Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 20, 2023, 6:14 p.m.	Oct. 20, 2023, 6:17 p.m.

Size	3.5MB
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`971dd6c48909adf98861fb8457125faa`
SHA256	`9d80eb4be1e9139a03a6aa3f053fec14ed1880251b1f13d85d84d7d64dddd581`
CRC32	`0D5B49B1`
ssdeep	`49152:LrALKQaCAFe5VtmMOAfJb4S7TVi2a17aaQsPdSCrXADRkC+rMoUQhebOT1NvekX+:fA2cfd4S3s2aMr87LHF9SJv`
PDB Path	C:\b\s\w\ir\cache\builder\src\out\Release_x64\optimization_guide_internal.dll.pdb
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorAnnotateGetOutputMetadataScoreAtIndex
2628
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorAnnotateGetOutputMetadataScoreAtIndex
  3004
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorAnnotateGetOutputMetadataAtIndex
2544
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorAnnotateGetOutputMetadataAtIndex
  3012
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorAnnotateJobCreate
2720
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorAnnotateJobCreate
  1152
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorAnnotateJobDelete
2808
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorAnnotateJobDelete
  1400
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorCreateFromOptions
2904
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorCreateFromOptions
  2436
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorEntityMetadataJobCreate
196
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorEntityMetadataJobCreate
  2564
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorDelete
2996
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorDelete
  2800
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorEntityMetadataJobDelete
2416
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorEntityMetadataJobDelete
  2748
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorGetCreationError
2704
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorGetCreationError
  3040
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorGetMaxSupportedFeatureFlag
744
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorGetMaxSupportedFeatureFlag
  2308
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorOptionsAddModelSlice
2460
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorOptionsAddModelSlice
  2828
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorOptionsCreate
3008
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorOptionsCreate
  320
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorOptionsDelete
2112
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorOptionsDelete
  908
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorOptionsSetModelFilePath
2648
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorOptionsSetModelFilePath
  1484
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorOptionsSetModelMetadataFilePath
3036
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorOptionsSetModelMetadataFilePath
  2260
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorOptionsSetWordEmbeddingsFilePath
2864
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorOptionsSetWordEmbeddingsFilePath
  3080
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorRunAnnotateJob
2216
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorRunAnnotateJob
  3336
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorRunEntityMetadataJob
3448
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorRunEntityMetadataJob
  3700
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetCollectionAtIndex
3692
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetCollectionAtIndex
  3924
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetCollectionsCount
3844
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetCollectionsCount
  4000
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetEntityID
3988
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetEntityID
  3360
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetHumanReadableAliasAtIndex
3152
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetHumanReadableAliasAtIndex
  3408
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetHumanReadableAliasesCount
3560
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetHumanReadableAliasesCount
  3872
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetHumanReadableCategoriesCount
3860
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetHumanReadableCategoriesCount
  2924
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetHumanReadableCategoryNameAtIndex
3116
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetHumanReadableCategoryNameAtIndex
  3956
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetHumanReadableCategoryScoreAtIndex
3520
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetHumanReadableCategoryScoreAtIndex
  3356
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetHumanReadableName
3980
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityMetadataGetHumanReadableName
  3676
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,
3436

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (27 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0
IsDebuggerPresent Oct. 20, 2023, 6:07 p.m.			0	0

This executable has a PDB path (1 event)

pdb_path

C:\b\s\w\ir\cache\builder\src\out\Release_x64\optimization_guide_internal.dll.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (5 events)

section	.00cfg
section	.gxfg
section	.retplne
section	_RDATA
section	malloc_h

One or more processes crashed (18 events)

Time & API	Arguments	Status
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: RtlAllocateHeap+0x3d AlpcGetMessageAttribute-0x1623 ntdll+0x533dd @ 0x76d833dd OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x148284 OptimizationGuideEntityAnnotatorGetCreationError-0xf6bc salut+0x14b624 @ 0x7fef3d9b624 OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x112643 OptimizationGuideEntityAnnotatorGetCreationError-0x452fd salut+0x1159e3 @ 0x7fef3d659e3 OptimizationGuideEntityAnnotatorAnnotateJobCreate+0x12 OptimizationGuideEntityAnnotatorAnnotateGetOutputMetadataScoreAtIndex-0x1e salut+0x15ad42 @ 0x7fef3daad42 rundll32+0x2f42 @ 0xffc32f42 rundll32+0x3b7a @ 0xffc33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 8b 41 74 44 8b b1 98 00 00 00 33 db 0b e8 4c 8d exception.symbol: RtlAllocateHeap+0x3d AlpcGetMessageAttribute-0x1623 ntdll+0x533dd exception.instruction: mov eax, dword ptr [rcx + 0x74] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 340957 exception.address: 0x76d833dd registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2358768 registers.r11: 2357856 registers.r8: 32 registers.r9: 10 registers.rdx: 0 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 9223372036854775807 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0xfc90c OptimizationGuideEntityAnnotatorGetCreationError-0x5b034 salut+0xffcac @ 0x7fef3d4fcac OptimizationGuideEntityMetadataGetCollectionAtIndex+0x105c salut+0x15c21c @ 0x7fef3dac21c OptimizationGuideEntityMetadataGetCollectionAtIndex+0x918 salut+0x15bad8 @ 0x7fef3dabad8 OptimizationGuideEntityMetadataGetCollectionAtIndex+0x1203 salut+0x15c3c3 @ 0x7fef3dac3c3 OptimizationGuideEntityAnnotatorAnnotateJobDelete+0x12 OptimizationGuideEntityAnnotatorEntityMetadataJobCreate-0x1e salut+0x15add2 @ 0x7fef3daadd2 rundll32+0x2f42 @ 0xffc32f42 rundll32+0x3b7a @ 0xffc33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 1f 48 85 db 75 0a 48 83 c4 28 5b 5f 5e 41 exception.instruction: mov rbx, qword ptr [rdi] exception.exception_code: 0xc0000005 exception.symbol: OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0xfc90c OptimizationGuideEntityAnnotatorGetCreationError-0x5b034 salut+0xffcac exception.address: 0x7fef3d4fcac registers.r14: 0 registers.r15: 0 registers.rcx: 1176920 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1177680 registers.r11: 1176768 registers.r8: 1950094 registers.r9: 10 registers.rdx: 28429470871519353 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 25895912609087573 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: RtlAllocateHeap+0x3d AlpcGetMessageAttribute-0x1623 ntdll+0x533dd @ 0x76d833dd OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x148284 OptimizationGuideEntityAnnotatorGetCreationError-0xf6bc salut+0x14b624 @ 0x7fef3d9b624 OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x112643 OptimizationGuideEntityAnnotatorGetCreationError-0x452fd salut+0x1159e3 @ 0x7fef3d659e3 OptimizationGuideEntityAnnotatorEntityMetadataJobCreate+0x12 OptimizationGuideEntityAnnotatorRunEntityMetadataJob-0x1e salut+0x15ae02 @ 0x7fef3daae02 rundll32+0x2f42 @ 0xffc32f42 rundll32+0x3b7a @ 0xffc33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 8b 41 74 44 8b b1 98 00 00 00 33 db 0b e8 4c 8d exception.symbol: RtlAllocateHeap+0x3d AlpcGetMessageAttribute-0x1623 ntdll+0x533dd exception.instruction: mov eax, dword ptr [rcx + 0x74] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 340957 exception.address: 0x76d833dd registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1834304 registers.r11: 1833392 registers.r8: 16 registers.r9: 10 registers.rdx: 0 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 9223372036854775807 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0xfc949 OptimizationGuideEntityAnnotatorGetCreationError-0x5aff7 salut+0xffce9 @ 0x7fef3d4fce9 OptimizationGuideEntityMetadataGetCollectionAtIndex+0x105c salut+0x15c21c @ 0x7fef3dac21c OptimizationGuideEntityMetadataGetCollectionAtIndex+0x1244 salut+0x15c404 @ 0x7fef3dac404 OptimizationGuideEntityAnnotatorEntityMetadataJobDelete+0x12 OptimizationGuideEntityAnnotatorOptionsCreate-0x1e salut+0x15afb2 @ 0x7fef3daafb2 rundll32+0x2f42 @ 0xffc32f42 rundll32+0x3b7a @ 0xffc33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 41 80 7e 17 00 79 e8 eb de 48 89 5f 08 48 8b 06 exception.instruction: cmp byte ptr [r14 + 0x17], 0 exception.exception_code: 0xc0000005 exception.symbol: OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0xfc949 OptimizationGuideEntityAnnotatorGetCreationError-0x5aff7 salut+0xffce9 exception.address: 0x7fef3d4fce9 registers.r14: 0 registers.r15: 0 registers.rcx: 2618840 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2619520 registers.r11: 2618608 registers.r8: 770474 registers.r9: 10 registers.rdx: 4290969600 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 131168 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: RtlFreeHeap+0x10 RtlAllocateHeap-0x190 ntdll+0x53210 @ 0x76d83210 HeapFree+0xa BaseSetLastNTError-0x16 kernel32+0x2307a @ 0x76c3307a OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x144e70 OptimizationGuideEntityAnnotatorGetCreationError-0x12ad0 salut+0x148210 @ 0x7fef3d98210 rundll32+0x2f42 @ 0xffc32f42 rundll32+0x3b7a @ 0xffc33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 0f ba 61 74 18 48 89 58 10 48 89 68 f8 48 89 70 exception.symbol: RtlFreeHeap+0x10 RtlAllocateHeap-0x190 ntdll+0x53210 exception.instruction: bt dword ptr [rcx + 0x74], 0x18 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 340496 exception.address: 0x76d83210 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1638304 registers.r11: 1637392 registers.r8: 393528 registers.r9: 10 registers.rdx: 0 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1637656 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x6718 OptimizationGuideEntityAnnotatorGetCreationError-0x151228 salut+0x9ab8 @ 0x7fef3c59ab8 0x17277c rundll32+0x1310 @ 0xffc31310 exception.instruction_r: 61 74 09 62 75 10 4e 0d 69 4e 76 50 76 7d 03 7c exception.exception_code: 0xc000001d exception.symbol: OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x6718 OptimizationGuideEntityAnnotatorGetCreationError-0x151228 salut+0x9ab8 exception.address: 0x7fef3c59ab8 registers.r14: 1939390764 registers.r15: 0 registers.rcx: 711465660 registers.rsi: 916336 registers.r10: 0 registers.rbx: 0 registers.rsp: 916320 registers.r11: 915664 registers.r8: 1687984 registers.r9: 10 registers.rdx: 4290969600 registers.r12: 10 registers.rbp: 1687760 registers.rdi: 0 registers.rax: 262546 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x2 OptimizationGuideEntityAnnotatorGetCreationError-0x15793e salut+0x33a2 @ 0x7fef3c533a2 0x7fffffd3000 OptimizationGuideEntityAnnotatorGetMaxSupportedFeatureFlag-0x25f8 salut+0x78 @ 0x7fef3c50078 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 exception.instruction_r: 61 ec 7c bd d8 75 6b 75 6a 75 69 75 68 6a 6b 6f exception.exception_code: 0xc000001d exception.symbol: OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x2 OptimizationGuideEntityAnnotatorGetCreationError-0x15793e salut+0x33a2 exception.address: 0x7fef3c533a2 registers.r14: 0 registers.r15: 4290981698 registers.rcx: 327998 registers.rsi: 0 registers.r10: 0 registers.rbx: 327998 registers.rsp: 2554248 registers.r11: 2553856 registers.r8: 3785108 registers.r9: 10 registers.rdx: 4290969600 registers.r12: 10 registers.rbp: 3784896 registers.rdi: -1 registers.rax: 327998 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: RtlAllocateHeap+0x3d AlpcGetMessageAttribute-0x1623 ntdll+0x533dd @ 0x76d833dd OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x148284 OptimizationGuideEntityAnnotatorGetCreationError-0xf6bc salut+0x14b624 @ 0x7fef3d9b624 OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x112643 OptimizationGuideEntityAnnotatorGetCreationError-0x452fd salut+0x1159e3 @ 0x7fef3d659e3 OptimizationGuideEntityAnnotatorOptionsCreate+0xe OptimizationGuideEntityAnnotatorOptionsDelete-0x12 salut+0x15afde @ 0x7fef3daafde rundll32+0x2f42 @ 0xffc32f42 rundll32+0x3b7a @ 0xffc33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 8b 41 74 44 8b b1 98 00 00 00 33 db 0b e8 4c 8d exception.symbol: RtlAllocateHeap+0x3d AlpcGetMessageAttribute-0x1623 ntdll+0x533dd exception.instruction: mov eax, dword ptr [rcx + 0x74] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 340957 exception.address: 0x76d833dd registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1767424 registers.r11: 1766512 registers.r8: 80 registers.r9: 10 registers.rdx: 0 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 9223372036854775807 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x10334c OptimizationGuideEntityAnnotatorGetCreationError-0x545f4 salut+0x1066ec @ 0x7fef3d566ec OptimizationGuideEntityAnnotatorOptionsDelete+0x12 OptimizationGuideEntityMetadataGetEntityID-0x1e salut+0x15b002 @ 0x7fef3dab002 rundll32+0x2f42 @ 0xffc32f42 rundll32+0x3b7a @ 0xffc33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 89 01 48 8b 71 08 40 f6 c6 02 75 06 48 83 c4 exception.instruction: mov qword ptr [rcx], rax exception.exception_code: 0xc0000005 exception.symbol: OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x10334c OptimizationGuideEntityAnnotatorGetCreationError-0x545f4 salut+0x1066ec exception.address: 0x7fef3d566ec registers.r14: 0 registers.r15: 0 registers.rcx: 131450 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2619456 registers.r11: 2618544 registers.r8: 3850598 registers.r9: 10 registers.rdx: 4290969600 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 8791595798624 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: OptimizationGuideEntityAnnotatorRunAnnotateJob+0x8f0 OptimizationGuideEntityAnnotatorOptionsSetModelMetadataFilePath-0x80 salut+0x3220 @ 0x7fef3c53220 rundll32+0x2f42 @ 0xffc32f42 rundll32+0x3b7a @ 0xffc33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 3f d4 78 bd cd 7c bd ee 78 b9 b1 94 ca cb cb 7d exception.exception_code: 0xc000001d exception.symbol: OptimizationGuideEntityAnnotatorRunAnnotateJob+0x8f0 OptimizationGuideEntityAnnotatorOptionsSetModelMetadataFilePath-0x80 salut+0x3220 exception.address: 0x7fef3c53220 registers.r14: 0 registers.r15: 0 registers.rcx: 65924 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1900144 registers.r11: 1899232 registers.r8: 2671018 registers.r9: 10 registers.rdx: 4290969600 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 65924 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: OptimizationGuideEntityAnnotatorRunAnnotateJob+0x83f OptimizationGuideEntityAnnotatorOptionsSetModelFilePath-0xb1 salut+0x316f @ 0x7fef3c5316f rundll32+0x1310 @ 0xffc31310 exception.instruction_r: e4 78 bf 69 fc 75 cb d7 7c b7 f0 2c 7c b7 f0 24 exception.instruction: in al, 0x78 exception.exception_code: 0xc0000096 exception.symbol: OptimizationGuideEntityAnnotatorRunAnnotateJob+0x83f OptimizationGuideEntityAnnotatorOptionsSetModelFilePath-0xb1 salut+0x316f exception.address: 0x7fef3c5316f registers.r14: 4290974480 registers.r15: 0 registers.rcx: 65936 registers.rsi: 3757509888552 registers.r10: 0 registers.rbx: 4290990444 registers.rsp: 2619488 registers.r11: 2618912 registers.r8: 967130 registers.r9: 10 registers.rdx: 4290969600 registers.r12: 8791759209743 registers.rbp: 966896 registers.rdi: 0 registers.rax: 65960 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: OptimizationGuideEntityAnnotatorOptionsSetModelMetadataFilePath+0x80 OptimizationGuideEntityAnnotatorOptionsAddModelSlice-0x80 salut+0x3320 @ 0x7fef3c53320 rundll32+0x2f42 @ 0xffc32f42 rundll32+0x3b7a @ 0xffc33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: cb e4 7c b7 f0 14 7c 05 fd 7c b7 d8 14 7c bf b1 exception.instruction: retf exception.exception_code: 0xc0000005 exception.symbol: OptimizationGuideEntityAnnotatorOptionsSetModelMetadataFilePath+0x80 OptimizationGuideEntityAnnotatorOptionsAddModelSlice-0x80 salut+0x3320 exception.address: 0x7fef3c53320 registers.r14: 0 registers.r15: 0 registers.rcx: 65962 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1768752 registers.r11: 1767840 registers.r8: 2736604 registers.r9: 10 registers.rdx: 4290969600 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 65962 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: OptimizationGuideEntityAnnotatorRunAnnotateJob+0x3 OptimizationGuideEntityAnnotatorOptionsSetModelFilePath-0x8ed salut+0x2933 @ 0x7fef3c52933 0x7fffffdc000 OptimizationGuideEntityAnnotatorGetMaxSupportedFeatureFlag-0x25f8 salut+0x78 @ 0x7fef3c50078 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 exception.instruction_r: c8 73 f8 7b 7f 3b b0 8b 35 34 34 75 b5 c8 6d 19 exception.instruction: enter -0x78d, 0x7b exception.exception_code: 0xc0000005 exception.symbol: OptimizationGuideEntityAnnotatorRunAnnotateJob+0x3 OptimizationGuideEntityAnnotatorOptionsSetModelFilePath-0x8ed salut+0x2933 exception.address: 0x7fef3c52933 registers.r14: 0 registers.r15: 4290981698 registers.rcx: 116854 registers.rsi: 0 registers.r10: 0 registers.rbx: 66166 registers.rsp: 1635880 registers.r11: 1635488 registers.r8: 3719560 registers.r9: 10 registers.rdx: 4290969600 registers.r12: 10 registers.rbp: 3719360 registers.rdi: -1 registers.rax: 3044292151 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: OptimizationGuideEntityAnnotatorRunEntityMetadataJob+0x1f OptimizationGuideEntityAnnotatorEntityMetadataJobDelete-0x161 salut+0x15ae3f @ 0x7fef3daae3f rundll32+0x2f42 @ 0xffc32f42 rundll32+0x3b7a @ 0xffc33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 83 3b 00 75 20 31 f6 48 8b 8c 24 98 01 00 00 exception.instruction: cmp qword ptr [rbx], 0 exception.exception_code: 0xc0000005 exception.symbol: OptimizationGuideEntityAnnotatorRunEntityMetadataJob+0x1f OptimizationGuideEntityAnnotatorEntityMetadataJobDelete-0x161 salut+0x15ae3f exception.address: 0x7fef3daae3f registers.r14: 0 registers.r15: 0 registers.rcx: 66370 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1309552 registers.r11: 1308640 registers.r8: 3457428 registers.r9: 10 registers.rdx: 4290969600 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936898356642 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: RtlDeNormalizeProcessParams+0x5a4 CsrAllocateMessagePointer-0xdc ntdll+0x4e4b4 @ 0x76d7e4b4 RtlDeNormalizeProcessParams+0x4cb CsrAllocateMessagePointer-0x1b5 ntdll+0x4e3db @ 0x76d7e3db OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x11c04d OptimizationGuideEntityAnnotatorGetCreationError-0x3b8f3 salut+0x11f3ed @ 0x7fef3d6f3ed OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x117616 OptimizationGuideEntityAnnotatorGetCreationError-0x4032a salut+0x11a9b6 @ 0x7fef3d6a9b6 OptimizationGuideEntityMetadataGetCollectionAtIndex+0x42fbb salut+0x19e17b @ 0x7fef3dee17b OptimizationGuideEntityMetadataGetCollectionAtIndex+0x43006 salut+0x19e1c6 @ 0x7fef3dee1c6 OptimizationGuideEntityMetadataGetCollectionAtIndex+0x6b salut+0x15b22b @ 0x7fef3dab22b rundll32+0x2f42 @ 0xffc32f42 rundll32+0x3b7a @ 0xffc33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: ff 40 24 ba 22 17 00 00 48 8d 3d cd 8f 0e 00 80 exception.symbol: RtlDeNormalizeProcessParams+0x5a4 CsrAllocateMessagePointer-0xdc ntdll+0x4e4b4 exception.instruction: inc dword ptr [rax + 0x24] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 320692 exception.address: 0x76d7e4b4 registers.r14: 0 registers.r15: 0 registers.rcx: 4294967292 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1113072 registers.r11: 582 registers.r8: 1111784 registers.r9: 4 registers.rdx: 172 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: RtlDeNormalizeProcessParams+0x5a4 CsrAllocateMessagePointer-0xdc ntdll+0x4e4b4 @ 0x76d7e4b4 RtlDeNormalizeProcessParams+0x4cb CsrAllocateMessagePointer-0x1b5 ntdll+0x4e3db @ 0x76d7e3db OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x11c04d OptimizationGuideEntityAnnotatorGetCreationError-0x3b8f3 salut+0x11f3ed @ 0x7fef3d6f3ed OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x117616 OptimizationGuideEntityAnnotatorGetCreationError-0x4032a salut+0x11a9b6 @ 0x7fef3d6a9b6 OptimizationGuideEntityMetadataGetCollectionAtIndex+0x42fbb salut+0x19e17b @ 0x7fef3dee17b OptimizationGuideEntityMetadataGetCollectionAtIndex+0x43006 salut+0x19e1c6 @ 0x7fef3dee1c6 OptimizationGuideEntityMetadataGetHumanReadableAliasAtIndex+0x6b OptimizationGuideEntityMetadataGetCollectionsCount-0x5 salut+0x15b19b @ 0x7fef3dab19b rundll32+0x2f42 @ 0xffc32f42 rundll32+0x3b7a @ 0xffc33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: ff 40 24 ba 22 17 00 00 48 8d 3d cd 8f 0e 00 80 exception.symbol: RtlDeNormalizeProcessParams+0x5a4 CsrAllocateMessagePointer-0xdc ntdll+0x4e4b4 exception.instruction: inc dword ptr [rax + 0x24] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 320692 exception.address: 0x76d7e4b4 registers.r14: 0 registers.r15: 0 registers.rcx: 4294967292 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2029888 registers.r11: 582 registers.r8: 2028600 registers.r9: 4 registers.rdx: 172 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: RtlDeNormalizeProcessParams+0x5a4 CsrAllocateMessagePointer-0xdc ntdll+0x4e4b4 @ 0x76d7e4b4 RtlDeNormalizeProcessParams+0x4cb CsrAllocateMessagePointer-0x1b5 ntdll+0x4e3db @ 0x76d7e3db OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x11c04d OptimizationGuideEntityAnnotatorGetCreationError-0x3b8f3 salut+0x11f3ed @ 0x7fef3d6f3ed OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x117616 OptimizationGuideEntityAnnotatorGetCreationError-0x4032a salut+0x11a9b6 @ 0x7fef3d6a9b6 OptimizationGuideEntityMetadataGetCollectionAtIndex+0x42fbb salut+0x19e17b @ 0x7fef3dee17b OptimizationGuideEntityMetadataGetCollectionAtIndex+0x43006 salut+0x19e1c6 @ 0x7fef3dee1c6 OptimizationGuideEntityMetadataGetHumanReadableCategoryNameAtIndex+0x5f OptimizationGuideEntityMetadataGetHumanReadableCategoryScoreAtIndex-0x1 salut+0x15b0af @ 0x7fef3dab0af rundll32+0x2f42 @ 0xffc32f42 rundll32+0x3b7a @ 0xffc33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: ff 40 24 ba 22 17 00 00 48 8d 3d cd 8f 0e 00 80 exception.symbol: RtlDeNormalizeProcessParams+0x5a4 CsrAllocateMessagePointer-0xdc ntdll+0x4e4b4 exception.instruction: inc dword ptr [rax + 0x24] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 320692 exception.address: 0x76d7e4b4 registers.r14: 0 registers.r15: 0 registers.rcx: 4294967292 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2358560 registers.r11: 582 registers.r8: 2357272 registers.r9: 4 registers.rdx: 172 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1
__exception__ Oct. 20, 2023, 6:07 p.m.	stacktrace: RtlDeNormalizeProcessParams+0x5a4 CsrAllocateMessagePointer-0xdc ntdll+0x4e4b4 @ 0x76d7e4b4 RtlDeNormalizeProcessParams+0x4cb CsrAllocateMessagePointer-0x1b5 ntdll+0x4e3db @ 0x76d7e3db OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x11c04d OptimizationGuideEntityAnnotatorGetCreationError-0x3b8f3 salut+0x11f3ed @ 0x7fef3d6f3ed OptimizationGuideEntityAnnotatorOptionsAddModelSlice+0x117616 OptimizationGuideEntityAnnotatorGetCreationError-0x4032a salut+0x11a9b6 @ 0x7fef3d6a9b6 OptimizationGuideEntityMetadataGetCollectionAtIndex+0x42fbb salut+0x19e17b @ 0x7fef3dee17b OptimizationGuideEntityMetadataGetCollectionAtIndex+0x43006 salut+0x19e1c6 @ 0x7fef3dee1c6 OptimizationGuideEntityMetadataGetHumanReadableCategoryScoreAtIndex+0x56 OptimizationGuideEntityMetadataGetHumanReadableAliasesCount-0xa salut+0x15b106 @ 0x7fef3dab106 rundll32+0x2f42 @ 0xffc32f42 rundll32+0x3b7a @ 0xffc33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: ff 40 24 ba 22 17 00 00 48 8d 3d cd 8f 0e 00 80 exception.symbol: RtlDeNormalizeProcessParams+0x5a4 CsrAllocateMessagePointer-0xdc ntdll+0x4e4b4 exception.instruction: inc dword ptr [rax + 0x24] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 320692 exception.address: 0x76d7e4b4 registers.r14: 0 registers.r15: 0 registers.rcx: 4294967292 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2424544 registers.r11: 582 registers.r8: 2423256 registers.r9: 4 registers.rdx: 172 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (27 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 3012 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 3004 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 1152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 1400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 2436 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 2748 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 2800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 2308 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 2828 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 908 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 1484 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 2260 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 3080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 3336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 3700 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 3924 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 4000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 3360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 3408 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 3872 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 2924 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 3956 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 3356 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 20, 2023, 6:07 p.m.	process_identifier: 3676 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1

File has been identified by 3 AntiVirus engines on VirusTotal as malicious (3 events)

Skyhigh	Artemis!Trojan
Gridinsoft	Trojan.Heur!.00002032
McAfee	Artemis!971DD6C48909

Uses Sysinternals tools in order to add additional command line functionality (1 event)

cmdline

"C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\salut.json.exe.dll,OptimizationGuideEntityAnnotatorOptionsDelete

salut.json.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All