|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244936
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244936
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244936
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244936
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244936
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244936
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244936
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244936
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244936
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244936
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244936
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244936
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244936
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244936
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
driver+0x882000 @ 0x140882000
driver+0x1000 @ 0x140001000
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
0x58c040
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244968
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
|
__exception__
|
stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
driver+0x1be7cf @ 0x1401be7cf
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
0x880fff
exception.instruction_r:
0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address:
0x76d80895
exception.module:
ntdll.dll
exception.exception_code:
0xc0000005
exception.offset:
329877
registers.r14:
0
registers.r15:
0
registers.rcx:
1242680
registers.rsi:
5377630208
registers.r10:
0
registers.rbx:
1992371952
registers.rsp:
1244936
registers.r11:
514
registers.r8:
64
registers.r9:
4
registers.rdx:
1244024
registers.r12:
0
registers.rbp:
0
registers.rdi:
5368709487
registers.rax:
1242360
registers.r13:
0
|
1
|
0 |
0
|
wdagad.exe