popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

random.exe

RedLine stealer EnigmaProtector Generic Malware UPX Code injection Anti_VM AntiDebug PE File OS Processor Check PE32 AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 1, 2024, 8:36 a.m. Aug. 1, 2024, 8:39 a.m.
Size 3.1MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ad1dde8691f26ca55a64c3a8d1adaa7f
SHA256 d461839fe85a8194cd4d39cbd184c451e371facfee373e2d69859ab706c05947
CRC32 0EA48EFD
ssdeep 98304:O38dlhNBcSw4et7YG71yZRK2LyAM3XFXU8iSY2XSEJ7D9vNnk:0wlmr4aYG7ARjLaVXdzXSS/V
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • EnigmaProtector_IN - EnigmaProtector

Name Response Post-Analysis Lookup
crash-reports.mozilla.com
A 34.49.45.138
CNAME antenna-prod.socorro.prod.webservices.mozgcp.net
34.49.45.138
IP Address Status Action
164.124.101.2 Active Moloch
34.49.45.138 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49202 -> 34.49.45.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49206 -> 34.49.45.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49174 -> 34.49.45.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49201 -> 34.49.45.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49176 -> 34.49.45.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49179 -> 34.49.45.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49216 -> 34.49.45.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49181 -> 34.49.45.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49207 -> 34.49.45.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49220 -> 34.49.45.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49217 -> 34.49.45.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49221 -> 34.49.45.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
file C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll
registry HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0xffbd0e00
0xffbd0cb0

exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: ud2
exception.module: random.exe
exception.exception_code: 0xc000001d
exception.offset: 2233480
exception.address: 0x1431488
registers.esp: 9961156
registers.edi: 28037360
registers.eax: 0
registers.ebp: 9961184
registers.edx: 2
registers.ebx: 3154114852
registers.esi: 20209664
registers.ecx: 61421188
1 0 0

__exception__

 stacktrace: 
0xffbd0e00
0xffbd0cb0

exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: div eax
exception.module: random.exe
exception.exception_code: 0xc0000094
exception.offset: 2233437
exception.address: 0x143145d
registers.esp: 9961156
registers.edi: 9961156
registers.eax: 0
registers.ebp: 9961184
registers.edx: 0
registers.ebx: 21173406
registers.esi: 0
registers.ecx: 9961192
1 0 0

__exception__

 stacktrace: 
0xffbd0e00
0xffbd0cb0

exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: div eax
exception.module: random.exe
exception.exception_code: 0xc0000094
exception.offset: 2233437
exception.address: 0x143145d
registers.esp: 9961156
registers.edi: 9961156
registers.eax: 0
registers.ebp: 9961184
registers.edx: 0
registers.ebx: 21173363
registers.esi: 0
registers.ecx: 9961192
1 0 0

__exception__

 stacktrace: 
0xffbd0e00
0xffbd0cb0

exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: ud2
exception.module: random.exe
exception.exception_code: 0xc000001d
exception.offset: 2233480
exception.address: 0x1431488
registers.esp: 9961156
registers.edi: 9961156
registers.eax: 0
registers.ebp: 9961184
registers.edx: 2
registers.ebx: 21173363
registers.esi: 0
registers.ecx: 9961192
1 0 0

__exception__

 stacktrace: 
0xffbd0e00
0xffbd0cb0

exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: div eax
exception.module: random.exe
exception.exception_code: 0xc0000094
exception.offset: 2233437
exception.address: 0x143145d
registers.esp: 9961156
registers.edi: 9961156
registers.eax: 0
registers.ebp: 9961184
registers.edx: 0
registers.ebx: 21173406
registers.esi: 0
registers.ecx: 9961192
1 0 0

__exception__

 stacktrace: 
0xffbd0e00
0xffbd0cb0

exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: div eax
exception.module: random.exe
exception.exception_code: 0xc0000094
exception.offset: 2233437
exception.address: 0x143145d
registers.esp: 9961156
registers.edi: 9961156
registers.eax: 0
registers.ebp: 9961184
registers.edx: 0
registers.ebx: 21173363
registers.esi: 0
registers.ecx: 9961192
1 0 0

__exception__

 stacktrace: 
0xffbd19a0
0xffbd15e0

exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: div eax
exception.module: random.exe
exception.exception_code: 0xc0000094
exception.offset: 2233437
exception.address: 0x143145d
registers.esp: 9961028
registers.edi: 21433000
registers.eax: 0
registers.ebp: 9961056
registers.edx: 0
registers.ebx: 16015360
registers.esi: 20209664
registers.ecx: 20209664
1 0 0

__exception__

 stacktrace: 
0xffbd1e20
0xffbd15e0

exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: ud2
exception.module: random.exe
exception.exception_code: 0xc000001d
exception.offset: 2233480
exception.address: 0x1431488
registers.esp: 9961028
registers.edi: 21433000
registers.eax: 0
registers.ebp: 9961056
registers.edx: 2
registers.ebx: 16015360
registers.esi: 20209664
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0xffbd1e20
0xffbd15e0

exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: div eax
exception.module: random.exe
exception.exception_code: 0xc0000094
exception.offset: 2233437
exception.address: 0x143145d
registers.esp: 9961028
registers.edi: 9961028
registers.eax: 0
registers.ebp: 9961056
registers.edx: 0
registers.ebx: 21173406
registers.esi: 0
registers.ecx: 9961064
1 0 0

__exception__

 stacktrace: 
0xffbd1f70
0xffbd15e0

exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: div eax
exception.module: random.exe
exception.exception_code: 0xc0000094
exception.offset: 2233437
exception.address: 0x143145d
registers.esp: 9961028
registers.edi: 21433000
registers.eax: 0
registers.ebp: 9961056
registers.edx: 0
registers.ebx: 16015360
registers.esi: 20209664
registers.ecx: 9961048
1 0 0

__exception__

 stacktrace: 
0xffbd1f70
0xffbd15e0

exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: ud2
exception.module: random.exe
exception.exception_code: 0xc000001d
exception.offset: 2233480
exception.address: 0x1431488
registers.esp: 9961028
registers.edi: 9961028
registers.eax: 0
registers.ebp: 9961056
registers.edx: 2
registers.ebx: 21173363
registers.esi: 0
registers.ecx: 9961064
1 0 0

__exception__

 stacktrace: 
0xffbd1f70
0xffbd15e0

exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: div eax
exception.module: random.exe
exception.exception_code: 0xc0000094
exception.offset: 2233437
exception.address: 0x143145d
registers.esp: 9961028
registers.edi: 9961028
registers.eax: 0
registers.ebp: 9961056
registers.edx: 0
registers.ebx: 21173406
registers.esi: 0
registers.ecx: 9961064
1 0 0

__exception__

 stacktrace: 
0xffbd2480
0xffbd15e0

exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: div eax
exception.module: random.exe
exception.exception_code: 0xc0000094
exception.offset: 2233437
exception.address: 0x143145d
registers.esp: 9961028
registers.edi: 21433000
registers.eax: 0
registers.ebp: 9961056
registers.edx: 0
registers.ebx: 0
registers.esi: 20209664
registers.ecx: 2729863008
1 0 0

__exception__

 stacktrace: 
0xffbd26c0
0xffbd15e0

exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: ud2
exception.module: random.exe
exception.exception_code: 0xc000001d
exception.offset: 2233480
exception.address: 0x1431488
registers.esp: 9961028
registers.edi: 21433000
registers.eax: 0
registers.ebp: 9961056
registers.edx: 2
registers.ebx: 0
registers.esi: 20209664
registers.ecx: 3085953032
1 0 0

__exception__

 stacktrace: 
0xffbd26c0
0xffbd15e0

exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: div eax
exception.module: random.exe
exception.exception_code: 0xc0000094
exception.offset: 2233437
exception.address: 0x143145d
registers.esp: 9961028
registers.edi: 9961028
registers.eax: 0
registers.ebp: 9961056
registers.edx: 0
registers.ebx: 21173406
registers.esi: 0
registers.ecx: 9961064
1 0 0

__exception__

 stacktrace: 
0xffbd26c0
0xffbd15e0

exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: ud2
exception.module: random.exe
exception.exception_code: 0xc000001d
exception.offset: 2233480
exception.address: 0x1431488
registers.esp: 9961028
registers.edi: 9961028
registers.eax: 0
registers.ebp: 9961056
registers.edx: 2
registers.ebx: 21173363
registers.esi: 0
registers.ecx: 9961064
1 0 0

__exception__

 stacktrace: 
0xffbd26c0
0xffbd15e0

exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: ud2
exception.module: random.exe
exception.exception_code: 0xc000001d
exception.offset: 2233480
exception.address: 0x1431488
registers.esp: 9961028
registers.edi: 9961028
registers.eax: 0
registers.ebp: 9961056
registers.edx: 2
registers.ebx: 21173406
registers.esi: 0
registers.ecx: 9961064
1 0 0

__exception__

 stacktrace: 
0xffbd26c0
0xffbd15e0

exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb
exception.instruction: ud2
exception.module: random.exe
exception.exception_code: 0xc000001d
exception.offset: 2233480
exception.address: 0x1431488
registers.esp: 9961028
registers.edi: 9961028
registers.eax: 0
registers.ebp: 9961056
registers.edx: 2
registers.ebx: 21173406
registers.esi: 0
registers.ecx: 9961064
1 0 0

__exception__

 stacktrace: 
0xcd1f04
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xcd1f04
registers.r14: 8711656
registers.r15: 8791557576304
registers.rcx: 48
registers.rsi: 8791557507968
registers.r10: 0
registers.rbx: 0
registers.rsp: 8711288
registers.r11: 8714672
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 8796092883536
registers.r12: 14913696
registers.rbp: 8711408
registers.rdi: 276936832
registers.rax: 13442816
registers.r13: 8712248
1 0 0

__exception__

 stacktrace: 
0xcd1f04
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xcd1f04
registers.r14: 9302600
registers.r15: 8791414445680
registers.rcx: 48
registers.rsi: 8791414377344
registers.r10: 0
registers.rbx: 0
registers.rsp: 9302232
registers.r11: 9305616
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 8796092887632
registers.r12: 14918736
registers.rbp: 9302352
registers.rdi: 66167776
registers.rax: 13442816
registers.r13: 9303192
1 0 0

__exception__

 stacktrace: 
0xcd1f04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xcd1f04
registers.r14: 9174048
registers.r15: 9173552
registers.rcx: 48
registers.rsi: 14706240
registers.r10: 0
registers.rbx: 0
registers.rsp: 9172600
registers.r11: 9174800
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 8796092887632
registers.r12: 9173383
registers.rbp: 9172720
registers.rdi: 100
registers.rax: 13442816
registers.r13: 2
1 0 0

__exception__

 stacktrace: 
0xcd1f04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xcd1f04
registers.r14: 9499528
registers.r15: 258184816
registers.rcx: 48
registers.rsi: 258116480
registers.r10: 0
registers.rbx: 0
registers.rsp: 9499160
registers.r11: 9502544
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 8796092883536
registers.r12: 14912464
registers.rbp: 9499280
registers.rdi: 68263968
registers.rax: 13442816
registers.r13: 9500120
1 0 0

__exception__

 stacktrace: 
0xcd1f04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xcd1f04
registers.r14: 8715168
registers.r15: 8714672
registers.rcx: 48
registers.rsi: 14706912
registers.r10: 0
registers.rbx: 0
registers.rsp: 8713720
registers.r11: 8715920
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 8796092883536
registers.r12: 8714503
registers.rbp: 8713840
registers.rdi: 100
registers.rax: 13442816
registers.r13: 2
1 0 0

__exception__

 stacktrace: 
0xcc1f04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xcc1f04
registers.r14: 10484624
registers.r15: 10484128
registers.rcx: 48
registers.rsi: 14705664
registers.r10: 0
registers.rbx: 0
registers.rsp: 10483176
registers.r11: 10485376
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 8796092879440
registers.r12: 10483959
registers.rbp: 10483296
registers.rdi: 100
registers.rax: 13377280
registers.r13: 2
1 0 0

__exception__

 stacktrace: 
0xcd1f04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xcd1f04
registers.r14: 10287728
registers.r15: 10287232
registers.rcx: 48
registers.rsi: 14704896
registers.r10: 0
registers.rbx: 0
registers.rsp: 10286280
registers.r11: 10288480
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 8796092887632
registers.r12: 10287063
registers.rbp: 10286400
registers.rdi: 100
registers.rax: 13442816
registers.r13: 2
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01030000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 32768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01034000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 131072
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0103c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0105c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 196608
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01060000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01090000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 32768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01094000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0109c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010a4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010a8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010ac000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010b0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010b4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010b8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010bc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010c0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010c4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010c8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010cc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010d0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010d4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010d8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010dc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010e0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010e4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010e8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010ec000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010f4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010f8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x010fc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01100000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01104000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01108000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0110c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01110000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01114000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01118000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0111c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01120000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01124000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01128000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0112c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03960000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03964000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03968000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0396c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03970000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 508
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03974000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
description random.exe tried to sleep 312 seconds, actually delayed analysis time by 312 seconds
Application Crash Process firefox.exe with pid 2172 crashed
Application Crash Process firefox.exe with pid 2856 crashed
Application Crash Process firefox.exe with pid 3000 crashed
Application Crash Process firefox.exe with pid 2744 crashed
Application Crash Process firefox.exe with pid 2980 crashed
Application Crash Process firefox.exe with pid 724 crashed
Application Crash Process firefox.exe with pid 916 crashed
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0xcd1f04
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xcd1f04
registers.r14: 8711656
registers.r15: 8791557576304
registers.rcx: 48
registers.rsi: 8791557507968
registers.r10: 0
registers.rbx: 0
registers.rsp: 8711288
registers.r11: 8714672
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 8796092883536
registers.r12: 14913696
registers.rbp: 8711408
registers.rdi: 276936832
registers.rax: 13442816
registers.r13: 8712248
1 0 0

__exception__

 stacktrace: 
0xcd1f04
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xcd1f04
registers.r14: 9302600
registers.r15: 8791414445680
registers.rcx: 48
registers.rsi: 8791414377344
registers.r10: 0
registers.rbx: 0
registers.rsp: 9302232
registers.r11: 9305616
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 8796092887632
registers.r12: 14918736
registers.rbp: 9302352
registers.rdi: 66167776
registers.rax: 13442816
registers.r13: 9303192
1 0 0

__exception__

 stacktrace: 
0xcd1f04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xcd1f04
registers.r14: 9174048
registers.r15: 9173552
registers.rcx: 48
registers.rsi: 14706240
registers.r10: 0
registers.rbx: 0
registers.rsp: 9172600
registers.r11: 9174800
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 8796092887632
registers.r12: 9173383
registers.rbp: 9172720
registers.rdi: 100
registers.rax: 13442816
registers.r13: 2
1 0 0

__exception__

 stacktrace: 
0xcd1f04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xcd1f04
registers.r14: 9499528
registers.r15: 258184816
registers.rcx: 48
registers.rsi: 258116480
registers.r10: 0
registers.rbx: 0
registers.rsp: 9499160
registers.r11: 9502544
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 8796092883536
registers.r12: 14912464
registers.rbp: 9499280
registers.rdi: 68263968
registers.rax: 13442816
registers.r13: 9500120
1 0 0

__exception__

 stacktrace: 
0xcd1f04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xcd1f04
registers.r14: 8715168
registers.r15: 8714672
registers.rcx: 48
registers.rsi: 14706912
registers.r10: 0
registers.rbx: 0
registers.rsp: 8713720
registers.r11: 8715920
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 8796092883536
registers.r12: 8714503
registers.rbp: 8713840
registers.rdi: 100
registers.rax: 13442816
registers.r13: 2
1 0 0

__exception__

 stacktrace: 
0xcc1f04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xcc1f04
registers.r14: 10484624
registers.r15: 10484128
registers.rcx: 48
registers.rsi: 14705664
registers.r10: 0
registers.rbx: 0
registers.rsp: 10483176
registers.r11: 10485376
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 8796092879440
registers.r12: 10483959
registers.rbp: 10483296
registers.rdi: 100
registers.rax: 13377280
registers.r13: 2
1 0 0

__exception__

 stacktrace: 
0xcd1f04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xcd1f04
registers.r14: 10287728
registers.r15: 10287232
registers.rcx: 48
registers.rsi: 14704896
registers.r10: 0
registers.rbx: 0
registers.rsp: 10286280
registers.r11: 10288480
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 8796092887632
registers.r12: 10287063
registers.rbp: 10286400
registers.rdi: 100
registers.rax: 13442816
registers.r13: 2
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x0000021d8e550000
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x00050000', u'virtual_address': u'0x00001000', u'entropy': 7.999323946129605, u'name': u'', u'virtual_size': u'0x0009b000'} entropy 7.99932394613 description A section with a high entropy has been found
section {u'size_of_data': u'0x0000f200', u'virtual_address': u'0x0009c000', u'entropy': 7.991564250865843, u'name': u'', u'virtual_size': u'0x00030000'} entropy 7.99156425087 description A section with a high entropy has been found
section {u'size_of_data': u'0x0004f600', u'virtual_address': u'0x000d4000', u'entropy': 7.999276533464792, u'name': u'', u'virtual_size': u'0x00051000'} entropy 7.99927653346 description A section with a high entropy has been found
section {u'size_of_data': u'0x00006200', u'virtual_address': u'0x00125000', u'entropy': 7.964002571503239, u'name': u'', u'virtual_size': u'0x00008000'} entropy 7.9640025715 description A section with a high entropy has been found
section {u'size_of_data': u'0x00032800', u'virtual_address': u'0x00136000', u'entropy': 7.999018468268303, u'name': u'', u'virtual_size': u'0x0078f000'} entropy 7.99901846827 description A section with a high entropy has been found
section {u'size_of_data': u'0x00229e00', u'virtual_address': u'0x008c5000', u'entropy': 7.978915660034493, u'name': u'.data', u'virtual_size': u'0x0022a000'} entropy 7.97891566003 description A section with a high entropy has been found
entropy 0.988509365654 description Overall entropy of this PE file is high
url https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%SYSTEM_CAPABILITIES%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml
url https://crash-reports.mozilla.com/submit?id=
url https://hg.mozilla.org/releases/mozilla-release/rev/92187d03adde4b31daef292087a266f10121379c
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077711000
process_handle: 0x0000000000000050
1 0 0

NtProtectVirtualMemory

 process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000776e7000
process_handle: 0x0000000000000050
1 0 0

NtProtectVirtualMemory

 process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077711000
process_handle: 0x000000000000004c
1 0 0

NtProtectVirtualMemory

 process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000776e7000
process_handle: 0x000000000000004c
1 0 0

NtProtectVirtualMemory

 process_identifier: 3000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077711000
process_handle: 0x000000000000004c
1 0 0

NtProtectVirtualMemory

 process_identifier: 3000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000776e7000
process_handle: 0x000000000000004c
1 0 0

NtProtectVirtualMemory

 process_identifier: 2744
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077711000
process_handle: 0x000000000000004c
1 0 0

NtProtectVirtualMemory

 process_identifier: 2744
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000776e7000
process_handle: 0x000000000000004c
1 0 0

NtProtectVirtualMemory

 process_identifier: 2980
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077711000
process_handle: 0x000000000000004c
1 0 0

NtProtectVirtualMemory

 process_identifier: 2980
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000776e7000
process_handle: 0x000000000000004c
1 0 0

NtProtectVirtualMemory

 process_identifier: 916
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077711000
process_handle: 0x000000000000004c
1 0 0

NtProtectVirtualMemory

 process_identifier: 916
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000776e7000
process_handle: 0x000000000000004c
1 0 0
Time & API Arguments Status Return Repeated

WriteProcessMemory

 buffer: 
base_address: 0x000000013fcf22b0
process_identifier: 2172
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013fd00d88
process_identifier: 2172
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: I»`#Ì?Aÿã
base_address: 0x0000000077711590
process_identifier: 2172
process_handle: 0x0000000000000050
1 1 0

WriteProcessMemory

 buffer: IC
base_address: 0x000000013fd00d78
process_identifier: 2172
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: I» Ì?Aÿã
base_address: 0x00000000776e7a90
process_identifier: 2172
process_handle: 0x0000000000000050
1 1 0

WriteProcessMemory

 buffer: IC
base_address: 0x000000013fd00d70
process_identifier: 2172
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: ϝT
base_address: 0x000000013fca0108
process_identifier: 2172
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: qw@qw qw@qwqw°qw €nwàTnw 3qwqwÀ´lw`,qwÀ‚owömw Yqw2qwVqw°ww€“nw€Rqw ›nwQqwÂnw ?owP€nw°Tnwàtnwð„owÐ1qw™mwÐOmw`êpwÐæpwÐæpwÐ.qw
base_address: 0x000000013fcfaae8
process_identifier: 2172
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013fd00c78
process_identifier: 2172
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013ff622b0
process_identifier: 2856
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013ff70d88
process_identifier: 2856
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: I»`#ó?Aÿã
base_address: 0x0000000077711590
process_identifier: 2856
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: 5[
base_address: 0x000000013ff70d78
process_identifier: 2856
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: I» ó?Aÿã
base_address: 0x00000000776e7a90
process_identifier: 2856
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: 5[
base_address: 0x000000013ff70d70
process_identifier: 2856
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: ϝT
base_address: 0x000000013ff10108
process_identifier: 2856
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: qw@qw qw@qwqw°qw €nwàTnw 3qwqwÀ´lw`,qwÀ‚owömw Yqw2qwVqw°ww€“nw€Rqw ›nwQqwÂnw ?owP€nw°Tnwàtnwð„owÐ1qw™mwÐOmw`êpwÐæpwÐæpwÐ.qw
base_address: 0x000000013ff6aae8
process_identifier: 2856
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013ff70c78
process_identifier: 2856
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013ff622b0
process_identifier: 3000
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013ff70d88
process_identifier: 3000
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: I»`#ó?Aÿã
base_address: 0x0000000077711590
process_identifier: 3000
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: bD
base_address: 0x000000013ff70d78
process_identifier: 3000
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: I» ó?Aÿã
base_address: 0x00000000776e7a90
process_identifier: 3000
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: bD
base_address: 0x000000013ff70d70
process_identifier: 3000
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: ϝT
base_address: 0x000000013ff10108
process_identifier: 3000
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: qw@qw qw@qwqw°qw €nwàTnw 3qwqwÀ´lw`,qwÀ‚owömw Yqw2qwVqw°ww€“nw€Rqw ›nwQqwÂnw ?owP€nw°Tnwàtnwð„owÐ1qw™mwÐOmw`êpwÐæpwÐæpwÐ.qw
base_address: 0x000000013ff6aae8
process_identifier: 3000
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013ff70c78
process_identifier: 3000
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013fad22b0
process_identifier: 2744
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013fae0d88
process_identifier: 2744
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: I»`#ª?Aÿã
base_address: 0x0000000077711590
process_identifier: 2744
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: :
base_address: 0x000000013fae0d78
process_identifier: 2744
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: I» ª?Aÿã
base_address: 0x00000000776e7a90
process_identifier: 2744
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: :
base_address: 0x000000013fae0d70
process_identifier: 2744
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: ϝT
base_address: 0x000000013fa80108
process_identifier: 2744
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: qw@qw qw@qwqw°qw €nwàTnw 3qwqwÀ´lw`,qwÀ‚owömw Yqw2qwVqw°ww€“nw€Rqw ›nwQqwÂnw ?owP€nw°Tnwàtnwð„owÐ1qw™mwÐOmw`êpwÐæpwÐæpwÐ.qw
base_address: 0x000000013fadaae8
process_identifier: 2744
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013fae0c78
process_identifier: 2744
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013fad22b0
process_identifier: 2980
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013fae0d88
process_identifier: 2980
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: I»`#ª?Aÿã
base_address: 0x0000000077711590
process_identifier: 2980
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: T\
base_address: 0x000000013fae0d78
process_identifier: 2980
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: I» ª?Aÿã
base_address: 0x00000000776e7a90
process_identifier: 2980
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: T\
base_address: 0x000000013fae0d70
process_identifier: 2980
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: ϝT
base_address: 0x000000013fa80108
process_identifier: 2980
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: qw@qw qw@qwqw°qw €nwàTnw 3qwqwÀ´lw`,qwÀ‚owömw Yqw2qwVqw°ww€“nw€Rqw ›nwQqwÂnw ?owP€nw°Tnwàtnwð„owÐ1qw™mwÐOmw`êpwÐæpwÐæpwÐ.qw
base_address: 0x000000013fadaae8
process_identifier: 2980
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013fae0c78
process_identifier: 2980
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013fad22b0
process_identifier: 916
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013fae0d88
process_identifier: 916
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: I»`#ª?Aÿã
base_address: 0x0000000077711590
process_identifier: 916
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: ö
base_address: 0x000000013fae0d78
process_identifier: 916
process_handle: 0x0000000000000048
1 1 0

WriteProcessMemory

 buffer: I» ª?Aÿã
base_address: 0x00000000776e7a90
process_identifier: 916
process_handle: 0x000000000000004c
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob
parent_process firefox.exe martian_process "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
parent_process firefox.exe martian_process "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
parent_process firefox.exe martian_process "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
parent_process firefox.exe martian_process "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\62ae7fa5-b47f-4b15-a880-b5cea6506670.dmp"
parent_process firefox.exe martian_process "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
parent_process firefox.exe martian_process "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\090e42bc-2338-4979-885d-6daf4d077773.dmp"
parent_process firefox.exe martian_process "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\702dd14f-8ee1-4a30-8dd1-ff701564c144.dmp"
parent_process firefox.exe martian_process "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
parent_process firefox.exe martian_process "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
parent_process firefox.exe martian_process "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\a089af0b-392c-4b62-98e4-1f41b5245e4e.dmp"
file C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\parent.lock
file C:\Users\test22\AppData\Local\Temp\firefox\parent.lock
Process injection Process 508 resumed a thread in remote process 2100
Process injection Process 2100 resumed a thread in remote process 2172
Process injection Process 2804 resumed a thread in remote process 2856
Process injection Process 2948 resumed a thread in remote process 3000
Process injection Process 2728 resumed a thread in remote process 2744
Process injection Process 2836 resumed a thread in remote process 2980
Process injection Process 2848 resumed a thread in remote process 916
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x000002dc
suspend_count: 1
process_identifier: 2100
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000044
suspend_count: 1
process_identifier: 2172
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000044
suspend_count: 1
process_identifier: 2856
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000044
suspend_count: 1
process_identifier: 3000
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000044
suspend_count: 1
process_identifier: 2744
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000044
suspend_count: 1
process_identifier: 2980
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000044
suspend_count: 1
process_identifier: 916
1 0 0
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 1
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x000002b8
suspend_count: 1
process_identifier: 508
1 0 0

CreateProcessInternalW

 thread_identifier: 2104
thread_handle: 0x000002dc
process_identifier: 2100
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Program Files\Mozilla Firefox\firefox.exe
track: 1
command_line: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
filepath_r: C:\Program Files\Mozilla Firefox\firefox.exe
stack_pivoted: 0
creation_flags: 67634196 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_SUSPENDED|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000002e4
1 1 0

NtResumeThread

 thread_handle: 0x000002dc
suspend_count: 1
process_identifier: 2100
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

NtResumeThread

 thread_handle: 0x00000158
suspend_count: 0
process_identifier: 508
1 0 0

CreateProcessInternalW

 thread_identifier: 2176
thread_handle: 0x0000000000000044
process_identifier: 2172
current_directory:
filepath: C:\Program Files\Mozilla Firefox\firefox.exe
track: 1
command_line: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
filepath_r: C:\Program Files\Mozilla Firefox\firefox.exe
stack_pivoted: 0
creation_flags: 1028 (CREATE_SUSPENDED|CREATE_UNICODE_ENVIRONMENT)
inherit_handles: 0
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013fcf22b0
process_identifier: 2172
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013fd00d88
process_identifier: 2172
process_handle: 0x000000000000004c
1 1 0

NtMapViewOfSection

 section_handle: 0x0000000000000060
process_identifier: 2172
commit_size: 0
win32_protect: 32 (PAGE_EXECUTE_READ)
buffer:
base_address: 0x0000000043490000
allocation_type: 0 ()
section_offset: 0
view_size: 65536
process_handle: 0x0000000000000050
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x0000000043490000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0x0000000000000050
1 0 0

WriteProcessMemory

 buffer: I»`#Ì?Aÿã
base_address: 0x0000000077711590
process_identifier: 2172
process_handle: 0x0000000000000050
1 1 0

WriteProcessMemory

 buffer: IC
base_address: 0x000000013fd00d78
process_identifier: 2172
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: I» Ì?Aÿã
base_address: 0x00000000776e7a90
process_identifier: 2172
process_handle: 0x0000000000000050
1 1 0

WriteProcessMemory

 buffer: IC
base_address: 0x000000013fd00d70
process_identifier: 2172
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: ϝT
base_address: 0x000000013fca0108
process_identifier: 2172
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: qw@qw qw@qwqw°qw €nwàTnw 3qwqwÀ´lw`,qwÀ‚owömw Yqw2qwVqw°ww€“nw€Rqw ›nwQqwÂnw ?owP€nw°Tnwàtnwð„owÐ1qw™mwÐOmw`êpwÐæpwÐæpwÐ.qw
base_address: 0x000000013fcfaae8
process_identifier: 2172
process_handle: 0x000000000000004c
1 1 0

WriteProcessMemory

 buffer: 
base_address: 0x000000013fd00c78
process_identifier: 2172
process_handle: 0x000000000000004c
1 1 0