Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 12, 2021, 2:46 p.m.	Sept. 12, 2021, 2:52 p.m.

Size	4.0MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3b29fe3eb1892fa6e766bd039b88eeec`
SHA256	`27e2593d29c04065445c5462b5af5f77d555dc00318afa0cf7c68e70bbaca739`
CRC32	`430857EC`
ssdeep	`49152:qNDFFPJu8fBsVE6ij+RNg+UKpBvtqB3m1RC3:4zP88fBsnZTgOtqB3m1RC3`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Is_DotNET_EXE - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description)

Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2696
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2548
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
1572
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
108
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
1972
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
1828
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2340
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2440
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2976
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2296
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
1824
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
1472
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2424
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2672
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2972
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2276
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2800
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
656
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
604
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
584
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
1772
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
1684
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2088
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
1120
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2020
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
1332
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3016
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
1788
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3004
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2560
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2428
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2636
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
1100
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
932
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2680
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2364
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2620
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2388
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2380
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2604
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
1920
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2084
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2540
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
1856
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2536
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2868
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2608
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2200
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
1340
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2328
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
532
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3104
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3176
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3248
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3320
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3392
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3464
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3536
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3632
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3720
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3792
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3864
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3936
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
4008
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3088
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3132
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3180
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3332
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3420
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3492
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3608
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3700
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3820
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3896
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
3984
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
4088
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4B31fJyhF9xNaNghj9bwkSZ6rizjE2JXwHb346o65f1Z6hbtYMAZayxDgxEnXxWjdULmbATuTjMeAAPycjvqH8mH4heMrkN -p x -k -v=0 --donate-level=1 -t 1
2572

Name	Response	Post-Analysis Lookup
a0577836.xsph.ru	A 141.8.192.6	141.8.192.6

IP Address	Status	Action
141.8.192.6	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49201 -> 141.8.192.6:80	2023505	ET MALWARE CerberTear Ransomware CnC Checkin	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

One or more processes crashed (50 out of 77 events)

Time & API	Arguments	Status
__exception__ Sept. 12, 2021, 2:39 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:39 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:39 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:39 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:39 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:39 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244936 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:39 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:39 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:39 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:39 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:39 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:39 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:39 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:39 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244936 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:39 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244936 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244936 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244936 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244936 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244936 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ Sept. 12, 2021, 2:40 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1

Performs some HTTP requests (2 events)

request	GET http://a0577836.xsph.ru/cmd.php?hwid=7C6024AD
request	GET http://a0577836.xsph.ru/cmd.php?timeout=1

Resolves a suspicious Top Level Domain (TLD) (1 event)

domain

a0577836.xsph.ru

description

Russian Federation domain TLD

Creates an executable file in a user folder (1 event)

file	C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe

File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	IL:Trojan.MSILZilla.1618
FireEye	Generic.mg.3b29fe3eb1892fa6
CAT-QuickHeal	Trojan.YakbeexMSIL.ZZ4
ALYac	IL:Trojan.MSILZilla.1618
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00517fbc1 )
K7GW	Trojan ( 00517fbc1 )
Cybereason	malicious.eb1892
Cyren	W32/Coinminer.BEJZ-1169
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/CoinMiner.ACZ
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Trojan.Mino-9870950-0
Kaspersky	Trojan.Win64.Prometei.p
BitDefender	IL:Trojan.MSILZilla.1618
Avast	Win32:Miner-DM [Trj]
Tencent	Win64.Trojan.Prometei.Ljuf
Ad-Aware	IL:Trojan.MSILZilla.1618
Emsisoft	IL:Trojan.MSILZilla.1618 (B)
DrWeb	Trojan.DownLoader32.48498
McAfee-GW-Edition	GenericRXNH-TB!3B29FE3EB189
Sophos	Mal/Generic-R + Mal/Miner-J
SentinelOne	Static AI - Malicious PE
GData	IL:Trojan.MSILZilla.1618
Jiangmin	TrojanDropper.MSIL.azry
Avira	TR/ATRAPS.Gen
MAX	malware (ai score=85)
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Gen.sd!n
Microsoft	Trojan:MSIL/CoinMiner.ADA!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.CoinMiner.R338384
McAfee	GenericRXNH-TB!3B29FE3EB189
Malwarebytes	Trojan.Crypt.Generic
Ikarus	Trojan.MSIL.CoinMiner
eGambit	Unsafe.AI_Score_99%
Fortinet	MSIL/Generic.AP.12C58B6!tr
BitDefenderTheta	Gen:NN.ZemsilF.34142.9p0@aaN3Gui
AVG	Win32:Miner-DM [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_90% (W)

MinerXMR.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All