VirtualBox

Ticket #19662: VBoxHardening.log

File VBoxHardening.log, 38.5 KB (added by Twisted Lucidity, 4 years ago)
Line 
1397c.3980: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa0456300
2397c.3980: \SystemRoot\System32\ntdll.dll:
3397c.3980: CreationTime: 2020-05-26T07:46:58.961376500Z
4397c.3980: LastWriteTime: 2020-05-26T07:46:59.067755000Z
5397c.3980: ChangeTime: 2020-05-26T09:00:47.491954900Z
6397c.3980: FileAttributes: 0x20
7397c.3980: Size: 0x1e7010
8397c.3980: NT Headers: 0xe0
9397c.3980: Timestamp: 0x5854f5da
10397c.3980: Machine: 0x8664 - amd64
11397c.3980: Timestamp: 0x5854f5da
12397c.3980: Image Version: 10.0
13397c.3980: SizeOfImage: 0x1ed000 (2019328)
14397c.3980: Resource Dir: 0x17d000 LB 0x6eb48
15397c.3980: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16397c.3980: [Raw version resource data: 0x17d0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17397c.3980: ProductName: Microsoft® Windows® Operating System
18397c.3980: ProductVersion: 10.0.17763.1192
19397c.3980: FileVersion: 10.0.17763.1192 (WinBuild.160101.0800)
20397c.3980: FileDescription: NT Layer DLL
21397c.3980: \SystemRoot\System32\kernel32.dll:
22397c.3980: CreationTime: 2020-04-29T18:47:47.414874300Z
23397c.3980: LastWriteTime: 2020-04-29T18:47:47.462833000Z
24397c.3980: ChangeTime: 2020-05-26T07:49:56.708165800Z
25397c.3980: FileAttributes: 0x20
26397c.3980: Size: 0xb1390
27397c.3980: NT Headers: 0xe8
28397c.3980: Timestamp: 0x6314bdeb
29397c.3980: Machine: 0x8664 - amd64
30397c.3980: Timestamp: 0x6314bdeb
31397c.3980: Image Version: 10.0
32397c.3980: SizeOfImage: 0xb3000 (733184)
33397c.3980: Resource Dir: 0xb1000 LB 0x520
34397c.3980: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35397c.3980: [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36397c.3980: ProductName: Microsoft® Windows® Operating System
37397c.3980: ProductVersion: 10.0.17763.1158
38397c.3980: FileVersion: 10.0.17763.1158 (WinBuild.160101.0800)
39397c.3980: FileDescription: Windows NT BASE API Client DLL
40397c.3980: \SystemRoot\System32\KernelBase.dll:
41397c.3980: CreationTime: 2020-05-26T07:46:58.687423000Z
42397c.3980: LastWriteTime: 2020-05-26T07:46:58.795776700Z
43397c.3980: ChangeTime: 2020-05-26T09:00:45.867071800Z
44397c.3980: FileAttributes: 0x20
45397c.3980: Size: 0x295510
46397c.3980: NT Headers: 0x100
47397c.3980: Timestamp: 0x7889407f
48397c.3980: Machine: 0x8664 - amd64
49397c.3980: Timestamp: 0x7889407f
50397c.3980: Image Version: 10.0
51397c.3980: SizeOfImage: 0x295000 (2707456)
52397c.3980: Resource Dir: 0x271000 LB 0x548
53397c.3980: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54397c.3980: [Raw version resource data: 0x2710b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55397c.3980: ProductName: Microsoft® Windows® Operating System
56397c.3980: ProductVersion: 10.0.17763.1192
57397c.3980: FileVersion: 10.0.17763.1192 (WinBuild.160101.0800)
58397c.3980: FileDescription: Windows NT BASE API Client DLL
59397c.3980: \SystemRoot\System32\apisetschema.dll:
60397c.3980: CreationTime: 2018-09-15T07:28:25.403122600Z
61397c.3980: LastWriteTime: 2018-09-15T07:28:25.403122600Z
62397c.3980: ChangeTime: 2019-01-14T10:16:21.000579800Z
63397c.3980: FileAttributes: 0x20
64397c.3980: Size: 0x1c738
65397c.3980: NT Headers: 0xd0
66397c.3980: Timestamp: 0x33775897
67397c.3980: Machine: 0x8664 - amd64
68397c.3980: Timestamp: 0x33775897
69397c.3980: Image Version: 10.0
70397c.3980: SizeOfImage: 0x1d000 (118784)
71397c.3980: Resource Dir: 0x1c000 LB 0x408
72397c.3980: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73397c.3980: [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74397c.3980: ProductName: Microsoft® Windows® Operating System
75397c.3980: ProductVersion: 10.0.17763.1
76397c.3980: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
77397c.3980: FileDescription: ApiSet Schema DLL
78397c.3980: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79397c.3980: supR3HardenedWinFindAdversaries: 0x40000
80397c.3980: \SystemRoot\System32\drivers\SophosED.sys:
81397c.3980: CreationTime: 2018-09-05T12:39:36.486269100Z
82397c.3980: LastWriteTime: 2020-02-03T20:27:53.000000000Z
83397c.3980: ChangeTime: 2020-04-27T12:47:41.839047600Z
84397c.3980: FileAttributes: 0x20
85397c.3980: Size: 0x10aae0
86397c.3980: NT Headers: 0xf0
87397c.3980: Timestamp: 0x5e384b3c
88397c.3980: Machine: 0x8664 - amd64
89397c.3980: Timestamp: 0x5e384b3c
90397c.3980: Image Version: 10.0
91397c.3980: SizeOfImage: 0x10c000 (1097728)
92397c.3980: Resource Dir: 0x104000 LB 0x6740
93397c.3980: [Version info resource found at 0x570! (ID/Name: 0x1; SubID/SubName: 0x409)]
94397c.3980: [Raw version resource data: 0x104580 LB 0x4b8, codepage 0x0 (reserved 0x0)]
95397c.3980: ProductName: Sophos Endpoint Defense
96397c.3980: ProductVersion: 2.2.0
97397c.3980: FileVersion: 2.2.0.3438
98397c.3980: FileDescription: Sophos Endpoint Defense Mini-Filter Driver
99397c.3980: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
100397c.3980: Calling main()
101397c.3980: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
102397c.3980: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
103397c.3980: SUPR3HardenedMain: Respawn #1
104397c.3980: System32: \Device\HarddiskVolume2\Windows\System32
105397c.3980: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
106397c.3980: KnownDllPath: C:\WINDOWS\System32
107397c.3980: supR3HardenedWinInit: Performing a limited self purification...
108397c.3980: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
109397c.3980: *0000000000000000-000000000099ffff 0x0001/0x0000 0x0000000
110397c.3980: *00000000009a0000-00000000009affff 0x0004/0x0004 0x0040000
111397c.3980: 00000000009b0000-00000000009bffff 0x0001/0x0000 0x0000000
112397c.3980: *00000000009c0000-00000000009d9fff 0x0002/0x0002 0x0040000
113397c.3980: 00000000009da000-00000000009dffff 0x0001/0x0000 0x0000000
114397c.3980: *00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000
115397c.3980: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000
116397c.3980: *00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000
117397c.3980: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000
118397c.3980: *0000000000a00000-0000000000ad9fff 0x0000/0x0004 0x0020000
119397c.3980: 0000000000ada000-0000000000adcfff 0x0004/0x0004 0x0020000
120397c.3980: 0000000000add000-0000000000bfffff 0x0000/0x0004 0x0020000
121397c.3980: *0000000000c00000-0000000000cb0fff 0x0000/0x0004 0x0020000
122397c.3980: 0000000000cb1000-0000000000cb3fff 0x0104/0x0004 0x0020000
123397c.3980: 0000000000cb4000-0000000000cfffff 0x0004/0x0004 0x0020000
124397c.3980: 0000000000d00000-0000000000d0ffff 0x0001/0x0000 0x0000000
125397c.3980: *0000000000d10000-0000000000d11fff 0x0004/0x0004 0x0020000
126397c.3980: 0000000000d12000-0000000000d41fff 0x0000/0x0004 0x0020000
127397c.3980: 0000000000d42000-0000000000d7ffff 0x0001/0x0000 0x0000000
128397c.3980: *0000000000d80000-0000000000e24fff 0x0004/0x0004 0x0020000
129397c.3980: 0000000000e25000-0000000000e7ffff 0x0000/0x0004 0x0020000
130397c.3980: *0000000000e80000-0000000000f44fff 0x0002/0x0002 0x0040000
131397c.3980: 0000000000f45000-0000000000f4ffff 0x0001/0x0000 0x0000000
132397c.3980: *0000000000f50000-0000000000f51fff 0x0004/0x0004 0x0020000
133397c.3980: 0000000000f52000-0000000000f81fff 0x0000/0x0004 0x0020000
134397c.3980: 0000000000f82000-0000000000faffff 0x0001/0x0000 0x0000000
135397c.3980: *0000000000fb0000-00000000010affff 0x0004/0x0004 0x0020000
136397c.3980: 00000000010b0000-000000000111ffff 0x0001/0x0000 0x0000000
137397c.3980: *0000000001120000-000000000112efff 0x0004/0x0004 0x0020000
138397c.3980: 000000000112f000-000000000112ffff 0x0000/0x0004 0x0020000
139397c.3980: *0000000001130000-000000000113cfff 0x0000/0x0004 0x0020000
140397c.3980: 000000000113d000-000000000132afff 0x0004/0x0004 0x0020000
141397c.3980: 000000000132b000-000000000132bfff 0x0000/0x0004 0x0020000
142397c.3980: 000000000132c000-000000000132ffff 0x0001/0x0000 0x0000000
143397c.3980: *0000000001330000-000000000134cfff 0x0004/0x0004 0x0020000
144397c.3980: 000000000134d000-000000000142ffff 0x0000/0x0004 0x0020000
145397c.3980: 0000000001430000-000000007ffdffff 0x0001/0x0000 0x0000000
146397c.3980: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
147397c.3980: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
148397c.3980: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
149397c.3980: 000000007ffe6000-00007ff4cbc1ffff 0x0001/0x0000 0x0000000
150397c.3980: *00007ff4cbc20000-00007ff4cbc24fff 0x0002/0x0002 0x0040000
151397c.3980: 00007ff4cbc25000-00007ff4cbd1ffff 0x0000/0x0002 0x0040000
152397c.3980: *00007ff4cbd20000-00007ff5cbd3ffff 0x0000/0x0004 0x0020000
153397c.3980: *00007ff5cbd40000-00007ff5cdd3ffff 0x0000/0x0004 0x0020000
154397c.3980: 00007ff5cdd40000-00007ff5cdd40fff 0x0004/0x0004 0x0020000
155397c.3980: 00007ff5cdd41000-00007ff5cdd4ffff 0x0001/0x0000 0x0000000
156397c.3980: *00007ff5cdd50000-00007ff5cdd50fff 0x0002/0x0002 0x0040000
157397c.3980: 00007ff5cdd51000-00007ff5cdd5ffff 0x0001/0x0000 0x0000000
158397c.3980: *00007ff5cdd60000-00007ff5cdd82fff 0x0002/0x0002 0x0040000
159397c.3980: 00007ff5cdd83000-00007ff6a7ceffff 0x0001/0x0000 0x0000000
160397c.3980: *00007ff6a7cf0000-00007ff6a7cf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
161397c.3980: 00007ff6a7cf1000-00007ff6a7d66fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
162397c.3980: 00007ff6a7d67000-00007ff6a7d67fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
163397c.3980: 00007ff6a7d68000-00007ff6a7daffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
164397c.3980: 00007ff6a7db0000-00007ff6a7db2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
165397c.3980: 00007ff6a7db3000-00007ff6a7db5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
166397c.3980: 00007ff6a7db6000-00007ff6a7db8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
167397c.3980: 00007ff6a7db9000-00007ff6a7db9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
168397c.3980: 00007ff6a7dba000-00007ff6a7dbbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
169397c.3980: 00007ff6a7dbc000-00007ff6a7dbcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
170397c.3980: 00007ff6a7dbd000-00007ff6a7e05fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
171397c.3980: 00007ff6a7e06000-00007ffec8e2ffff 0x0001/0x0000 0x0000000
172397c.3980: *00007ffec8e30000-00007ffec8e30fff 0x0020/0x0040 0x0020000 !!
173397c.3980: 00007ffec8e31000-00007ffeee3cffff 0x0001/0x0000 0x0000000
174397c.3980: *00007ffeee3d0000-00007ffeee3d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\hmpalert.dll
175397c.3980: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffeee3d0000 LB 0x1000 (base 00007ffeee3d0000) - 'hmpalert.dll'
176397c.3980: 00007ffeee3d1000-00007ffeee48bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\hmpalert.dll
177397c.3980: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffeee3d1000 LB 0xbb000 (base 00007ffeee3d0000) - 'hmpalert.dll'
178397c.3980: 00007ffeee48c000-00007ffeee4cafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\hmpalert.dll
179397c.3980: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffeee48c000 LB 0x3f000 (base 00007ffeee3d0000) - 'hmpalert.dll'
180397c.3980: 00007ffeee4cb000-00007ffeee4cbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\hmpalert.dll
181397c.3980: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffeee4cb000 LB 0x1000 (base 00007ffeee3d0000) - 'hmpalert.dll'
182397c.3980: 00007ffeee4cc000-00007ffeee4ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\hmpalert.dll
183397c.3980: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffeee4cc000 LB 0x1000 (base 00007ffeee3d0000) - 'hmpalert.dll'
184397c.3980: 00007ffeee4cd000-00007ffeee4cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\hmpalert.dll
185397c.3980: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffeee4cd000 LB 0x3000 (base 00007ffeee3d0000) - 'hmpalert.dll'
186397c.3980: 00007ffeee4d0000-00007ffeee4d3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\hmpalert.dll
187397c.3980: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffeee4d0000 LB 0x4000 (base 00007ffeee3d0000) - 'hmpalert.dll'
188397c.3980: 00007ffeee4d4000-00007ffeee4d4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\hmpalert.dll
189397c.3980: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffeee4d4000 LB 0x1000 (base 00007ffeee3d0000) - 'hmpalert.dll'
190397c.3980: 00007ffeee4d5000-00007ffeee4d5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\hmpalert.dll
191397c.3980: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffeee4d5000 LB 0x1000 (base 00007ffeee3d0000) - 'hmpalert.dll'
192397c.3980: 00007ffeee4d6000-00007ffeee4dbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\hmpalert.dll
193397c.3980: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffeee4d6000 LB 0x6000 (base 00007ffeee3d0000) - 'hmpalert.dll'
194397c.3980: 00007ffeee4dc000-00007ffeee4f6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\hmpalert.dll
195397c.3980: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffeee4dc000 LB 0x1b000 (base 00007ffeee3d0000) - 'hmpalert.dll'
196397c.3980: 00007ffeee4f7000-00007ffefc75ffff 0x0001/0x0000 0x0000000
197397c.3980: *00007ffefc760000-00007ffefc760fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
198397c.3980: 00007ffefc761000-00007ffefc864fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
199397c.3980: 00007ffefc865000-00007ffefc9bbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
200397c.3980: 00007ffefc9bc000-00007ffefc9bffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
201397c.3980: 00007ffefc9c0000-00007ffefc9c0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
202397c.3980: 00007ffefc9c1000-00007ffefc9f4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
203397c.3980: 00007ffefc9f5000-00007ffefcdeffff 0x0001/0x0000 0x0000000
204397c.3980: *00007ffefcdf0000-00007ffefcdf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
205397c.3980: 00007ffefcdf1000-00007ffefce66fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
206397c.3980: 00007ffefce67000-00007ffefce98fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
207397c.3980: 00007ffefce99000-00007ffefce99fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
208397c.3980: 00007ffefce9a000-00007ffefce9afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
209397c.3980: 00007ffefce9b000-00007ffefcea2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
210397c.3980: 00007ffefcea3000-00007ffeffbcffff 0x0001/0x0000 0x0000000
211397c.3980: *00007ffeffbd0000-00007ffeffbd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
212397c.3980: 00007ffeffbd1000-00007ffeffce7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
213397c.3980: 00007ffeffce8000-00007ffeffd2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
214397c.3980: 00007ffeffd2f000-00007ffeffd2ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
215397c.3980: 00007ffeffd30000-00007ffeffd31fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
216397c.3980: 00007ffeffd32000-00007ffeffd39fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
217397c.3980: 00007ffeffd3a000-00007ffeffdbcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
218397c.3980: 00007ffeffdbd000-00007ffffffeffff 0x0001/0x0000 0x0000000
219397c.3980: kernel32.dll: timestamp 0x6314bdeb (rc=VINF_SUCCESS)
220397c.3980: kernelbase.dll: timestamp 0x7889407f (rc=VINF_SUCCESS)
221397c.3980: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
222397c.3980: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
223397c.3980: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
224397c.3980: ntdll.dll: Differences in section #1 (.text) between file and memory:
225397c.3980: 00007ffeffc157e0 / 0x00457e0: 48 != e9
226397c.3980: 00007ffeffc157e1 / 0x00457e1: 89 != 2f
227397c.3980: 00007ffeffc157e2 / 0x00457e2: 5c != b6
228397c.3980: 00007ffeffc157e3 / 0x00457e3: 24 != 21
229397c.3980: 00007ffeffc157e4 / 0x00457e4: 10 != c9
230397c.3980: Restored 0x2000 bytes of original file content at 00007ffeffc15000
231397c.3980: ntdll.dll: Differences in section #1 (.text) between file and memory:
232397c.3980: 00007ffeffc27f50 / 0x0057f50: 48 != e9
233397c.3980: 00007ffeffc27f51 / 0x0057f51: 89 != 43
234397c.3980: 00007ffeffc27f52 / 0x0057f52: 5c != 90
235397c.3980: 00007ffeffc27f53 / 0x0057f53: 24 != 20
236397c.3980: 00007ffeffc27f54 / 0x0057f54: 08 != c9
237397c.3980: Restored 0x2000 bytes of original file content at 00007ffeffc27000
238397c.3980: ntdll.dll: Differences in section #1 (.text) between file and memory:
239397c.3980: 00007ffeffc6fa50 / 0x009fa50: 4c != e9
240397c.3980: 00007ffeffc6fa51 / 0x009fa51: 8b != 01
241397c.3980: 00007ffeffc6fa52 / 0x009fa52: d1 != 15
242397c.3980: 00007ffeffc6fa53 / 0x009fa53: b8 != 1c
243397c.3980: 00007ffeffc6fa54 / 0x009fa54: 18 != c9
244397c.3980: 00007ffeffc6fb10 / 0x009fb10: 4c != e9
245397c.3980: 00007ffeffc6fb11 / 0x009fb11: 8b != 01
246397c.3980: 00007ffeffc6fb12 / 0x009fb12: d1 != 14
247397c.3980: 00007ffeffc6fb13 / 0x009fb13: b8 != 1c
248397c.3980: 00007ffeffc6fb14 / 0x009fb14: 1e != c9
249397c.3980: 00007ffeffc6fc50 / 0x009fc50: 4c != e9
250397c.3980: 00007ffeffc6fc51 / 0x009fc51: 8b != 41
251397c.3980: 00007ffeffc6fc52 / 0x009fc52: d1 != 12
252397c.3980: 00007ffeffc6fc53 / 0x009fc53: b8 != 1c
253397c.3980: 00007ffeffc6fc54 / 0x009fc54: 28 != c9
254397c.3980: 00007ffeffc6fc90 / 0x009fc90: 4c != e9
255397c.3980: 00007ffeffc6fc91 / 0x009fc91: 8b != c1
256397c.3980: 00007ffeffc6fc92 / 0x009fc92: d1 != 11
257397c.3980: 00007ffeffc6fc93 / 0x009fc93: b8 != 1c
258397c.3980: 00007ffeffc6fc94 / 0x009fc94: 2a != c9
259397c.3980: 00007ffeffc70150 / 0x00a0150: 4c != e9
260397c.3980: 00007ffeffc70151 / 0x00a0151: 8b != 81
261397c.3980: 00007ffeffc70152 / 0x00a0152: d1 != 0d
262397c.3980: 00007ffeffc70153 / 0x00a0153: b8 != 1c
263397c.3980: 00007ffeffc70154 / 0x00a0154: 50 != c9
264397c.3980: 00007ffeffc70620 / 0x00a0620: 4c != e9
265397c.3980: 00007ffeffc70621 / 0x00a0621: 8b != 31
266397c.3980: 00007ffeffc70622 / 0x00a0622: d1 != 07
267397c.3980: 00007ffeffc70623 / 0x00a0623: b8 != 1c
268397c.3980: 00007ffeffc70624 / 0x00a0624: 77 != c9
269397c.3980: Restored 0x2000 bytes of original file content at 00007ffeffc6f66e
270397c.3980: ntdll.dll: Differences in section #1 (.text) between file and memory:
271397c.3980: 00007ffeffc727c0 / 0x00a27c0: 4c != e9
272397c.3980: 00007ffeffc727c1 / 0x00a27c1: 8b != 11
273397c.3980: 00007ffeffc727c2 / 0x00a27c2: d1 != e6
274397c.3980: 00007ffeffc727c3 / 0x00a27c3: b8 != 1b
275397c.3980: 00007ffeffc727c4 / 0x00a27c4: 84 != c9
276397c.3980: 00007ffeffc73080 / 0x00a3080: 4c != e9
277397c.3980: 00007ffeffc73081 / 0x00a3081: 8b != 51
278397c.3980: 00007ffeffc73082 / 0x00a3082: d1 != df
279397c.3980: 00007ffeffc73083 / 0x00a3083: b8 != 1b
280397c.3980: 00007ffeffc73084 / 0x00a3084: ca != c9
281397c.3980: Restored 0x1d12 bytes of original file content at 00007ffeffc7166e
282397c.3980: kernelbase.dll: Differences in section #1 (.text) between file and memory:
283397c.3980: 00007ffefc7a6740 / 0x0046740: 40 != e9
284397c.3980: 00007ffefc7a6741 / 0x0046741: 53 != 4f
285397c.3980: 00007ffefc7a6742 / 0x0046742: 56 != a6
286397c.3980: 00007ffefc7a6743 / 0x0046743: 57 != 68
287397c.3980: 00007ffefc7a6744 / 0x0046744: 41 != cc
288397c.3980: Restored 0x2000 bytes of original file content at 00007ffefc7a5000
289397c.3980: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=5
290397c.3980: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
291397c.3980: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
292397c.3980: supR3HardNtEnableThreadCreationEx:
293397c.3980: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffeffc45660 pvNtTerminateThread=00007ffeffc701b0
294397c.3980: supR3HardenedWinDoReSpawn(1): New child 39b8.39bc [kernel32].
295397c.3980: supR3HardNtChildGatherData: PebBaseAddress=00000000003f3000 cbPeb=0x388
296397c.3980: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffeffbd0000 uNtDllChildAddr=00007ffeffbd0000
297397c.3980: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffeffc45660
298397c.3980: supR3HardenedWinSetupChildInit: Initial context:
299 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6a7cf7900 rdx=00000000003f3000
300 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
301 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
302 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
303 rip=00007ffeffc3a250 rsp=00000000004fffb8 rbp=0000000000000000 ctxflags=0010001b
304 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
305 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
306 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
307 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
308 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
309397c.3980: supR3HardenedWinSetupChildInit: Start child.
310397c.3980: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
311397c.3980: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 30 sleeps
312397c.3980: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
313397c.3980: *0000000000000000-00000000000dffff 0x0001/0x0000 0x0000000
314397c.3980: *00000000000e0000-00000000000fffff 0x0004/0x0004 0x0020000
315397c.3980: *0000000000100000-0000000000119fff 0x0002/0x0002 0x0040000
316397c.3980: 000000000011a000-000000000011ffff 0x0001/0x0000 0x0000000
317397c.3980: *0000000000120000-0000000000123fff 0x0002/0x0002 0x0040000
318397c.3980: 0000000000124000-000000000012ffff 0x0001/0x0000 0x0000000
319397c.3980: *0000000000130000-0000000000131fff 0x0004/0x0004 0x0020000
320397c.3980: 0000000000132000-000000000013ffff 0x0001/0x0000 0x0000000
321397c.3980: *0000000000140000-0000000000140fff 0x0040/0x0040 0x0020000 !!
322397c.3980: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000140000 (LB 0x1000, 0000000000140000 LB 0x1000)
323397c.3980: 000000000134d280/0000: 70 63 c1 ff fe 7f 00 00-10 00 00 00 00 00 00 00 pc..............
324000000000134d290/0010: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
325000000000134d2a0/0020: 40 00 40 00 00 00 00 00-40 00 14 00 00 00 00 00 @.@.....@.......
326000000000134d2b0/0030: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
327000000000134d2c0/0040: 43 00 3a 00 5c 00 57 00-69 00 6e 00 64 00 6f 00 C.:.\.W.i.n.d.o.
328000000000134d2d0/0050: 77 00 73 00 5c 00 73 00-79 00 73 00 74 00 65 00 w.s.\.s.y.s.t.e.
329000000000134d2e0/0060: 6d 00 33 00 32 00 5c 00-68 00 6d 00 70 00 61 00 m.3.2.\.h.m.p.a.
330000000000134d2f0/0070: 6c 00 65 00 72 00 74 00-2e 00 64 00 6c 00 6c 00 l.e.r.t...d.l.l.
331000000000134d300/0080: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
332**************** **** <ditto x 6>
333000000000134d370/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
334397c.3980: 000000000134d380/0000: 90 50 51 52 53 41 50 41-51 56 57 48 81 ec 88 00 .PQRSAPAQVWH....
335000000000134d390/0010: 00 00 90 90 90 e8 db 00-00 00 74 08 e9 b5 00 00 ..........t.....
336000000000134d3a0/0020: 00 90 90 90 48 83 c9 ff-48 ba 00 00 14 00 00 00 ....H...H.......
337000000000134d3b0/0030: 00 00 49 b8 08 00 14 00-00 00 00 00 49 b9 40 00 ..I.........I.@.
338000000000134d3c0/0040: 00 00 00 00 00 00 48 8d-44 24 78 48 89 44 24 20 ......H.D$xH.D$
339000000000134d3d0/0050: 48 b8 50 01 c7 ff fe 7f-00 00 ff d0 48 be 00 03 H.P.........H...
340000000000134d3e0/0060: 14 00 00 00 00 00 48 bf-70 63 c1 ff fe 7f 00 00 ......H.pc......
341000000000134d3f0/0070: 48 ad 48 ab 90 ad 90 ab-48 83 c9 ff 48 ba 00 00 H.H.....H...H...
342000000000134d400/0080: 14 00 00 00 00 00 49 b8-08 00 14 00 00 00 00 00 ......I.........
343000000000134d410/0090: 49 b9 20 00 00 00 00 00-00 00 48 8d 44 24 78 48 I. .......H.D$xH
344000000000134d420/00a0: 89 44 24 20 48 b8 50 01-c7 ff fe 7f 00 00 ff d0 .D$ H.P.........
345000000000134d430/00b0: 48 31 c9 48 31 d2 49 b8-20 00 14 00 00 00 00 00 H1.H1.I. .......
346000000000134d440/00c0: 49 b9 10 00 14 00 00 00-00 00 48 b8 e0 57 c1 ff I.........H..W..
347000000000134d450/00d0: fe 7f 00 00 ff d0 48 81-c4 88 00 00 00 5f 5e 41 ......H......_^A
348000000000134d460/00e0: 59 41 58 5b 5a 59 48 b8-00 03 14 00 00 00 00 00 YAX[ZYH.........
349000000000134d470/00f0: 48 87 04 24 c3 48 85 c9-74 0c e8 08 00 00 00 90 H..$.H..t.......
350397c.3980: 000000000134d480/0000: 90 90 90 90 90 90 c3 48-8b 11 48 81 fa 18 00 1a .......H..H.....
351000000000134d490/0010: 00 75 31 48 8b 51 08 8b-52 0c 81 fa 33 00 32 00 .u1H.Q..R...3.2.
352000000000134d4a0/0020: 75 22 eb 1d 48 8b 11 48-81 fa 18 00 1a 00 75 14 u"..H..H......u.
353000000000134d4b0/0030: 48 8b 51 08 8b 52 0c 81-fa 65 00 72 00 75 05 eb H.Q..R...e.r.u..
354000000000134d4c0/0040: 00 31 db c3 31 db ff cb-c3 00 00 00 00 00 00 00 .1..1...........
355000000000134d4d0/0050: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
356**************** **** <ditto x 9>
357000000000134d570/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
358397c.3980: 000000000134d580/0000: 40 55 53 56 57 41 56 41-57 48 8d 6c 24 88 50 48 @USVWAVAWH.l$.PH
359000000000134d590/0010: b8 7e 63 c1 ff fe 7f 00-00 48 87 04 24 c3 00 00 .~c......H..$...
360000000000134d5a0/0020: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
361**************** **** <ditto x 12>
362000000000134d670/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
363397c.3980: 000000000134e180/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
364**************** **** <ditto x 14>
365000000000134e270/00f0: 7d 57 c4 ff fe 7f 00 00-00 00 00 00 48 4d 50 41 }W..........HMPA
366397c.3980: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000140000/0000000000140000 LB 0/0x1000]
367397c.3980: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000140000 LB 0xc0000 s=0x10000 ap=0x0 rp=0x00000000000001
368397c.3980: 0000000000141000-00000000001fffff 0x0001/0x0000 0x0000000
369397c.3980: *0000000000200000-00000000003f2fff 0x0000/0x0004 0x0020000
370397c.3980: 00000000003f3000-00000000003f5fff 0x0004/0x0004 0x0020000
371397c.3980: 00000000003f6000-00000000003fffff 0x0000/0x0004 0x0020000
372397c.3980: *0000000000400000-00000000004fafff 0x0000/0x0004 0x0020000
373397c.3980: 00000000004fb000-00000000004fdfff 0x0104/0x0004 0x0020000
374397c.3980: 00000000004fe000-00000000004fffff 0x0004/0x0004 0x0020000
375397c.3980: 0000000000500000-000000007ffdffff 0x0001/0x0000 0x0000000
376397c.3980: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
377397c.3980: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
378397c.3980: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
379397c.3980: 000000007ffe6000-00007ff5fe72ffff 0x0001/0x0000 0x0000000
380397c.3980: *00007ff5fe730000-00007ff5fe730fff 0x0002/0x0002 0x0040000
381397c.3980: 00007ff5fe731000-00007ff5fe73ffff 0x0001/0x0000 0x0000000
382397c.3980: *00007ff5fe740000-00007ff5fe762fff 0x0002/0x0002 0x0040000
383397c.3980: 00007ff5fe763000-00007ff6a7ceffff 0x0001/0x0000 0x0000000
384397c.3980: *00007ff6a7cf0000-00007ff6a7cf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
385397c.3980: 00007ff6a7cf1000-00007ff6a7d66fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
386397c.3980: 00007ff6a7d67000-00007ff6a7d67fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
387397c.3980: 00007ff6a7d68000-00007ff6a7daffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
388397c.3980: 00007ff6a7db0000-00007ff6a7db0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
389397c.3980: 00007ff6a7db1000-00007ff6a7db1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
390397c.3980: 00007ff6a7db2000-00007ff6a7db6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
391397c.3980: 00007ff6a7db7000-00007ff6a7db7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
392397c.3980: 00007ff6a7db8000-00007ff6a7db8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
393397c.3980: 00007ff6a7db9000-00007ff6a7dbcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
394397c.3980: 00007ff6a7dbd000-00007ff6a7e05fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
395397c.3980: 00007ff6a7e06000-00007ffeffbcffff 0x0001/0x0000 0x0000000
396397c.3980: *00007ffeffbd0000-00007ffeffbd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
397397c.3980: 00007ffeffbd1000-00007ffeffc15fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
398397c.3980: 00007ffeffc16000-00007ffeffc16fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
399397c.3980: 00007ffeffc17000-00007ffeffce7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
400397c.3980: 00007ffeffce8000-00007ffeffd2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
401397c.3980: 00007ffeffd2f000-00007ffeffd39fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
402397c.3980: 00007ffeffd3a000-00007ffeffd47fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
403397c.3980: 00007ffeffd48000-00007ffeffd48fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
404397c.3980: 00007ffeffd49000-00007ffeffd4bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
405397c.3980: 00007ffeffd4c000-00007ffeffdbcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
406397c.3980: 00007ffeffdbd000-00007ffffffeffff 0x0001/0x0000 0x0000000
407397c.3980: ntdll.dll: Differences in section #1 (.text) between file and memory:
408397c.3980: 00007ffeffc16370 / 0x0046370: 40 != 48
409397c.3980: 00007ffeffc16371 / 0x0046371: 55 != b8
410397c.3980: 00007ffeffc16372 / 0x0046372: 53 != 00
411397c.3980: 00007ffeffc16373 / 0x0046373: 56 != 01
412397c.3980: 00007ffeffc16374 / 0x0046374: 57 != 14
413397c.3980: 00007ffeffc16375 / 0x0046375: 41 != 00
414397c.3980: 00007ffeffc16376 / 0x0046376: 56 != 00
415397c.3980: 00007ffeffc16377 / 0x0046377: 41 != 00
416397c.3980: 00007ffeffc16378 / 0x0046378: 57 != 00
417397c.3980: 00007ffeffc16379 / 0x0046379: 48 != 00
418397c.3980: 00007ffeffc1637a / 0x004637a: 8d != ff
419397c.3980: 00007ffeffc1637b / 0x004637b: 6c != e0
420397c.3980: Restored 0x2000 bytes of original file content at 00007ffeffc15000
421397c.3980: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x40000
422397c.3980: supR3HardNtChildPurify: Startup delay kludge #1/1: 518 ms, 30 sleeps
423397c.3980: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
424397c.3980: *0000000000000000-00000000000dffff 0x0001/0x0000 0x0000000
425397c.3980: *00000000000e0000-00000000000fffff 0x0004/0x0004 0x0020000
426397c.3980: *0000000000100000-0000000000119fff 0x0002/0x0002 0x0040000
427397c.3980: 000000000011a000-000000000011ffff 0x0001/0x0000 0x0000000
428397c.3980: *0000000000120000-0000000000123fff 0x0002/0x0002 0x0040000
429397c.3980: 0000000000124000-000000000012ffff 0x0001/0x0000 0x0000000
430397c.3980: *0000000000130000-0000000000131fff 0x0004/0x0004 0x0020000
431397c.3980: 0000000000132000-00000000001fffff 0x0001/0x0000 0x0000000
432397c.3980: *0000000000200000-00000000003f2fff 0x0000/0x0004 0x0020000
433397c.3980: 00000000003f3000-00000000003f5fff 0x0004/0x0004 0x0020000
434397c.3980: 00000000003f6000-00000000003fffff 0x0000/0x0004 0x0020000
435397c.3980: *0000000000400000-00000000004fafff 0x0000/0x0004 0x0020000
436397c.3980: 00000000004fb000-00000000004fdfff 0x0104/0x0004 0x0020000
437397c.3980: 00000000004fe000-00000000004fffff 0x0004/0x0004 0x0020000
438397c.3980: 0000000000500000-000000007ffdffff 0x0001/0x0000 0x0000000
439397c.3980: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
440397c.3980: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
441397c.3980: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
442397c.3980: 000000007ffe6000-00007ff5fe72ffff 0x0001/0x0000 0x0000000
443397c.3980: *00007ff5fe730000-00007ff5fe730fff 0x0002/0x0002 0x0040000
444397c.3980: 00007ff5fe731000-00007ff5fe73ffff 0x0001/0x0000 0x0000000
445397c.3980: *00007ff5fe740000-00007ff5fe762fff 0x0002/0x0002 0x0040000
446397c.3980: 00007ff5fe763000-00007ff6a7ceffff 0x0001/0x0000 0x0000000
447397c.3980: *00007ff6a7cf0000-00007ff6a7cf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
448397c.3980: 00007ff6a7cf1000-00007ff6a7d66fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
449397c.3980: 00007ff6a7d67000-00007ff6a7d67fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
450397c.3980: 00007ff6a7d68000-00007ff6a7daffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
451397c.3980: 00007ff6a7db0000-00007ff6a7dbcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452397c.3980: 00007ff6a7dbd000-00007ff6a7e05fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
453397c.3980: 00007ff6a7e06000-00007ffeffbcffff 0x0001/0x0000 0x0000000
454397c.3980: *00007ffeffbd0000-00007ffeffbd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
455397c.3980: 00007ffeffbd1000-00007ffeffce7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
456397c.3980: 00007ffeffce8000-00007ffeffd2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
457397c.3980: 00007ffeffd2f000-00007ffeffd32fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
458397c.3980: 00007ffeffd33000-00007ffeffd39fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
459397c.3980: 00007ffeffd3a000-00007ffeffd47fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
460397c.3980: 00007ffeffd48000-00007ffeffd48fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
461397c.3980: 00007ffeffd49000-00007ffeffd4bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
462397c.3980: 00007ffeffd4c000-00007ffeffdbcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
463397c.3980: 00007ffeffdbd000-00007ffffffeffff 0x0001/0x0000 0x0000000
464397c.3980: supR3HardNtChildPurify: Done after 1035 ms and 2 fixes (loop #1).
46539b8.39bc: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0456300
46639b8.39bc: supR3HardenedVmProcessInit: uNtDllAddr=00007ffeffbd0000 g_uNtVerCombined=0xa0456300 (stack ~00000000004ffa48)
46739b8.39bc: ntdll.dll: timestamp 0x5854f5da (rc=VINF_SUCCESS)
46839b8.39bc: New simple heap: #1 0000000000600000 LB 0x400000 (for 2019328 allocation)
469397c.3980: supR3HardNtEnableThreadCreationEx:
47039b8.39bc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
47139b8.39bc: System32: \Device\HarddiskVolume2\Windows\System32
47239b8.39bc: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
47339b8.39bc: KnownDllPath: C:\WINDOWS\System32
47439b8.39bc: supR3HardenedVmProcessInit: Opening vboxdrv stub...
47539b8.39bc: supR3HardenedWinReadErrorInfoDevice: 'ntdll.dll: 11 differences between 0xa34e2 and 0xa34ec in #1 (.text), first: 8b != b8'
47639b8.39bc: Error -5600 in supR3HardenedWinReSpawn! (enmWhat=3)
47739b8.39bc: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -5600 (0xffffea20) (rcNt=0xe986ea20)
478VBoxDrvStub error: ntdll.dll: 11 differences between 0xa34e2 and 0xa34ec in #1 (.text), first: 8b != b8
479397c.3980: supR3HardenedWinCheckChild: enmRequest=2 rc=-5600 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -5600 (0xffffea20) (rcNt=0xe986ea20)
480VBoxDrvStub error: ntdll.dll: 11 differences between 0xa34e2 and 0xa34ec in #1 (.text), first: 8b != b8
48139b8.39bc: KiUserExceptionDispatcher: 0xc0000005 (0000000000000001, 0000000000000024) @ 00007ffeffc1df33 (flags=0x0)
482 rax=ffffffffffffffff rbx=00007ffeffd352a0 rcx=0000000000000000 rdx=ffffffffffffffff
483 rsi=00007ffeffd34ee0 rdi=0000000000000000 r8 =00000000fffffffa r9 =00000000ffffea00
484 r10=0000000000000000 r11=00000000004f92e0 r12=0000000000000000 r13=ffffffffffffffff
485 r14=00000000003f4000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
486 rip=00007ffeffc1df33 rsp=00000000004f91e0 rbp=0000000000000001 ctxflags=0010005f
487 cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b eflags=00010213 mxcrx=00001f80
488 P3=0000000000000000 P4=0000000000000000 P5=00000000004fac40 P6=0000000000000003
489 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
490 dr6=0000000000000000 dr7=0000000000000000 vcr=00000000004f9078 dcr=000000000000000a
491 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
492397c.3980: Error -5600 in supR3HardenedWinReSpawn! (enmWhat=3)
493397c.3980: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -5600 (0xffffea20) (rcNt=0xe986ea20)
494VBoxDrvStub error: ntdll.dll: 11 differences between 0xa34e2 and 0xa34ec in #1 (.text), first: 8b != b8

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy