Agrego una parte de los logs del vboxhardening.log
5c64.5da4: kernel32.dll: timestamp 0x9ec9da27 (rc=VINF_SUCCESS)
5c64.5da4: kernelbase.dll: timestamp 0xd80f8f12 (rc=VINF_SUCCESS)
5c64.5da4: apphelp.dll: timestamp 0xd7772866 (rc=VINF_SUCCESS)
5c64.5da4: VBoxHeadless.exe: timestamp 0x652832c2 (rc=VINF_SUCCESS)
5c64.5da4: \Device\HarddiskVolume9\Virtual Box\VBoxHeadless.exe: Signature #1/2: info status: 24202
5c64.5da4: '\Device\HarddiskVolume9\Virtual Box\VBoxHeadless.exe' has no imports
5c64.5da4: VBoxHeadless.exe: Differences in section #0 (headers) between file and memory:
5c64.5da4: 00007ff704a00040 / 0x0000040: 56 != 77
5c64.5da4: 00007ff704a00041 / 0x0000041: 69 != 72
5c64.5da4: 00007ff704a00042 / 0x0000042: 72 != 5c
5c64.5da4: 00007ff704a00043 / 0x0000043: 74 != 38
5c64.5da4: 00007ff704a00044 / 0x0000044: 75 != c0
5c64.5da4: 00007ff704a00045 / 0x0000045: 61 != a7
5c64.5da4: 00007ff704a00046 / 0x0000046: 6c != 1d
5c64.5da4: 00007ff704a00047 / 0x0000047: 42 != 02
5c64.5da4: 00007ff704a00048 / 0x0000048: 6f != 00
5c64.5da4: 00007ff704a00049 / 0x0000049: 78 != 00
5c64.5da4: Restored 0x400 bytes of original file content at 00007ff704a00000
5c64.5da4: VBoxHeadless.exe: Differences in section #7 (.00cfg) between file and memory:
5c64.5da4: 00007ff704ad3000 / 0x00d3000: 00 != 20
5c64.5da4: 00007ff704ad3001 / 0x00d3001: 0b != c8
5c64.5da4: 00007ff704ad3002 / 0x00d3002: a2 != d3
5c64.5da4: 00007ff704ad3003 / 0x00d3003: 04 != ab
5c64.5da4: 00007ff704ad3004 / 0x00d3004: f7 != fe
5c64.5da4: 00007ff704ad3010 / 0x00d3010: 30 != c0
5c64.5da4: 00007ff704ad3011 / 0x00d3011: a8 != c8
5c64.5da4: 00007ff704ad3012 / 0x00d3012: a6 != d3
5c64.5da4: 00007ff704ad3013 / 0x00d3013: 04 != ab
5c64.5da4: 00007ff704ad3014 / 0x00d3014: f7 != fe
5c64.5da4: Restored 0x28 bytes of original file content at 00007ff704ad3000
5c64.5da4: VBoxHeadless.exe: Differences in section #8 (.rsrc) between file and memory:
5c64.5da4: 00007ff704b125f8 / 0x01125f8: 00 != 50
5c64.5da4: 00007ff704b125f9 / 0x01125f9: 00 != 41
5c64.5da4: 00007ff704b125fa / 0x01125fa: 00 != 44
5c64.5da4: 00007ff704b125fb / 0x01125fb: 00 != 44
5c64.5da4: 00007ff704b125fc / 0x01125fc: 00 != 49
5c64.5da4: 00007ff704b125fd / 0x01125fd: 00 != 4e
5c64.5da4: 00007ff704b125fe / 0x01125fe: 00 != 47
5c64.5da4: 00007ff704b125ff / 0x01125ff: 00 != 58
5c64.5da4: Restored 0xa08 bytes of original file content at 00007ff704b125f8
5c64.5da4: '\Device\HarddiskVolume6\Windows\System32\ntdll.dll' has no imports
5c64.5da4: ntdll.dll: Differences in section #1 (.text) between file and memory:
5c64.5da4: 00007ffeabd4d0b0 / 0x009d0b0: 4c != e9
5c64.5da4: 00007ffeabd4d0b1 / 0x009d0b1: 8b != 23
5c64.5da4: 00007ffeabd4d0b2 / 0x009d0b2: d1 != 34
5c64.5da4: 00007ffeabd4d0b3 / 0x009d0b3: b8 != fe
5c64.5da4: 00007ffeabd4d0b4 / 0x009d0b4: 07 != bf
5c64.5da4: 00007ffeabd4d0b5 / 0x009d0b5: 00 != cc
5c64.5da4: 00007ffeabd4d0b6 / 0x009d0b6: 00 != cc
5c64.5da4: 00007ffeabd4d0b7 / 0x009d0b7: 00 != cc
5c64.5da4: 00007ffeabd4d230 / 0x009d230: 4c != e9
5c64.5da4: 00007ffeabd4d231 / 0x009d231: 8b != 23
5c64.5da4: 00007ffeabd4d232 / 0x009d232: d1 != 31
5c64.5da4: 00007ffeabd4d233 / 0x009d233: b8 != fe
5c64.5da4: 00007ffeabd4d234 / 0x009d234: 13 != bf
5c64.5da4: 00007ffeabd4d235 / 0x009d235: 00 != cc
5c64.5da4: 00007ffeabd4d236 / 0x009d236: 00 != cc
5c64.5da4: 00007ffeabd4d237 / 0x009d237: 00 != cc
5c64.5da4: 00007ffeabd4d610 / 0x009d610: 4c != e9
5c64.5da4: 00007ffeabd4d611 / 0x009d611: 8b != e3
5c64.5da4: 00007ffeabd4d612 / 0x009d612: d1 != 2c
5c64.5da4: 00007ffeabd4d613 / 0x009d613: b8 != fe
5c64.5da4: 00007ffeabd4d614 / 0x009d614: 32 != bf
5c64.5da4: 00007ffeabd4d615 / 0x009d615: 00 != cc
5c64.5da4: 00007ffeabd4d616 / 0x009d616: 00 != cc
5c64.5da4: 00007ffeabd4d617 / 0x009d617: 00 != cc
5c64.5da4: 00007ffeabd4d670 / 0x009d670: 4c != e9
5c64.5da4: 00007ffeabd4d671 / 0x009d671: 8b != c3
5c64.5da4: 00007ffeabd4d672 / 0x009d672: d1 != 2b
5c64.5da4: 00007ffeabd4d673 / 0x009d673: b8 != fe
5c64.5da4: 00007ffeabd4d674 / 0x009d674: 35 != bf
5c64.5da4: 00007ffeabd4d675 / 0x009d675: 00 != cc
5c64.5da4: 00007ffeabd4d676 / 0x009d676: 00 != cc
5c64.5da4: 00007ffeabd4d677 / 0x009d677: 00 != cc
5c64.5da4: 00007ffeabd4d690 / 0x009d690: 4c != e9
5c64.5da4: 00007ffeabd4d691 / 0x009d691: 8b != e3
5c64.5da4: 00007ffeabd4d692 / 0x009d692: d1 != 2a
5c64.5da4: 00007ffeabd4d693 / 0x009d693: b8 != fe
5c64.5da4: 00007ffeabd4d694 / 0x009d694: 36 != bf
5c64.5da4: 00007ffeabd4d695 / 0x009d695: 00 != cc
5c64.5da4: 00007ffeabd4d696 / 0x009d696: 00 != cc
5c64.5da4: 00007ffeabd4d697 / 0x009d697: 00 != cc
5c64.5da4: 00007ffeabd4da10 / 0x009da10: 4c != e9
5c64.5da4: 00007ffeabd4da11 / 0x009da11: 8b != c3
5c64.5da4: 00007ffeabd4da12 / 0x009da12: d1 != 27
5c64.5da4: 00007ffeabd4da13 / 0x009da13: b8 != fe
5c64.5da4: 00007ffeabd4da14 / 0x009da14: 52 != bf
5c64.5da4: 00007ffeabd4da15 / 0x009da15: 00 != cc
5c64.5da4: 00007ffeabd4da16 / 0x009da16: 00 != cc
5c64.5da4: 00007ffeabd4da17 / 0x009da17: 00 != cc
5c64.5da4: Restored 0x2000 bytes of original file content at 00007ffeabd4cbee
5c64.5da4: ntdll.dll: Differences in section #1 (.text) between file and memory:
5c64.5da4: 00007ffeabd4f820 / 0x009f820: 4c != e9
5c64.5da4: 00007ffeabd4f821 / 0x009f821: 8b != 73
5c64.5da4: 00007ffeabd4f822 / 0x009f822: d1 != 0a
5c64.5da4: 00007ffeabd4f823 / 0x009f823: b8 != fe
5c64.5da4: 00007ffeabd4f824 / 0x009f824: 43 != bf
5c64.5da4: 00007ffeabd4f825 / 0x009f825: 01 != cc
5c64.5da4: 00007ffeabd4f826 / 0x009f826: 00 != cc
5c64.5da4: 00007ffeabd4f827 / 0x009f827: 00 != cc
5c64.5da4: Restored 0x2000 bytes of original file content at 00007ffeabd4ebee
5c64.5da4: ntdll.dll: Differences in section #8 (.00cfg) between file and memory:
5c64.5da4: 00007ffeabe35000 / 0x0185000: f0 != c0
5c64.5da4: 00007ffeabe35001 / 0x0185001: 0a != c8
5c64.5da4: 00007ffeabe35002 / 0x0185002: d5 != d3
5c64.5da4: Restored 0x8 bytes of original file content at 00007ffeabe35000
5c64.5da4: kernel32.dll: Differences in section #2 (.rdata) between file and memory:
5c64.5da4: 00007ffeaa822748 / 0x0082748: c0 != b0
5c64.5da4: 00007ffeaa822749 / 0x0082749: db != 22
5c64.5da4: 00007ffeaa82274a / 0x008274a: d4 != c1
5c64.5da4: 00007ffeaa82274b / 0x008274b: ab != a6
5c64.5da4: 00007ffeaa822b50 / 0x0082b50: b0 != 20
5c64.5da4: 00007ffeaa822b51 / 0x0082b51: d4 != 22
5c64.5da4: 00007ffeaa822b52 / 0x0082b52: d4 != c1
5c64.5da4: 00007ffeaa822b53 / 0x0082b53: ab != a6
5c64.5da4: 00007ffeaa822ce0 / 0x0082ce0: 70 != 30
5c64.5da4: 00007ffeaa822ce1 / 0x0082ce1: da != 20
5c64.5da4: 00007ffeaa822ce2 / 0x0082ce2: d4 != c1
5c64.5da4: 00007ffeaa822ce3 / 0x0082ce3: ab != a6
5c64.5da4: Restored 0x2000 bytes of original file content at 00007ffeaa821000
5c64.5da4: kernel32.dll: Differences in section #2 (.rdata) between file and memory:
5c64.5da4: 00007ffeaa8230e0 / 0x00830e0: 70 != 30
5c64.5da4: 00007ffeaa8230e1 / 0x00830e1: da != 20
5c64.5da4: 00007ffeaa8230e2 / 0x00830e2: d4 != c1
5c64.5da4: 00007ffeaa8230e3 / 0x00830e3: ab != a6
5c64.5da4: 00007ffeaa823230 / 0x0083230: c0 != 20
5c64.5da4: 00007ffeaa823231 / 0x0083231: 68 != c8
5c64.5da4: 00007ffeaa823232 / 0x0083232: 7c != d3
5c64.5da4: 00007ffeaa823233 / 0x0083233: aa != ab
5c64.5da4: 00007ffeaa823238 / 0x0083238: e0 != c0
5c64.5da4: 00007ffeaa823239 / 0x0083239: 6a != c8
5c64.5da4: 00007ffeaa82323a / 0x008323a: 7c != d3
5c64.5da4: 00007ffeaa82323b / 0x008323b: aa != ab
5c64.5da4: Restored 0x2000 bytes of original file content at 00007ffeaa823000
5c64.5da4: kernelbase.dll: Differences in section #2 (.rdata) between file and memory:
5c64.5da4: 00007ffea9864960 / 0x01e4960: b0 != 20
5c64.5da4: 00007ffea9864961 / 0x01e4961: d4 != 22
5c64.5da4: 00007ffea9864962 / 0x01e4962: d4 != c1
5c64.5da4: 00007ffea9864963 / 0x01e4963: ab != a6
5c64.5da4: 00007ffea9864998 / 0x01e4998: 70 != 30
5c64.5da4: 00007ffea9864999 / 0x01e4999: da != 20
5c64.5da4: 00007ffea986499a / 0x01e499a: d4 != c1
5c64.5da4: 00007ffea986499b / 0x01e499b: ab != a6
5c64.5da4: 00007ffea9864ad8 / 0x01e4ad8: c0 != b0
5c64.5da4: 00007ffea9864ad9 / 0x01e4ad9: db != 22
5c64.5da4: 00007ffea9864ada / 0x01e4ada: d4 != c1
5c64.5da4: 00007ffea9864adb / 0x01e4adb: ab != a6
5c64.5da4: 00007ffea9865260 / 0x01e5260: c0 != b0
5c64.5da4: 00007ffea9865261 / 0x01e5261: db != 22
5c64.5da4: 00007ffea9865262 / 0x01e5262: d4 != c1
5c64.5da4: 00007ffea9865263 / 0x01e5263: ab != a6
5c64.5da4: 00007ffea9865e90 / 0x01e5e90: 80 != 20
5c64.5da4: 00007ffea9865e91 / 0x01e5e91: 67 != c8
5c64.5da4: 00007ffea9865e92 / 0x01e5e92: 73 != d3
5c64.5da4: 00007ffea9865e93 / 0x01e5e93: a9 != ab
5c64.5da4: 00007ffea9865e98 / 0x01e5e98: 30 != c0
5c64.5da4: 00007ffea9865e99 / 0x01e5e99: 6b != c8
5c64.5da4: 00007ffea9865e9a / 0x01e5e9a: 73 != d3
5c64.5da4: 00007ffea9865e9b / 0x01e5e9b: a9 != ab
5c64.5da4: Restored 0x2000 bytes of original file content at 00007ffea9864000
5c64.5da4: apphelp.dll: Differences in section #2 (.rdata) between file and memory:
5c64.5da4: 00007ffea6c20e88 / 0x0050e88: 00 != 70
5c64.5da4: 00007ffea6c20e89 / 0x0050e89: 96 != ce
5c64.5da4: 00007ffea6c20e8a / 0x0050e8a: 6d != 7b
5c64.5da4: 00007ffea6c20e8b / 0x0050e8b: a9 != aa
5c64.5da4: 00007ffea6c20e90 / 0x0050e90: b0 != 00
5c64.5da4: 00007ffea6c20e91 / 0x0050e91: f5 != cb
5c64.5da4: 00007ffea6c20e92 / 0x0050e92: 6e != 7b
5c64.5da4: 00007ffea6c20e93 / 0x0050e93: a9 != aa
5c64.5da4: 00007ffea6c20e98 / 0x0050e98: b0 != 60
5c64.5da4: 00007ffea6c20e99 / 0x0050e99: 05 != 58
5c64.5da4: 00007ffea6c20e9a / 0x0050e9a: 69 != 7b
5c64.5da4: 00007ffea6c20e9b / 0x0050e9b: a9 != aa
5c64.5da4: 00007ffea6c20ea0 / 0x0050ea0: 60 != a0
5c64.5da4: 00007ffea6c20ea1 / 0x0050ea1: 42 != 4b
5c64.5da4: 00007ffea6c20ea2 / 0x0050ea2: 6d != 7c
5c64.5da4: 00007ffea6c20ea3 / 0x0050ea3: a9 != aa
5c64.5da4: 00007ffea6c20ea8 / 0x0050ea8: 30 != e0
5c64.5da4: 00007ffea6c20ea9 / 0x0050ea9: ca != ad
5c64.5da4: 00007ffea6c20eaa / 0x0050eaa: 6e != 7b
5c64.5da4: 00007ffea6c20eab / 0x0050eab: a9 != aa
5c64.5da4: 00007ffea6c20eb0 / 0x0050eb0: d0 != 90
5c64.5da4: 00007ffea6c20eb1 / 0x0050eb1: cb != 4b
5c64.5da4: 00007ffea6c20eb2 / 0x0050eb2: 6b != 7c
5c64.5da4: 00007ffea6c20eb3 / 0x0050eb3: a9 != aa
5c64.5da4: 00007ffea6c20eb8 / 0x0050eb8: 80 != 70
5c64.5da4: 00007ffea6c20eb9 / 0x0050eb9: 47 != 0a
5c64.5da4: 00007ffea6c20eba / 0x0050eba: 70 != 7c
5c64.5da4: 00007ffea6c20ebb / 0x0050ebb: a9 != aa
5c64.5da4: 00007ffea6c20ec8 / 0x0050ec8: a0 != f0
5c64.5da4: 00007ffea6c20ec9 / 0x0050ec9: 08 != b0
5c64.5da4: 00007ffea6c20eca / 0x0050eca: 6b != 7b
5c64.5da4: 00007ffea6c20ecb / 0x0050ecb: a9 != aa
5c64.5da4: Restored 0x2000 bytes of original file content at 00007ffea6c1f000
5c64.5da4: apphelp.dll: Differences in section #2 (.rdata) between file and memory:
5c64.5da4: 00007ffea6c21468 / 0x0051468: 90 != 20
5c64.5da4: 00007ffea6c21469 / 0x0051469: 0b != c8
5c64.5da4: 00007ffea6c2146a / 0x005146a: be != d3
5c64.5da4: 00007ffea6c2146b / 0x005146b: a6 != ab
5c64.5da4: 00007ffea6c21470 / 0x0051470: 00 != c0
5c64.5da4: 00007ffea6c21471 / 0x0051471: 0d != c8
5c64.5da4: 00007ffea6c21472 / 0x0051472: be != d3
5c64.5da4: 00007ffea6c21473 / 0x0051473: a6 != ab
5c64.5da4: Restored 0x2000 bytes of original file content at 00007ffea6c21000
5c64.5da4: supHardNtVpCheckHandles:
5c64.5da4: supHardNtVpCheckHandles: Inheritable file handle: 0000000000000058
5c64.5da4: supHardNtVpCheckHandles: Inheritable file handle: 0000000000000054
5c64.5da4: supHardNtVpCheckHandles: Inheritable file handle: 0000000000000050
5c64.5da4: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=11
5c64.5da4: \Device\HarddiskVolume9\Virtual Box\VBoxHeadless.exe: Signature #1/2: info status: 24202
5c64.5da4: '\Device\HarddiskVolume9\Virtual Box\VBoxHeadless.exe' has no imports
5c64.5da4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume9\Virtual Box\VBoxHeadless.exe)
5c64.5da4: supR3HardNtEnableThreadCreationEx:
5c64.5da4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffeabd24be0 pvNtTerminateThread=00007ffeabd4da30
5c64.5da4: supR3HardenedWinDoReSpawn(1): New child 125c.36b4 [kernel32].
5c64.5da4: supR3HardNtChildGatherData: PebBaseAddress=000000aeaabff000 cbPeb=0x388
5c64.5da4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffeabcb0000 uNtDllChildAddr=00007ffeabcb0000
5c64.5da4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffeabd24be0
5c64.5da4: supR3HardenedWinSetupChildInit: Initial context:
rax=0000000000000000 rbx=0000000000000000 rcx=00007ff704a0b5a0 rdx=000000aeaabff000
rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
rip=00007ffeabd02690 rsp=000000aeaacff918 rbp=0000000000000000 ctxflags=0010001b
cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
5c64.5da4: supR3HardenedWinSetupChildInit: Start child.
5c64.5da4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
5c64.5da4: supR3HardNtChildPurify: Startup delay kludge #1/0: 270 ms, 17 sleeps
5c64.5da4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5c64.5da4: Error (rc=-5637):
5c64.5da4: NtQueryVirtualMemory failed for 0000000000000000: 0xc000010a
5c64.5da4: Error (rc=-5637):
5c64.5da4: supHardenedWinVerifyProcess failed with -5637: NtQueryVirtualMemory failed for 0000000000000000: 0xc000010a
5c64.5da4: Error -5637 in supR3HardNtChildPurify! (enmWhat=5)
5c64.5da4: supHardenedWinVerifyProcess failed with -5637: NtQueryVirtualMemory failed for 0000000000000000: 0xc000010a
3768.5654: Terminating the normal way: rcExit=0