Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 19, 2024, 9:33 a.m.	Sept. 19, 2024, 9:36 a.m.

Size	897.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a71fec0e25fa74c137793c874ee77c4e`
SHA256	`1faf2c1d4f0cf67effbe2d266cbc33272592e13dfd1e210529720964b80ed44e`
CRC32	`93EC0148`
ssdeep	`12288:SqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga2Th:SqDEvCTbMWu7rQYlBQcBiT6rprG8aOh`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
2552
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2604
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2672
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\qxo5wa6x.default-release\minidumps\9d3782a6-dfb8-4d1b-8d8c-cdd16ab8de53.dmp"
      1852
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\qxo5wa6x.default-release\minidumps\9d3782a6-dfb8-4d1b-8d8c-cdd16ab8de53.dmp"
        1016
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2784
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2828
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\5324d4c0-9a61-403c-8aeb-8b5a04ce77f9.dmp"
      2492
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\5324d4c0-9a61-403c-8aeb-8b5a04ce77f9.dmp"
        2620
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2960
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3028
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\9742e6c3-313e-45e6-9e5d-4729ad02937f.dmp"
      1356
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\9742e6c3-313e-45e6-9e5d-4729ad02937f.dmp"
        1848
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2076
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2100
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\ac7cc75a-b323-4a3a-83e8-1f7d0190adff.dmp"
      3048
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\ac7cc75a-b323-4a3a-83e8-1f7d0190adff.dmp"
        2920
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2260
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2312
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\36c3cd13-0081-4a7b-839d-fa733a787241.dmp"
      3120
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\36c3cd13-0081-4a7b-839d-fa733a787241.dmp"
        3288
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2664
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2856
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\46776ffe-44cd-4863-947a-6d4d1d811e84.dmp"
      3096
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\46776ffe-44cd-4863-947a-6d4d1d811e84.dmp"
        3240
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3012
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    1560
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\qxo5wa6x.default-release\minidumps\9b8da185-fef8-4e6e-9f45-9fb4a2240b86.dmp"
      3880
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\qxo5wa6x.default-release\minidumps\9b8da185-fef8-4e6e-9f45-9fb4a2240b86.dmp"
        3156
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2280
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2496
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\20301dc3-ddec-48f5-a7bc-4b1e77a61962.dmp"
      3996
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\20301dc3-ddec-48f5-a7bc-4b1e77a61962.dmp"
        908
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  504
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    1512
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\8643caea-dae7-49f7-9a01-c90e0126d009.dmp"
      3516
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\8643caea-dae7-49f7-9a01-c90e0126d009.dmp"
        3816
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  1964
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3016
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\da7b9f8e-81bb-43f5-b5bf-b6f6680b5972.dmp"
      884
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\da7b9f8e-81bb-43f5-b5bf-b6f6680b5972.dmp"
        2036
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2976
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2164
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\3807ae41-6835-4096-9a23-ddf0e45da916.dmp"
      676
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\3807ae41-6835-4096-9a23-ddf0e45da916.dmp"
        4128
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  1632
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    1808
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\2c32f1a5-6a9a-45dc-859d-6dd4807484c3.dmp"
      1784
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\2c32f1a5-6a9a-45dc-859d-6dd4807484c3.dmp"
        4236
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  1544
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    1092
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3280
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3464
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3528
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3680
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3752
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3804
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3928
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    4004
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3172
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3412
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3768
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3976
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3924
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3420
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2276
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  1656
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3456
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3284
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  4144
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  4396

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (50 out of 165 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 18, 2024, 9 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:53 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0
IsDebuggerPresent Sept. 18, 2024, 8:54 a.m.			0	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Tries to locate where the browsers are installed (1 event)

file	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 18, 2024, 8:54 a.m.		1	1	0

One or more processes crashed (23 events)

Time & API	Arguments	Status
__exception__ Sept. 18, 2024, 8:53 a.m.	stacktrace: 0xcd1f04 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9695640 registers.r15: 8791560984176 registers.rcx: 48 registers.rsi: 8791560915840 registers.r10: 0 registers.rbx: 0 registers.rsp: 9695272 registers.r11: 9698656 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 14911760 registers.rbp: 9695392 registers.rdi: 253869600 registers.rax: 13442816 registers.r13: 9696232	1
__exception__ Sept. 18, 2024, 8:53 a.m.	stacktrace: 0xb91f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb91f04 registers.r14: 10549440 registers.r15: 10548944 registers.rcx: 48 registers.rsi: 14706240 registers.r10: 0 registers.rbx: 0 registers.rsp: 10547992 registers.r11: 10550192 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10548775 registers.rbp: 10548112 registers.rdi: 100 registers.rax: 12132096 registers.r13: 3	1
__exception__ Sept. 18, 2024, 8:54 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9042784 registers.r15: 9042288 registers.rcx: 48 registers.rsi: 14704896 registers.r10: 0 registers.rbx: 0 registers.rsp: 9041336 registers.r11: 9043536 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9042119 registers.rbp: 9041456 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 18, 2024, 8:54 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9304832 registers.r15: 9304336 registers.rcx: 48 registers.rsi: 14706528 registers.r10: 0 registers.rbx: 0 registers.rsp: 9303384 registers.r11: 9305584 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9304167 registers.rbp: 9303504 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 18, 2024, 8:54 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10549616 registers.r15: 10549120 registers.rcx: 48 registers.rsi: 14706144 registers.r10: 0 registers.rbx: 0 registers.rsp: 10548168 registers.r11: 10550368 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10548951 registers.rbp: 10548288 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 18, 2024, 8:54 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9107168 registers.r15: 9106672 registers.rcx: 48 registers.rsi: 14707008 registers.r10: 0 registers.rbx: 0 registers.rsp: 9105720 registers.r11: 9107920 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9106503 registers.rbp: 9105840 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 18, 2024, 8:54 a.m.	stacktrace: 0xa81f04 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa81f04 registers.r14: 10284280 registers.r15: 8791560984176 registers.rcx: 48 registers.rsi: 8791560915840 registers.r10: 0 registers.rbx: 0 registers.rsp: 10283912 registers.r11: 10287296 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 15962752 registers.rbp: 10284032 registers.rdi: 76652576 registers.rax: 11017984 registers.r13: 10284872	1
__exception__ Sept. 18, 2024, 8:54 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8582384 registers.r15: 8581888 registers.rcx: 48 registers.rsi: 14706432 registers.r10: 0 registers.rbx: 0 registers.rsp: 8580936 registers.r11: 8583136 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 8581719 registers.rbp: 8581056 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 18, 2024, 8:54 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9369152 registers.r15: 9368656 registers.rcx: 48 registers.rsi: 14705856 registers.r10: 0 registers.rbx: 0 registers.rsp: 9367704 registers.r11: 9369904 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9368487 registers.rbp: 9367824 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 18, 2024, 8:54 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9631248 registers.r15: 9630752 registers.rcx: 48 registers.rsi: 14706624 registers.r10: 0 registers.rbx: 0 registers.rsp: 9629800 registers.r11: 9632000 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9630583 registers.rbp: 9629920 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 18, 2024, 8:55 a.m.	stacktrace: 0xa91f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa91f04 registers.r14: 10024112 registers.r15: 10023616 registers.rcx: 48 registers.rsi: 15755104 registers.r10: 0 registers.rbx: 0 registers.rsp: 10022664 registers.r11: 10024864 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10023447 registers.rbp: 10022784 registers.rdi: 100 registers.rax: 11083520 registers.r13: 3	1
__exception__ Sept. 18, 2024, 9:02 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8780608 registers.r15: 8780112 registers.rcx: 48 registers.rsi: 14706912 registers.r10: 0 registers.rbx: 0 registers.rsp: 8779160 registers.r11: 8781360 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 8779943 registers.rbp: 8779280 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 18, 2024, 9:02 a.m.	stacktrace: 0xac1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xac1f04 registers.r14: 9632176 registers.r15: 9631680 registers.rcx: 48 registers.rsi: 14707680 registers.r10: 0 registers.rbx: 0 registers.rsp: 9630728 registers.r11: 9632928 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9631511 registers.rbp: 9630848 registers.rdi: 100 registers.rax: 11280128 registers.r13: 3	1
__exception__ Sept. 18, 2024, 9:02 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8977328 registers.r15: 8976832 registers.rcx: 48 registers.rsi: 14707296 registers.r10: 0 registers.rbx: 0 registers.rsp: 8975880 registers.r11: 8978080 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 8976663 registers.rbp: 8976000 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 18, 2024, 9:02 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9697920 registers.r15: 9697424 registers.rcx: 48 registers.rsi: 14705184 registers.r10: 0 registers.rbx: 0 registers.rsp: 9696472 registers.r11: 9698672 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9697255 registers.rbp: 9696592 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 18, 2024, 9:02 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9829104 registers.r15: 9828608 registers.rcx: 48 registers.rsi: 14707584 registers.r10: 0 registers.rbx: 0 registers.rsp: 9827656 registers.r11: 9829856 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9828439 registers.rbp: 9827776 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 18, 2024, 9:02 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9042704 registers.r15: 9042208 registers.rcx: 48 registers.rsi: 14707584 registers.r10: 0 registers.rbx: 0 registers.rsp: 9041256 registers.r11: 9043456 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9042039 registers.rbp: 9041376 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 18, 2024, 9:02 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9107616 registers.r15: 9107120 registers.rcx: 48 registers.rsi: 14705472 registers.r10: 0 registers.rbx: 0 registers.rsp: 9106168 registers.r11: 9108368 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9106951 registers.rbp: 9106288 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 18, 2024, 9:03 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9632032 registers.r15: 9631536 registers.rcx: 48 registers.rsi: 14705952 registers.r10: 0 registers.rbx: 0 registers.rsp: 9630584 registers.r11: 9632784 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9631367 registers.rbp: 9630704 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 18, 2024, 9:03 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9893056 registers.r15: 9892560 registers.rcx: 48 registers.rsi: 14705952 registers.r10: 0 registers.rbx: 0 registers.rsp: 9891608 registers.r11: 9893808 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9892391 registers.rbp: 9891728 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 18, 2024, 9:03 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9763200 registers.r15: 9762704 registers.rcx: 48 registers.rsi: 14705472 registers.r10: 0 registers.rbx: 0 registers.rsp: 9761752 registers.r11: 9763952 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9762535 registers.rbp: 9761872 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 18, 2024, 9:03 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10351904 registers.r15: 10351408 registers.rcx: 48 registers.rsi: 14705472 registers.r10: 0 registers.rbx: 0 registers.rsp: 10350456 registers.r11: 10352656 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 10351239 registers.rbp: 10350576 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 18, 2024, 9:03 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9369712 registers.r15: 9369216 registers.rcx: 48 registers.rsi: 14705952 registers.r10: 0 registers.rbx: 0 registers.rsp: 9368264 registers.r11: 9370464 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9369047 registers.rbp: 9368384 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Starts servers listening (3 events)

Time & API	Arguments	Status	Return
bind Sept. 18, 2024, 9:03 a.m.	ip_address: 127.0.0.1 socket: 940 port: 0	1	0
listen Sept. 18, 2024, 9:03 a.m.	socket: 940 backlog: 5	1	0
accept Sept. 18, 2024, 9:03 a.m.	ip_address: 127.0.0.1 socket: 940 port: 49263	1	944

Allocates read-write-execute memory (usually to unpack itself) (50 out of 162 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 18, 2024, 9 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x734c2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c5b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c26000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000028e0000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007398d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2828 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000b50000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2828 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c5b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2828 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000b50000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2828 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c26000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2828 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000028a0000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2828 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007398d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 3028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 3028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c5b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 3028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 3028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c26000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 3028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003060000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 3028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007398d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2100 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2100 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c5b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2100 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2100 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c26000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2100 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000028a0000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2100 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007398d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2312 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000a80000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2312 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c5b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2312 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000a80000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2312 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c26000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2312 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000028e0000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2312 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007398d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2856 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000a50000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2856 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c5b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2856 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000a50000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2856 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c26000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2856 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003390000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2856 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007398d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 1560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000a40000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 1560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c5b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 1560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000a40000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 1560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c26000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 1560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002860000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 1560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007398d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2496 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2496 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c5b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2496 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2496 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c26000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2496 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000033b0000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2496 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007398d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 1512 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1

An application raised an exception which may be indicative of an exploit crash (46 events)

Time & API	Arguments	Status	Return	Repeated
Application Crash	Process firefox.exe with pid 2672 crashed
Application Crash	Process firefox.exe with pid 2828 crashed
Application Crash	Process firefox.exe with pid 3028 crashed
Application Crash	Process firefox.exe with pid 2100 crashed
Application Crash	Process firefox.exe with pid 2312 crashed
Application Crash	Process firefox.exe with pid 2856 crashed
Application Crash	Process firefox.exe with pid 1560 crashed
Application Crash	Process firefox.exe with pid 2496 crashed
Application Crash	Process firefox.exe with pid 1512 crashed
Application Crash	Process firefox.exe with pid 3016 crashed
Application Crash	Process firefox.exe with pid 2164 crashed
Application Crash	Process firefox.exe with pid 1808 crashed
Application Crash	Process firefox.exe with pid 1092 crashed
Application Crash	Process firefox.exe with pid 3464 crashed
Application Crash	Process firefox.exe with pid 3528 crashed
Application Crash	Process firefox.exe with pid 3804 crashed
Application Crash	Process firefox.exe with pid 3752 crashed
Application Crash	Process firefox.exe with pid 3172 crashed
Application Crash	Process firefox.exe with pid 3976 crashed
Application Crash	Process firefox.exe with pid 3768 crashed
Application Crash	Process firefox.exe with pid 2276 crashed
Application Crash	Process firefox.exe with pid 3420 crashed
Application Crash	Process firefox.exe with pid 3284 crashed
__exception__ Sept. 18, 2024, 8:53 a.m.	stacktrace: 0xcd1f04 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9695640 registers.r15: 8791560984176 registers.rcx: 48 registers.rsi: 8791560915840 registers.r10: 0 registers.rbx: 0 registers.rsp: 9695272 registers.r11: 9698656 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 14911760 registers.rbp: 9695392 registers.rdi: 253869600 registers.rax: 13442816 registers.r13: 9696232	1	0	0
__exception__ Sept. 18, 2024, 8:53 a.m.	stacktrace: 0xb91f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb91f04 registers.r14: 10549440 registers.r15: 10548944 registers.rcx: 48 registers.rsi: 14706240 registers.r10: 0 registers.rbx: 0 registers.rsp: 10547992 registers.r11: 10550192 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10548775 registers.rbp: 10548112 registers.rdi: 100 registers.rax: 12132096 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 8:54 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9042784 registers.r15: 9042288 registers.rcx: 48 registers.rsi: 14704896 registers.r10: 0 registers.rbx: 0 registers.rsp: 9041336 registers.r11: 9043536 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9042119 registers.rbp: 9041456 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 8:54 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9304832 registers.r15: 9304336 registers.rcx: 48 registers.rsi: 14706528 registers.r10: 0 registers.rbx: 0 registers.rsp: 9303384 registers.r11: 9305584 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9304167 registers.rbp: 9303504 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 8:54 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10549616 registers.r15: 10549120 registers.rcx: 48 registers.rsi: 14706144 registers.r10: 0 registers.rbx: 0 registers.rsp: 10548168 registers.r11: 10550368 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10548951 registers.rbp: 10548288 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 8:54 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9107168 registers.r15: 9106672 registers.rcx: 48 registers.rsi: 14707008 registers.r10: 0 registers.rbx: 0 registers.rsp: 9105720 registers.r11: 9107920 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9106503 registers.rbp: 9105840 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 8:54 a.m.	stacktrace: 0xa81f04 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa81f04 registers.r14: 10284280 registers.r15: 8791560984176 registers.rcx: 48 registers.rsi: 8791560915840 registers.r10: 0 registers.rbx: 0 registers.rsp: 10283912 registers.r11: 10287296 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 15962752 registers.rbp: 10284032 registers.rdi: 76652576 registers.rax: 11017984 registers.r13: 10284872	1	0	0
__exception__ Sept. 18, 2024, 8:54 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8582384 registers.r15: 8581888 registers.rcx: 48 registers.rsi: 14706432 registers.r10: 0 registers.rbx: 0 registers.rsp: 8580936 registers.r11: 8583136 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 8581719 registers.rbp: 8581056 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 8:54 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9369152 registers.r15: 9368656 registers.rcx: 48 registers.rsi: 14705856 registers.r10: 0 registers.rbx: 0 registers.rsp: 9367704 registers.r11: 9369904 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9368487 registers.rbp: 9367824 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 8:54 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9631248 registers.r15: 9630752 registers.rcx: 48 registers.rsi: 14706624 registers.r10: 0 registers.rbx: 0 registers.rsp: 9629800 registers.r11: 9632000 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9630583 registers.rbp: 9629920 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 8:55 a.m.	stacktrace: 0xa91f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa91f04 registers.r14: 10024112 registers.r15: 10023616 registers.rcx: 48 registers.rsi: 15755104 registers.r10: 0 registers.rbx: 0 registers.rsp: 10022664 registers.r11: 10024864 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10023447 registers.rbp: 10022784 registers.rdi: 100 registers.rax: 11083520 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 9:02 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8780608 registers.r15: 8780112 registers.rcx: 48 registers.rsi: 14706912 registers.r10: 0 registers.rbx: 0 registers.rsp: 8779160 registers.r11: 8781360 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 8779943 registers.rbp: 8779280 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 9:02 a.m.	stacktrace: 0xac1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xac1f04 registers.r14: 9632176 registers.r15: 9631680 registers.rcx: 48 registers.rsi: 14707680 registers.r10: 0 registers.rbx: 0 registers.rsp: 9630728 registers.r11: 9632928 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9631511 registers.rbp: 9630848 registers.rdi: 100 registers.rax: 11280128 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 9:02 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8977328 registers.r15: 8976832 registers.rcx: 48 registers.rsi: 14707296 registers.r10: 0 registers.rbx: 0 registers.rsp: 8975880 registers.r11: 8978080 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 8976663 registers.rbp: 8976000 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 9:02 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9697920 registers.r15: 9697424 registers.rcx: 48 registers.rsi: 14705184 registers.r10: 0 registers.rbx: 0 registers.rsp: 9696472 registers.r11: 9698672 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9697255 registers.rbp: 9696592 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 9:02 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9829104 registers.r15: 9828608 registers.rcx: 48 registers.rsi: 14707584 registers.r10: 0 registers.rbx: 0 registers.rsp: 9827656 registers.r11: 9829856 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9828439 registers.rbp: 9827776 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 9:02 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9042704 registers.r15: 9042208 registers.rcx: 48 registers.rsi: 14707584 registers.r10: 0 registers.rbx: 0 registers.rsp: 9041256 registers.r11: 9043456 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9042039 registers.rbp: 9041376 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 9:02 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9107616 registers.r15: 9107120 registers.rcx: 48 registers.rsi: 14705472 registers.r10: 0 registers.rbx: 0 registers.rsp: 9106168 registers.r11: 9108368 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9106951 registers.rbp: 9106288 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 9:03 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9632032 registers.r15: 9631536 registers.rcx: 48 registers.rsi: 14705952 registers.r10: 0 registers.rbx: 0 registers.rsp: 9630584 registers.r11: 9632784 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9631367 registers.rbp: 9630704 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 9:03 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9893056 registers.r15: 9892560 registers.rcx: 48 registers.rsi: 14705952 registers.r10: 0 registers.rbx: 0 registers.rsp: 9891608 registers.r11: 9893808 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9892391 registers.rbp: 9891728 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 9:03 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9763200 registers.r15: 9762704 registers.rcx: 48 registers.rsi: 14705472 registers.r10: 0 registers.rbx: 0 registers.rsp: 9761752 registers.r11: 9763952 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9762535 registers.rbp: 9761872 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 9:03 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10351904 registers.r15: 10351408 registers.rcx: 48 registers.rsi: 14705472 registers.r10: 0 registers.rbx: 0 registers.rsp: 10350456 registers.r11: 10352656 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 10351239 registers.rbp: 10350576 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 18, 2024, 9:03 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9369712 registers.r15: 9369216 registers.rcx: 48 registers.rsi: 14705952 registers.r10: 0 registers.rbx: 0 registers.rsp: 9368264 registers.r11: 9370464 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9369047 registers.rbp: 9368384 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x00000233bb2b0000 process_handle: 0xffffffffffffffff	1	0	0

Potentially malicious URLs were found in the process memory dump (3 events)

url	https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%SYSTEM_CAPABILITIES%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml
url	https://crash-reports.mozilla.com/submit?id=
url	https://hg.mozilla.org/releases/mozilla-release/rev/92187d03adde4b31daef292087a266f10121379c

Yara rule detected in process memory (50 out of 171 events)

description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active

Allocates execute permission to another process indicative of possible code injection (40 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2828 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2828 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 3028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 3028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2100 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2100 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2312 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2312 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2856 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2856 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 1560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 1560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2496 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2496 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 1512 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 1512 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 3016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 3016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2164 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 2164 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 1808 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 8:54 a.m.	process_identifier: 1808 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 9:02 a.m.	process_identifier: 1092 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 9:02 a.m.	process_identifier: 1092 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 9:02 a.m.	process_identifier: 3464 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 9:02 a.m.	process_identifier: 3464 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 9:02 a.m.	process_identifier: 3752 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 9:02 a.m.	process_identifier: 3752 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 9:02 a.m.	process_identifier: 4004 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 9:02 a.m.	process_identifier: 4004 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 3768 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 3768 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 3420 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 3420 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 3456 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 3456 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 4332 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 4332 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1

Manipulates memory of a non-child process indicative of process injection (13 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 4144 manipulating memory of non-child process 4332
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 4332 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 4 (PAGE_READWRITE) base_address: 0x000000013f312000 process_handle: 0x000000000000004c	1	0	0
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 4332 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 2 (PAGE_READONLY) base_address: 0x000000013f312000 process_handle: 0x000000000000004c	1	0	0
NtMapViewOfSection Sept. 18, 2024, 9:03 a.m.	section_handle: 0x0000000000000060 process_identifier: 4332 commit_size: 0 win32_protect: 32 (PAGE_EXECUTE_READ) buffer: base_address: 0x0000000055b90000 allocation_type: 0 () section_offset: 0 view_size: 65536 process_handle: 0x0000000000000050	1	0	0
NtAllocateVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 4332 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x0000000055b90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0x0000000000000050	1	0	0
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 4332 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1	0	0
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 4332 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1	0	0
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 4332 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1	0	0
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 4332 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1	0	0
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 4332 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 4 (PAGE_READWRITE) base_address: 0x000000013f2c0000 process_handle: 0x000000000000004c	1	0	0
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 4332 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 2 (PAGE_READONLY) base_address: 0x000000013f2c0000 process_handle: 0x000000000000004c	1	0	0
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 4332 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 4 (PAGE_READWRITE) base_address: 0x000000013f31a000 process_handle: 0x000000000000004c	1	0	0
NtProtectVirtualMemory Sept. 18, 2024, 9:03 a.m.	process_identifier: 4332 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 2 (PAGE_READONLY) base_address: 0x000000013f31a000 process_handle: 0x000000000000004c	1	0	0

Potential code injection by writing to the memory of another process (50 out of 181 events)

Time & API	Arguments	Status	Return
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: base_address: 0x000000013f3122b0 process_identifier: 2672 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: base_address: 0x000000013f320d88 process_identifier: 2672 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: I»`#.?Aÿã base_address: 0x0000000076d81590 process_identifier: 2672 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: ïM base_address: 0x000000013f320d78 process_identifier: 2672 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: I» .?Aÿã base_address: 0x0000000076d57a90 process_identifier: 2672 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: ïM base_address: 0x000000013f320d70 process_identifier: 2672 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: ÏT base_address: 0x000000013f2c0108 process_identifier: 2672 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: Øv@Øv Øv@ØvØv°Øv ÕvàTÕv 3ØvØvÀ´Óv`,ØvÀÖvöÔv YØv2ØvVØv°ÞvÕvRØv ÕvQØvÂÕv ?ÖvPÕv°TÕvàtÕvðÖvÐ1ØvÔvÐOÔv`ê×vÐæ×vÐæ×vÐ.Øv base_address: 0x000000013f31aae8 process_identifier: 2672 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: base_address: 0x000000013f320c78 process_identifier: 2672 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: base_address: 0x000000013f3122b0 process_identifier: 2828 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: base_address: 0x000000013f320d88 process_identifier: 2828 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: I»`#.?Aÿã base_address: 0x0000000076d81590 process_identifier: 2828 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: è1 base_address: 0x000000013f320d78 process_identifier: 2828 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: I» .?Aÿã base_address: 0x0000000076d57a90 process_identifier: 2828 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: è1 base_address: 0x000000013f320d70 process_identifier: 2828 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: ÏT base_address: 0x000000013f2c0108 process_identifier: 2828 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: Øv@Øv Øv@ØvØv°Øv ÕvàTÕv 3ØvØvÀ´Óv`,ØvÀÖvöÔv YØv2ØvVØv°ÞvÕvRØv ÕvQØvÂÕv ?ÖvPÕv°TÕvàtÕvðÖvÐ1ØvÔvÐOÔv`ê×vÐæ×vÐæ×vÐ.Øv base_address: 0x000000013f31aae8 process_identifier: 2828 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: base_address: 0x000000013f320c78 process_identifier: 2828 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: base_address: 0x000000013f3122b0 process_identifier: 3028 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: base_address: 0x000000013f320d88 process_identifier: 3028 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: I»`#.?Aÿã base_address: 0x0000000076d81590 process_identifier: 3028 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: !~ base_address: 0x000000013f320d78 process_identifier: 3028 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: I» .?Aÿã base_address: 0x0000000076d57a90 process_identifier: 3028 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: !~ base_address: 0x000000013f320d70 process_identifier: 3028 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: ÏT base_address: 0x000000013f2c0108 process_identifier: 3028 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: Øv@Øv Øv@ØvØv°Øv ÕvàTÕv 3ØvØvÀ´Óv`,ØvÀÖvöÔv YØv2ØvVØv°ÞvÕvRØv ÕvQØvÂÕv ?ÖvPÕv°TÕvàtÕvðÖvÐ1ØvÔvÐOÔv`ê×vÐæ×vÐæ×vÐ.Øv base_address: 0x000000013f31aae8 process_identifier: 3028 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: base_address: 0x000000013f320c78 process_identifier: 3028 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: base_address: 0x000000013f3122b0 process_identifier: 2100 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: base_address: 0x000000013f320d88 process_identifier: 2100 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: I»`#.?Aÿã base_address: 0x0000000076d81590 process_identifier: 2100 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: ¦< base_address: 0x000000013f320d78 process_identifier: 2100 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: I» .?Aÿã base_address: 0x0000000076d57a90 process_identifier: 2100 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: ¦< base_address: 0x000000013f320d70 process_identifier: 2100 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: ÏT base_address: 0x000000013f2c0108 process_identifier: 2100 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: Øv@Øv Øv@ØvØv°Øv ÕvàTÕv 3ØvØvÀ´Óv`,ØvÀÖvöÔv YØv2ØvVØv°ÞvÕvRØv ÕvQØvÂÕv ?ÖvPÕv°TÕvàtÕvðÖvÐ1ØvÔvÐOÔv`ê×vÐæ×vÐæ×vÐ.Øv base_address: 0x000000013f31aae8 process_identifier: 2100 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: base_address: 0x000000013f320c78 process_identifier: 2100 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: base_address: 0x000000013f3122b0 process_identifier: 2312 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: base_address: 0x000000013f320d88 process_identifier: 2312 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: I»`#.?Aÿã base_address: 0x0000000076d81590 process_identifier: 2312 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: l base_address: 0x000000013f320d78 process_identifier: 2312 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: I» .?Aÿã base_address: 0x0000000076d57a90 process_identifier: 2312 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: l base_address: 0x000000013f320d70 process_identifier: 2312 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: ÏT base_address: 0x000000013f2c0108 process_identifier: 2312 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: Øv@Øv Øv@ØvØv°Øv ÕvàTÕv 3ØvØvÀ´Óv`,ØvÀÖvöÔv YØv2ØvVØv°ÞvÕvRØv ÕvQØvÂÕv ?ÖvPÕv°TÕvàtÕvðÖvÐ1ØvÔvÐOÔv`ê×vÐæ×vÐæ×vÐ.Øv base_address: 0x000000013f31aae8 process_identifier: 2312 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: base_address: 0x000000013f320c78 process_identifier: 2312 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: base_address: 0x000000013f3122b0 process_identifier: 2856 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: base_address: 0x000000013f320d88 process_identifier: 2856 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: I»`#.?Aÿã base_address: 0x0000000076d81590 process_identifier: 2856 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: }[ base_address: 0x000000013f320d78 process_identifier: 2856 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:54 a.m.	buffer: I» .?Aÿã base_address: 0x0000000076d57a90 process_identifier: 2856 process_handle: 0x0000000000000050	1	1

One or more non-whitelisted processes were created (32 events)

parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\5324d4c0-9a61-403c-8aeb-8b5a04ce77f9.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\46776ffe-44cd-4863-947a-6d4d1d811e84.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\2c32f1a5-6a9a-45dc-859d-6dd4807484c3.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\qxo5wa6x.default-release\minidumps\9b8da185-fef8-4e6e-9f45-9fb4a2240b86.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\da7b9f8e-81bb-43f5-b5bf-b6f6680b5972.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\8643caea-dae7-49f7-9a01-c90e0126d009.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\9742e6c3-313e-45e6-9e5d-4729ad02937f.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\ac7cc75a-b323-4a3a-83e8-1f7d0190adff.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\36c3cd13-0081-4a7b-839d-fa733a787241.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\20301dc3-ddec-48f5-a7bc-4b1e77a61962.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\3807ae41-6835-4096-9a23-ddf0e45da916.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\qxo5wa6x.default-release\minidumps\9d3782a6-dfb8-4d1b-8d8c-cdd16ab8de53.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account

Appends a known multi-family ransomware file extension to files that have been encrypted (2 events)

file	C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\qxo5wa6x.default-release\parent.lock
file	C:\Users\test22\AppData\Local\Temp\firefox\parent.lock

Resumed a suspended thread in a remote process potentially indicative of process injection (38 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2604 resumed a thread in remote process 2672
Process injection	Process 2784 resumed a thread in remote process 2828
Process injection	Process 2960 resumed a thread in remote process 3028
Process injection	Process 2076 resumed a thread in remote process 2100
Process injection	Process 2260 resumed a thread in remote process 2312
Process injection	Process 2664 resumed a thread in remote process 2856
Process injection	Process 3012 resumed a thread in remote process 1560
Process injection	Process 2280 resumed a thread in remote process 2496
Process injection	Process 504 resumed a thread in remote process 1512
Process injection	Process 1964 resumed a thread in remote process 3016
Process injection	Process 2976 resumed a thread in remote process 2164
Process injection	Process 1632 resumed a thread in remote process 1808
Process injection	Process 1544 resumed a thread in remote process 1092
Process injection	Process 3280 resumed a thread in remote process 3464
Process injection	Process 3680 resumed a thread in remote process 3752
Process injection	Process 3928 resumed a thread in remote process 4004
Process injection	Process 3412 resumed a thread in remote process 3768
Process injection	Process 3924 resumed a thread in remote process 3420
Process injection	Process 1656 resumed a thread in remote process 3456
NtResumeThread Sept. 18, 2024, 8:53 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2672	1	0	0
NtResumeThread Sept. 18, 2024, 8:53 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2828	1	0	0
NtResumeThread Sept. 18, 2024, 8:53 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 3028	1	0	0
NtResumeThread Sept. 18, 2024, 8:54 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2100	1	0	0
NtResumeThread Sept. 18, 2024, 8:54 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2312	1	0	0
NtResumeThread Sept. 18, 2024, 8:54 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2856	1	0	0
NtResumeThread Sept. 18, 2024, 8:54 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 1560	1	0	0
NtResumeThread Sept. 18, 2024, 8:54 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2496	1	0	0
NtResumeThread Sept. 18, 2024, 8:54 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 1512	1	0	0
NtResumeThread Sept. 18, 2024, 8:54 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 3016	1	0	0
NtResumeThread Sept. 18, 2024, 8:54 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2164	1	0	0
NtResumeThread Sept. 18, 2024, 8:54 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 1808	1	0	0
NtResumeThread Sept. 18, 2024, 9:02 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 1092	1	0	0
NtResumeThread Sept. 18, 2024, 9:02 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 3464	1	0	0
NtResumeThread Sept. 18, 2024, 9:02 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 3752	1	0	0
NtResumeThread Sept. 18, 2024, 9:02 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 4004	1	0	0
NtResumeThread Sept. 18, 2024, 9:03 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 3768	1	0	0
NtResumeThread Sept. 18, 2024, 9:03 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 3420	1	0	0
NtResumeThread Sept. 18, 2024, 9:03 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 3456	1	0	0

Executed a process and injected code into it, probably while unpacking (50 out of 543 events)

Time & API	Arguments	Status	Return
CreateProcessInternalW Sept. 18, 2024, 9 a.m.	thread_identifier: 2608 thread_handle: 0x00000134 process_identifier: 2604 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 18, 2024, 9 a.m.	thread_identifier: 2788 thread_handle: 0x00000138 process_identifier: 2784 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 18, 2024, 9:01 a.m.	thread_identifier: 2964 thread_handle: 0x00000134 process_identifier: 2960 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 18, 2024, 9:01 a.m.	thread_identifier: 2080 thread_handle: 0x00000138 process_identifier: 2076 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 18, 2024, 9:01 a.m.	thread_identifier: 2208 thread_handle: 0x00000134 process_identifier: 2260 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 18, 2024, 9:01 a.m.	thread_identifier: 2656 thread_handle: 0x00000138 process_identifier: 2664 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 18, 2024, 9:01 a.m.	thread_identifier: 3048 thread_handle: 0x00000134 process_identifier: 3012 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 18, 2024, 9:01 a.m.	thread_identifier: 2164 thread_handle: 0x00000138 process_identifier: 2280 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 18, 2024, 9:01 a.m.	thread_identifier: 2208 thread_handle: 0x00000134 process_identifier: 504 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 18, 2024, 9:01 a.m.	thread_identifier: 2068 thread_handle: 0x00000138 process_identifier: 1964 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 18, 2024, 9:01 a.m.	thread_identifier: 2764 thread_handle: 0x00000134 process_identifier: 2976 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 18, 2024, 9:02 a.m.	thread_identifier: 3056 thread_handle: 0x00000138 process_identifier: 1632 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 18, 2024, 9:02 a.m.	thread_identifier: 1788 thread_handle: 0x00000134 process_identifier: 1544 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 18, 2024, 9:02 a.m.	thread_identifier: 3284 thread_handle: 0x00000138 process_identifier: 3280 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 18, 2024, 9:02 a.m.	thread_identifier: 3532 thread_handle: 0x00000134 process_identifier: 3528 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 18, 2024, 9:02 a.m.	thread_identifier: 3684 thread_handle: 0x00000138 process_identifier: 3680 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 18, 2024, 9:02 a.m.	thread_identifier: 3808 thread_handle: 0x00000134 process_identifier: 3804 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 18, 2024, 9:02 a.m.	thread_identifier: 3932 thread_handle: 0x00000138 process_identifier: 3928 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 18, 2024, 9:02 a.m.	thread_identifier: 3176 thread_handle: 0x00000134 process_identifier: 3172 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 18, 2024, 9:02 a.m.	thread_identifier: 3456 thread_handle: 0x00000138 process_identifier: 3412 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 18, 2024, 9:03 a.m.	thread_identifier: 3972 thread_handle: 0x00000134 process_identifier: 3976 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 18, 2024, 9:03 a.m.	thread_identifier: 3504 thread_handle: 0x00000138 process_identifier: 3924 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 18, 2024, 9:03 a.m.	thread_identifier: 2040 thread_handle: 0x00000134 process_identifier: 2276 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 18, 2024, 9:03 a.m.	thread_identifier: 2140 thread_handle: 0x00000138 process_identifier: 1656 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 18, 2024, 9:03 a.m.	thread_identifier: 300 thread_handle: 0x00000134 process_identifier: 3284 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 18, 2024, 9:03 a.m.	thread_identifier: 4148 thread_handle: 0x00000138 process_identifier: 4144 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 18, 2024, 9:03 a.m.	thread_identifier: 4400 thread_handle: 0x00000134 process_identifier: 4396 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 18, 2024, 8:53 a.m.	thread_identifier: 2676 thread_handle: 0x0000000000000044 process_identifier: 2672 current_directory: filepath: C:\Program Files\Mozilla Firefox\firefox.exe track: 1 command_line: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account filepath_r: C:\Program Files\Mozilla Firefox\firefox.exe stack_pivoted: 0 creation_flags: 1028 (CREATE_SUSPENDED\|CREATE_UNICODE_ENVIRONMENT) inherit_handles: 0 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: base_address: 0x000000013f3122b0 process_identifier: 2672 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: base_address: 0x000000013f320d88 process_identifier: 2672 process_handle: 0x000000000000004c	1	1
NtMapViewOfSection Sept. 18, 2024, 8:53 a.m.	section_handle: 0x0000000000000060 process_identifier: 2672 commit_size: 0 win32_protect: 32 (PAGE_EXECUTE_READ) buffer: base_address: 0x000000004def0000 allocation_type: 0 () section_offset: 0 view_size: 65536 process_handle: 0x0000000000000050	1	0
NtAllocateVirtualMemory Sept. 18, 2024, 8:53 a.m.	process_identifier: 2672 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x000000004def0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0x0000000000000050	1	0
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: I»`#.?Aÿã base_address: 0x0000000076d81590 process_identifier: 2672 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: ïM base_address: 0x000000013f320d78 process_identifier: 2672 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: I» .?Aÿã base_address: 0x0000000076d57a90 process_identifier: 2672 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: ïM base_address: 0x000000013f320d70 process_identifier: 2672 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: ÏT base_address: 0x000000013f2c0108 process_identifier: 2672 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: Øv@Øv Øv@ØvØv°Øv ÕvàTÕv 3ØvØvÀ´Óv`,ØvÀÖvöÔv YØv2ØvVØv°ÞvÕvRØv ÕvQØvÂÕv ?ÖvPÕv°TÕvàtÕvðÖvÐ1ØvÔvÐOÔv`ê×vÐæ×vÐæ×vÐ.Øv base_address: 0x000000013f31aae8 process_identifier: 2672 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 18, 2024, 8:53 a.m.	buffer: base_address: 0x000000013f320c78 process_identifier: 2672 process_handle: 0x000000000000004c	1	1
NtResumeThread Sept. 18, 2024, 8:53 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2672	1	0
NtResumeThread Sept. 18, 2024, 8:53 a.m.	thread_handle: 0x000000000000016c suspend_count: 1 process_identifier: 2672	1	0
NtGetContextThread Sept. 18, 2024, 8:53 a.m.	thread_handle: 0x0000000000000244	1	0
NtGetContextThread Sept. 18, 2024, 8:53 a.m.	thread_handle: 0x0000000000000248	1	0
NtGetContextThread Sept. 18, 2024, 8:53 a.m.	thread_handle: 0x000000000000024c	1	0
NtGetContextThread Sept. 18, 2024, 8:53 a.m.	thread_handle: 0x0000000000000250	1	0
NtGetContextThread Sept. 18, 2024, 8:53 a.m.	thread_handle: 0x0000000000000210	1	0
NtGetContextThread Sept. 18, 2024, 8:53 a.m.	thread_handle: 0x0000000000000254	1	0
NtGetContextThread Sept. 18, 2024, 8:53 a.m.	thread_handle: 0x0000000000000258	1	0
NtGetContextThread Sept. 18, 2024, 8:53 a.m.	thread_handle: 0x000000000000025c	1	0
NtResumeThread Sept. 18, 2024, 8:54 a.m.	thread_handle: 0x0000000000000244 suspend_count: 1 process_identifier: 2672	1	0

File has been identified by 41 AntiVirus engines on VirusTotal as malicious (41 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win64.Injects.ts93
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Genericuh.ch
Cylance	Unsafe
Sangfor	Trojan.Win32.Autoit.Vzee
BitDefender	Trojan.GenericKD.74154616
K7GW	Trojan ( 005ba03d1 )
K7AntiVirus	Trojan ( 005ba03d1 )
VirIT	Trojan.Win32.AutoIt.HHD
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Autoit.ORF
APEX	Malicious
Avast	Win32:Malware-gen
Alibaba	Trojan:Win32/AutoInject.95992839
MicroWorld-eScan	Trojan.GenericKD.74154616
F-Secure	Trojan.TR/AVI.Agent.fqhom
DrWeb	Trojan.Siggen29.4458
TrendMicro	Trojan.Win32.AMADEY.YXEIRZ
McAfeeD	Real Protect-LS!A71FEC0E25FA
CTX	exe.trojan.autoit
Sophos	Mal/Generic-S
FireEye	Generic.mg.a71fec0e25fa74c1
Webroot	W32.Trojan.Agent.Gen
Google	Detected
Avira	TR/AVI.Agent.fqhom
Gridinsoft	Trojan.Win32.Agent.sa
Microsoft	Trojan:Win32/AutoInject.CCJC!MTB
Varist	W32/AutoIt.ABD.gen!Eldorado
McAfee	Artemis!A71FEC0E25FA
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.22776748
Ikarus	Trojan.Win32.Autoit
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.AMADEY.YXEIRZ
Tencent	Win32.Trojan.Avi.Anhl
huorong	Trojan/AutoIT.Agent.d
MaxSecure	Trojan.Malware.121218.susgen
AVG	Win32:Malware-gen
Paloalto	generic.ml

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All