. 5050.2ed0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
  793. 5050.2ed0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  794. 5050.2ed0: 000000007ffe1000-000000007ffe7fff 0x0001/0x0000 0x0000000
  795. 5050.2ed0: *000000007ffe8000-000000007ffe8fff 0x0002/0x0002 0x0020000
  796. 5050.2ed0: 000000007ffe9000-000000bd60dfffff 0x0001/0x0000 0x0000000
  797. 5050.2ed0: *000000bd60e00000-000000bd60ea8fff 0x0000/0x0004 0x0020000
  798. 5050.2ed0: 000000bd60ea9000-000000bd60eabfff 0x0004/0x0004 0x0020000
  799. 5050.2ed0: 000000bd60eac000-000000bd60ffffff 0x0000/0x0004 0x0020000
  800. 5050.2ed0: *000000bd61000000-000000bd610fafff 0x0000/0x0004 0x0020000
  801. 5050.2ed0: 000000bd610fb000-000000bd610fdfff 0x0104/0x0004 0x0020000
  802. 5050.2ed0: 000000bd610fe000-000000bd610fffff 0x0004/0x0004 0x0020000
  803. 5050.2ed0: 000000bd61100000-000001fbfa60ffff 0x0001/0x0000 0x0000000
  804. 5050.2ed0: *000001fbfa610000-000001fbfa62ffff 0x0004/0x0004 0x0020000
  805. 5050.2ed0: *000001fbfa630000-000001fbfa64efff 0x0002/0x0002 0x0040000
  806. 5050.2ed0: 000001fbfa64f000-000001fbfa64ffff 0x0001/0x0000 0x0000000
  807. 5050.2ed0: *000001fbfa650000-000001fbfa653fff 0x0002/0x0002 0x0040000
  808. 5050.2ed0: 000001fbfa654000-000001fbfa65ffff 0x0001/0x0000 0x0000000
  809. 5050.2ed0: *000001fbfa660000-000001fbfa660fff 0x0002/0x0002 0x0040000
  810. 5050.2ed0: 000001fbfa661000-000001fbfa66ffff 0x0001/0x0000 0x0000000
  811. 5050.2ed0: *000001fbfa670000-000001fbfa671fff 0x0004/0x0004 0x0020000
  812. 5050.2ed0: 000001fbfa672000-00007df5c706ffff 0x0001/0x0000 0x0000000
  813. 5050.2ed0: *00007df5c7070000-00007df5c7070fff 0x0002/0x0002 0x0040000
  814. 5050.2ed0: 00007df5c7071000-00007df5c707ffff 0x0001/0x0000 0x0000000
  815. 5050.2ed0: *00007df5c7080000-00007df5c84affff 0x0000/0x0001 0x0040000
  816. 5050.2ed0: 00007df5c84b0000-00007df5c84b6fff 0x0001/0x0001 0x0040000
  817. 5050.2ed0: 00007df5c84b7000-00007df5c8e37fff 0x0000/0x0001 0x0040000
  818. 5050.2ed0: 00007df5c8e38000-00007df5c8e71fff 0x0001/0x0001 0x0040000
  819. 5050.2ed0: 00007df5c8e72000-00007ff5a1d1dfff 0x0000/0x0001 0x0040000
  820. 5050.2ed0: 00007ff5a1d1e000-00007ff5a1d22fff 0x0002/0x0001 0x0040000
  821. 5050.2ed0: 00007ff5a1d23000-00007ff5b6f8afff 0x0000/0x0001 0x0040000
  822. 5050.2ed0: 00007ff5b6f8b000-00007ff5b9bd0fff 0x0001/0x0001 0x0040000
  823. 5050.2ed0: 00007ff5b9bd1000-00007ff5b9bd9fff 0x0002/0x0001 0x0040000
  824. 5050.2ed0: 00007ff5b9bda000-00007ff5c707ffff 0x0000/0x0001 0x0040000
  825. 5050.2ed0: 00007ff5c7080000-00007ff6b279ffff 0x0001/0x0000 0x0000000
  826. 5050.2ed0: *00007ff6b27a0000-00007ff6b27a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  827. 5050.2ed0: 00007ff6b27a1000-00007ff6b280bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  828. 5050.2ed0: 00007ff6b280c000-00007ff6b280cfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  829. 5050.2ed0: 00007ff6b280d000-00007ff6b2860fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  830. 5050.2ed0: 00007ff6b2861000-00007ff6b286dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  831. 5050.2ed0: 00007ff6b286e000-00007ff6b28a7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\VirtualBoxVM.exe
  832. 5050.2ed0: 00007ff6b28a8000-00007ffcad44ffff 0x0001/0x0000 0x0000000
  833. 5050.2ed0: *00007ffcad450000-00007ffcad450fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  834. 5050.2ed0: 00007ffcad451000-00007ffcad581fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  835. 5050.2ed0: 00007ffcad582000-00007ffcad5cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  836. 5050.2ed0: 00007ffcad5d0000-00007ffcad5d3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  837. 5050.2ed0: 00007ffcad5d4000-00007ffcad5dbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  838. 5050.2ed0: 00007ffcad5dc000-00007ffcad5eafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  839. 5050.2ed0: 00007ffcad5eb000-00007ffcad5ebfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  840. 5050.2ed0: 00007ffcad5ec000-00007ffcad5eefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  841. 5050.2ed0: 00007ffcad5ef000-00007ffcad666fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  842. 5050.2ed0: 00007ffcad667000-00007ffffffeffff 0x0001/0x0000 0x0000000
  843. 5050.2ed0: supR3HardNtChildPurify: Done after 786 ms and 1 fixes (loop #1).
  844. 1f00.2bac: supR3HardenedVmProcessInit: uNtDllAddr=00007ffcad450000 g_uNtVerCombined=0xa0586700 (stack ~000000bd610fe880)
  845. 1f00.2bac: ntdll.dll: timestamp 0xe7035eba (rc=VINF_SUCCESS)
  846. 1f00.2bac: New simple heap: #1 000001fbfa780000 LB 0x800000 (for 2191360 allocation)
  847. 1f00.2bac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Windows'
  848. 1f00.2bac: System32: \Device\HarddiskVolume3\Windows\System32
  849. 1f00.2bac: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
  850. 1f00.2bac: KnownDllPath: C:\Windows\System32
  851. 1f00.2bac: supR3HardenedVmProcessInit: Opening vboxsup stub...
  852. 5050.2ed0: supR3HardNtEnableThreadCreationEx:
  853. 1f00.2bac: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  854. 1f00.2bac: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  855. 1f00.2bac: Registered Dll notification callback with NTDLL.
  856. 1f00.2bac: supHardenedWinVerifyImageByHandle: -> -5657 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
  857. 1f00.2bac: Error (rc=0):
  858. 1f00.2bac: supR3HardenedScreenImage/LdrLoadDll: rc=-5657 fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Windows\System32\kernel32.dll: Signature #1/1: Not signed with the build certificate (serial 33 00 00 04 8e 16 55 47 b1 c3 02 85 03 00 00 00 00 04 8e, expected 06 0e 2f 8f 9e 1b 8b e5 18 d5 fe 2b 69 cf cc b1): \Device\HarddiskVolume3\Windows\System32\kernel32.dll
  859. 1f00.2bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
  860. 1f00.2bac: Error (rc=0):
  861. 1f00.2bac: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\System32\KERNEL32.DLL': rcNt=0xc0000190
  862. 1f00.2bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\System32\KERNEL32.DLL'
  863. 5050.2ed0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000190 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 89 ms, CloseEvents);
  864.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!