Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 21, 2024, 9:06 a.m.	Sept. 21, 2024, 9:14 a.m.

Size	900.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d23aac5d0b47654754a6e6d79085c871`
SHA256	`e3d13120001a5e578847a192c35600d6a761d6d8a99e74bf075ee9a3d65cf45b`
CRC32	`09C47324`
ssdeep	`12288:zqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaPTWh:zqDEvCTbMWu7rQYlBQcBiT6rprG8arS`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
2056
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2116
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2188
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\e8ceeaad-202b-4d1d-b037-073fba26c2ab.dmp"
      524
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\e8ceeaad-202b-4d1d-b037-073fba26c2ab.dmp"
        2164
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2284
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2328
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\2c7c334f-7db8-4552-8f02-7a3195fc63ab.dmp"
      2384
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\2c7c334f-7db8-4552-8f02-7a3195fc63ab.dmp"
        2040
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2484
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2528
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\b78782b4-1ed7-48ba-8fdc-fe33f8af3080.dmp"
      2076
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\b78782b4-1ed7-48ba-8fdc-fe33f8af3080.dmp"
        2416
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2620
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2704
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2848
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2932
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\fe10233f-62c1-45c5-aa96-6e3554661071.dmp"
      3480
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\fe10233f-62c1-45c5-aa96-6e3554661071.dmp"
        3636
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2988
  - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\258d6c1a-cae6-4c4d-ab5f-1c12ac6160e3.dmp"
    3092
    - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\258d6c1a-cae6-4c4d-ab5f-1c12ac6160e3.dmp"
      3244
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2184
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2360
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\ce77d738-bd7b-40d5-a025-0648f071e156.dmp"
      4020
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\ce77d738-bd7b-40d5-a025-0648f071e156.dmp"
        3180
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2720
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    1228
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2948
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2052
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2408
  - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\29dad9e6-2523-432e-8f2e-d8f8ceb8364c.dmp"
    1540
    - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\29dad9e6-2523-432e-8f2e-d8f8ceb8364c.dmp"
      3920
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  1656
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2268
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2120
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  1020
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    1168
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2612
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2832
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3100
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3168
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3332
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3392
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3448
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3628
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3860
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3896
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  4060
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2088
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  812
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3500
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2936
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3300
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3908

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (50 out of 114 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Tries to locate where the browsers are installed (1 event)

file	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 21, 2024, 9:07 a.m.		1	1	0

One or more processes crashed (23 events)

Time & API	Arguments	Status
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10353696 registers.r15: 10353200 registers.rcx: 48 registers.rsi: 14707200 registers.r10: 0 registers.rbx: 0 registers.rsp: 10352248 registers.r11: 10354448 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10353031 registers.rbp: 10352368 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: 0xcd1f04 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10417048 registers.r15: 8791555020400 registers.rcx: 48 registers.rsi: 8791554952064 registers.r10: 0 registers.rbx: 0 registers.rsp: 10416680 registers.r11: 10420064 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 14912224 registers.rbp: 10416800 registers.rdi: 65118240 registers.rax: 13442816 registers.r13: 10417640	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9827648 registers.r15: 9827152 registers.rcx: 48 registers.rsi: 14707392 registers.r10: 0 registers.rbx: 0 registers.rsp: 9826200 registers.r11: 9828400 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9826983 registers.rbp: 9826320 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8714688 registers.r15: 8714192 registers.rcx: 48 registers.rsi: 14707200 registers.r10: 0 registers.rbx: 0 registers.rsp: 8713240 registers.r11: 8715440 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8714023 registers.rbp: 8713360 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 10220752 registers.r15: 10220256 registers.rcx: 48 registers.rsi: 14704992 registers.r10: 0 registers.rbx: 0 registers.rsp: 10219304 registers.r11: 10221504 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10220087 registers.rbp: 10219424 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10091536 registers.r15: 10091040 registers.rcx: 48 registers.rsi: 14706816 registers.r10: 0 registers.rbx: 0 registers.rsp: 10090088 registers.r11: 10092288 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10090871 registers.rbp: 10090208 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10024528 registers.r15: 10024032 registers.rcx: 48 registers.rsi: 14704896 registers.r10: 0 registers.rbx: 0 registers.rsp: 10023080 registers.r11: 10025280 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10023863 registers.rbp: 10023200 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9108560 registers.r15: 9108064 registers.rcx: 48 registers.rsi: 14706144 registers.r10: 0 registers.rbx: 0 registers.rsp: 9107112 registers.r11: 9109312 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9107895 registers.rbp: 9107232 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 10550016 registers.r15: 10549520 registers.rcx: 48 registers.rsi: 14705472 registers.r10: 0 registers.rbx: 0 registers.rsp: 10548568 registers.r11: 10550768 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10549351 registers.rbp: 10548688 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xa91f04 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa91f04 registers.r14: 9826200 registers.r15: 8791555020400 registers.rcx: 48 registers.rsi: 8791554952064 registers.r10: 0 registers.rbx: 0 registers.rsp: 9825832 registers.r11: 9829216 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 15958400 registers.rbp: 9825952 registers.rdi: 249669536 registers.rax: 11083520 registers.r13: 9826792	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 8977504 registers.r15: 8977008 registers.rcx: 48 registers.rsi: 14706528 registers.r10: 0 registers.rbx: 0 registers.rsp: 8976056 registers.r11: 8978256 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8976839 registers.rbp: 8976176 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10156976 registers.r15: 10156480 registers.rcx: 48 registers.rsi: 14707104 registers.r10: 0 registers.rbx: 0 registers.rsp: 10155528 registers.r11: 10157728 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10156311 registers.rbp: 10155648 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9041584 registers.r15: 9041088 registers.rcx: 48 registers.rsi: 14705760 registers.r10: 0 registers.rbx: 0 registers.rsp: 9040136 registers.r11: 9042336 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9040919 registers.rbp: 9040256 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8779616 registers.r15: 8779120 registers.rcx: 48 registers.rsi: 14706816 registers.r10: 0 registers.rbx: 0 registers.rsp: 8778168 registers.r11: 8780368 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8778951 registers.rbp: 8778288 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 10091344 registers.r15: 10090848 registers.rcx: 48 registers.rsi: 14706816 registers.r10: 0 registers.rbx: 0 registers.rsp: 10089896 registers.r11: 10092096 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 10090679 registers.rbp: 10090016 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9173536 registers.r15: 9173040 registers.rcx: 48 registers.rsi: 14706240 registers.r10: 0 registers.rbx: 0 registers.rsp: 9172088 registers.r11: 9174288 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9172871 registers.rbp: 9172208 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9827504 registers.r15: 9827008 registers.rcx: 48 registers.rsi: 14706240 registers.r10: 0 registers.rbx: 0 registers.rsp: 9826056 registers.r11: 9828256 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9826839 registers.rbp: 9826176 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9894384 registers.r15: 9893888 registers.rcx: 48 registers.rsi: 14707680 registers.r10: 0 registers.rbx: 0 registers.rsp: 9892936 registers.r11: 9895136 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9893719 registers.rbp: 9893056 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:09 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 8648160 registers.r15: 8647664 registers.rcx: 48 registers.rsi: 14705184 registers.r10: 0 registers.rbx: 0 registers.rsp: 8646712 registers.r11: 8648912 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8647495 registers.rbp: 8646832 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:09 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9827584 registers.r15: 9827088 registers.rcx: 48 registers.rsi: 14707200 registers.r10: 0 registers.rbx: 0 registers.rsp: 9826136 registers.r11: 9828336 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9826919 registers.rbp: 9826256 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:09 a.m.	stacktrace: 0xcb1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcb1f04 registers.r14: 10419168 registers.r15: 10418672 registers.rcx: 48 registers.rsi: 15755872 registers.r10: 0 registers.rbx: 0 registers.rsp: 10417720 registers.r11: 10419920 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10418503 registers.rbp: 10417840 registers.rdi: 100 registers.rax: 13311744 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:09 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9042032 registers.r15: 9041536 registers.rcx: 48 registers.rsi: 14704896 registers.r10: 0 registers.rbx: 0 registers.rsp: 9040584 registers.r11: 9042784 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092879440 registers.r12: 9041367 registers.rbp: 9040704 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:02 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 8911200 registers.r15: 8910704 registers.rcx: 48 registers.rsi: 14706528 registers.r10: 0 registers.rbx: 0 registers.rsp: 8909752 registers.r11: 8911952 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 8910535 registers.rbp: 8909872 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (50 out of 160 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007700b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076fd6000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003070000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000749ad000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007700b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076fd6000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000033f0000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000749ad000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2528 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2528 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007700b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2528 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2528 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076fd6000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2528 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000028a0000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2528 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000749ad000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2704 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2704 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007700b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2704 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2704 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076fd6000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2704 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002860000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2704 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000749ad000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2988 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c70000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2988 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007700b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2988 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c70000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2988 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076fd6000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2988 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000001e4b0000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2988 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000749af000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2988 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003020000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2988 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000749ad000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000b50000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007700b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000b50000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076fd6000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003160000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000749ad000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007700b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076fd6000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002860000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000749ad000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 1228 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 1228 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007700b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 1228 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 1228 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076fd6000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 1228 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002820000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 1228 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000749ad000 process_handle: 0xffffffffffffffff	1

An application raised an exception which may be indicative of an exploit crash (46 events)

Time & API	Arguments	Status	Return	Repeated
Application Crash	Process firefox.exe with pid 2188 crashed
Application Crash	Process firefox.exe with pid 2328 crashed
Application Crash	Process firefox.exe with pid 2528 crashed
Application Crash	Process firefox.exe with pid 2704 crashed
Application Crash	Process firefox.exe with pid 2988 crashed
Application Crash	Process firefox.exe with pid 2932 crashed
Application Crash	Process firefox.exe with pid 2360 crashed
Application Crash	Process firefox.exe with pid 1228 crashed
Application Crash	Process firefox.exe with pid 2408 crashed
Application Crash	Process firefox.exe with pid 2052 crashed
Application Crash	Process firefox.exe with pid 2120 crashed
Application Crash	Process firefox.exe with pid 2268 crashed
Application Crash	Process firefox.exe with pid 2612 crashed
Application Crash	Process firefox.exe with pid 1168 crashed
Application Crash	Process firefox.exe with pid 3168 crashed
Application Crash	Process firefox.exe with pid 3100 crashed
Application Crash	Process firefox.exe with pid 3448 crashed
Application Crash	Process firefox.exe with pid 3392 crashed
Application Crash	Process firefox.exe with pid 3896 crashed
Application Crash	Process firefox.exe with pid 3860 crashed
Application Crash	Process firefox.exe with pid 812 crashed
Application Crash	Process firefox.exe with pid 2088 crashed
Application Crash	Process firefox.exe with pid 3300 crashed
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10353696 registers.r15: 10353200 registers.rcx: 48 registers.rsi: 14707200 registers.r10: 0 registers.rbx: 0 registers.rsp: 10352248 registers.r11: 10354448 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10353031 registers.rbp: 10352368 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: 0xcd1f04 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10417048 registers.r15: 8791555020400 registers.rcx: 48 registers.rsi: 8791554952064 registers.r10: 0 registers.rbx: 0 registers.rsp: 10416680 registers.r11: 10420064 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 14912224 registers.rbp: 10416800 registers.rdi: 65118240 registers.rax: 13442816 registers.r13: 10417640	1	0	0
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9827648 registers.r15: 9827152 registers.rcx: 48 registers.rsi: 14707392 registers.r10: 0 registers.rbx: 0 registers.rsp: 9826200 registers.r11: 9828400 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9826983 registers.rbp: 9826320 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8714688 registers.r15: 8714192 registers.rcx: 48 registers.rsi: 14707200 registers.r10: 0 registers.rbx: 0 registers.rsp: 8713240 registers.r11: 8715440 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8714023 registers.rbp: 8713360 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 10220752 registers.r15: 10220256 registers.rcx: 48 registers.rsi: 14704992 registers.r10: 0 registers.rbx: 0 registers.rsp: 10219304 registers.r11: 10221504 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10220087 registers.rbp: 10219424 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10091536 registers.r15: 10091040 registers.rcx: 48 registers.rsi: 14706816 registers.r10: 0 registers.rbx: 0 registers.rsp: 10090088 registers.r11: 10092288 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10090871 registers.rbp: 10090208 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10024528 registers.r15: 10024032 registers.rcx: 48 registers.rsi: 14704896 registers.r10: 0 registers.rbx: 0 registers.rsp: 10023080 registers.r11: 10025280 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10023863 registers.rbp: 10023200 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9108560 registers.r15: 9108064 registers.rcx: 48 registers.rsi: 14706144 registers.r10: 0 registers.rbx: 0 registers.rsp: 9107112 registers.r11: 9109312 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9107895 registers.rbp: 9107232 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 10550016 registers.r15: 10549520 registers.rcx: 48 registers.rsi: 14705472 registers.r10: 0 registers.rbx: 0 registers.rsp: 10548568 registers.r11: 10550768 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10549351 registers.rbp: 10548688 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xa91f04 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa91f04 registers.r14: 9826200 registers.r15: 8791555020400 registers.rcx: 48 registers.rsi: 8791554952064 registers.r10: 0 registers.rbx: 0 registers.rsp: 9825832 registers.r11: 9829216 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 15958400 registers.rbp: 9825952 registers.rdi: 249669536 registers.rax: 11083520 registers.r13: 9826792	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 8977504 registers.r15: 8977008 registers.rcx: 48 registers.rsi: 14706528 registers.r10: 0 registers.rbx: 0 registers.rsp: 8976056 registers.r11: 8978256 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8976839 registers.rbp: 8976176 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10156976 registers.r15: 10156480 registers.rcx: 48 registers.rsi: 14707104 registers.r10: 0 registers.rbx: 0 registers.rsp: 10155528 registers.r11: 10157728 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10156311 registers.rbp: 10155648 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9041584 registers.r15: 9041088 registers.rcx: 48 registers.rsi: 14705760 registers.r10: 0 registers.rbx: 0 registers.rsp: 9040136 registers.r11: 9042336 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9040919 registers.rbp: 9040256 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8779616 registers.r15: 8779120 registers.rcx: 48 registers.rsi: 14706816 registers.r10: 0 registers.rbx: 0 registers.rsp: 8778168 registers.r11: 8780368 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8778951 registers.rbp: 8778288 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 10091344 registers.r15: 10090848 registers.rcx: 48 registers.rsi: 14706816 registers.r10: 0 registers.rbx: 0 registers.rsp: 10089896 registers.r11: 10092096 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 10090679 registers.rbp: 10090016 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9173536 registers.r15: 9173040 registers.rcx: 48 registers.rsi: 14706240 registers.r10: 0 registers.rbx: 0 registers.rsp: 9172088 registers.r11: 9174288 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9172871 registers.rbp: 9172208 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9827504 registers.r15: 9827008 registers.rcx: 48 registers.rsi: 14706240 registers.r10: 0 registers.rbx: 0 registers.rsp: 9826056 registers.r11: 9828256 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9826839 registers.rbp: 9826176 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9894384 registers.r15: 9893888 registers.rcx: 48 registers.rsi: 14707680 registers.r10: 0 registers.rbx: 0 registers.rsp: 9892936 registers.r11: 9895136 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9893719 registers.rbp: 9893056 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:09 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 8648160 registers.r15: 8647664 registers.rcx: 48 registers.rsi: 14705184 registers.r10: 0 registers.rbx: 0 registers.rsp: 8646712 registers.r11: 8648912 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8647495 registers.rbp: 8646832 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:09 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9827584 registers.r15: 9827088 registers.rcx: 48 registers.rsi: 14707200 registers.r10: 0 registers.rbx: 0 registers.rsp: 9826136 registers.r11: 9828336 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9826919 registers.rbp: 9826256 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:09 a.m.	stacktrace: 0xcb1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcb1f04 registers.r14: 10419168 registers.r15: 10418672 registers.rcx: 48 registers.rsi: 15755872 registers.r10: 0 registers.rbx: 0 registers.rsp: 10417720 registers.r11: 10419920 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10418503 registers.rbp: 10417840 registers.rdi: 100 registers.rax: 13311744 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:09 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9042032 registers.r15: 9041536 registers.rcx: 48 registers.rsi: 14704896 registers.r10: 0 registers.rbx: 0 registers.rsp: 9040584 registers.r11: 9042784 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092879440 registers.r12: 9041367 registers.rbp: 9040704 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:02 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 8911200 registers.r15: 8910704 registers.rcx: 48 registers.rsi: 14706528 registers.r10: 0 registers.rbx: 0 registers.rsp: 8909752 registers.r11: 8911952 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 8910535 registers.rbp: 8909872 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1	0	0

Potentially malicious URLs were found in the process memory dump (3 events)

url	https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%SYSTEM_CAPABILITIES%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml
url	https://crash-reports.mozilla.com/submit?id=
url	https://hg.mozilla.org/releases/mozilla-release/rev/92187d03adde4b31daef292087a266f10121379c

Yara rule detected in process memory (50 out of 135 events)

description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active

Allocates execute permission to another process indicative of possible code injection (30 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077711000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000776e7000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077711000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000776e7000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2528 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077711000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2528 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000776e7000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2704 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077711000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2704 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000776e7000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077711000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000776e7000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077711000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000776e7000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 1228 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077711000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 1228 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000776e7000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2052 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077711000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2052 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000776e7000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2268 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077711000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2268 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000776e7000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 1168 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077711000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 1168 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000776e7000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:08 a.m.	process_identifier: 3100 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077711000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:08 a.m.	process_identifier: 3100 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000776e7000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:08 a.m.	process_identifier: 3392 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077711000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:08 a.m.	process_identifier: 3392 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000776e7000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:08 a.m.	process_identifier: 3860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077711000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:08 a.m.	process_identifier: 3860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000776e7000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:09 a.m.	process_identifier: 2088 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077711000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:09 a.m.	process_identifier: 2088 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000776e7000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:09 a.m.	process_identifier: 2936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077711000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:09 a.m.	process_identifier: 2936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000776e7000 process_handle: 0x0000000000000050	1

Potential code injection by writing to the memory of another process (50 out of 135 events)

Time & API	Arguments	Status	Return
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f8f22b0 process_identifier: 2188 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f900d88 process_identifier: 2188 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I»`#?Aÿã base_address: 0x0000000077711590 process_identifier: 2188 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: r base_address: 0x000000013f900d78 process_identifier: 2188 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I» ?Aÿã base_address: 0x00000000776e7a90 process_identifier: 2188 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: r base_address: 0x000000013f900d70 process_identifier: 2188 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: ÏT base_address: 0x000000013f8a0108 process_identifier: 2188 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: qw@qw qw@qwqw°qw nwàTnw 3qwqwÀ´lw`,qwÀowömw Yqw2qwVqw°wwnwRqw nwQqwÂnw ?owPnw°TnwàtnwðowÐ1qwmwÐOmw`êpwÐæpwÐæpwÐ.qw base_address: 0x000000013f8faae8 process_identifier: 2188 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f900c78 process_identifier: 2188 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f8f22b0 process_identifier: 2328 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f900d88 process_identifier: 2328 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I»`#?Aÿã base_address: 0x0000000077711590 process_identifier: 2328 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: 5 base_address: 0x000000013f900d78 process_identifier: 2328 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I» ?Aÿã base_address: 0x00000000776e7a90 process_identifier: 2328 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: 5 base_address: 0x000000013f900d70 process_identifier: 2328 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: ÏT base_address: 0x000000013f8a0108 process_identifier: 2328 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: qw@qw qw@qwqw°qw nwàTnw 3qwqwÀ´lw`,qwÀowömw Yqw2qwVqw°wwnwRqw nwQqwÂnw ?owPnw°TnwàtnwðowÐ1qwmwÐOmw`êpwÐæpwÐæpwÐ.qw base_address: 0x000000013f8faae8 process_identifier: 2328 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f900c78 process_identifier: 2328 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f8f22b0 process_identifier: 2528 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f900d88 process_identifier: 2528 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I»`#?Aÿã base_address: 0x0000000077711590 process_identifier: 2528 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: 3b base_address: 0x000000013f900d78 process_identifier: 2528 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I» ?Aÿã base_address: 0x00000000776e7a90 process_identifier: 2528 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: 3b base_address: 0x000000013f900d70 process_identifier: 2528 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: ÏT base_address: 0x000000013f8a0108 process_identifier: 2528 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: qw@qw qw@qwqw°qw nwàTnw 3qwqwÀ´lw`,qwÀowömw Yqw2qwVqw°wwnwRqw nwQqwÂnw ?owPnw°TnwàtnwðowÐ1qwmwÐOmw`êpwÐæpwÐæpwÐ.qw base_address: 0x000000013f8faae8 process_identifier: 2528 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f900c78 process_identifier: 2528 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f8f22b0 process_identifier: 2704 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f900d88 process_identifier: 2704 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I»`#?Aÿã base_address: 0x0000000077711590 process_identifier: 2704 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: Qv base_address: 0x000000013f900d78 process_identifier: 2704 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I» ?Aÿã base_address: 0x00000000776e7a90 process_identifier: 2704 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: Qv base_address: 0x000000013f900d70 process_identifier: 2704 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: ÏT base_address: 0x000000013f8a0108 process_identifier: 2704 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: qw@qw qw@qwqw°qw nwàTnw 3qwqwÀ´lw`,qwÀowömw Yqw2qwVqw°wwnwRqw nwQqwÂnw ?owPnw°TnwàtnwðowÐ1qwmwÐOmw`êpwÐæpwÐæpwÐ.qw base_address: 0x000000013f8faae8 process_identifier: 2704 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f900c78 process_identifier: 2704 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: base_address: 0x000000013f8f22b0 process_identifier: 2932 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: base_address: 0x000000013f900d88 process_identifier: 2932 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: I»`#?Aÿã base_address: 0x0000000077711590 process_identifier: 2932 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: a base_address: 0x000000013f900d78 process_identifier: 2932 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: I» ?Aÿã base_address: 0x00000000776e7a90 process_identifier: 2932 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: a base_address: 0x000000013f900d70 process_identifier: 2932 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: ÏT base_address: 0x000000013f8a0108 process_identifier: 2932 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: qw@qw qw@qwqw°qw nwàTnw 3qwqwÀ´lw`,qwÀowömw Yqw2qwVqw°wwnwRqw nwQqwÂnw ?owPnw°TnwàtnwðowÐ1qwmwÐOmw`êpwÐæpwÐæpwÐ.qw base_address: 0x000000013f8faae8 process_identifier: 2932 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: base_address: 0x000000013f900c78 process_identifier: 2932 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: base_address: 0x000000013f8f22b0 process_identifier: 2360 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: base_address: 0x000000013f900d88 process_identifier: 2360 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: I»`#?Aÿã base_address: 0x0000000077711590 process_identifier: 2360 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: ;- base_address: 0x000000013f900d78 process_identifier: 2360 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: I» ?Aÿã base_address: 0x00000000776e7a90 process_identifier: 2360 process_handle: 0x0000000000000050	1	1

Attempts to create or modify system certificates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob

One or more non-whitelisted processes were created (22 events)

parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\2c7c334f-7db8-4552-8f02-7a3195fc63ab.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\258d6c1a-cae6-4c4d-ab5f-1c12ac6160e3.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\ce77d738-bd7b-40d5-a025-0648f071e156.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\e8ceeaad-202b-4d1d-b037-073fba26c2ab.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\b78782b4-1ed7-48ba-8fdc-fe33f8af3080.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\29dad9e6-2523-432e-8f2e-d8f8ceb8364c.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\fe10233f-62c1-45c5-aa96-6e3554661071.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account

Appends a known multi-family ransomware file extension to files that have been encrypted (2 events)

file	C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\parent.lock
file	C:\Users\test22\AppData\Local\Temp\firefox\parent.lock

Resumed a suspended thread in a remote process potentially indicative of process injection (30 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2116 resumed a thread in remote process 2188
Process injection	Process 2284 resumed a thread in remote process 2328
Process injection	Process 2484 resumed a thread in remote process 2528
Process injection	Process 2620 resumed a thread in remote process 2704
Process injection	Process 2848 resumed a thread in remote process 2932
Process injection	Process 2184 resumed a thread in remote process 2360
Process injection	Process 2720 resumed a thread in remote process 1228
Process injection	Process 2948 resumed a thread in remote process 2052
Process injection	Process 1656 resumed a thread in remote process 2268
Process injection	Process 1020 resumed a thread in remote process 1168
Process injection	Process 2832 resumed a thread in remote process 3100
Process injection	Process 3332 resumed a thread in remote process 3392
Process injection	Process 3628 resumed a thread in remote process 3860
Process injection	Process 4060 resumed a thread in remote process 2088
Process injection	Process 3500 resumed a thread in remote process 2936
NtResumeThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2188	1	0	0
NtResumeThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2328	1	0	0
NtResumeThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2528	1	0	0
NtResumeThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2704	1	0	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2932	1	0	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2360	1	0	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 1228	1	0	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2052	1	0	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2268	1	0	0
NtResumeThread Sept. 21, 2024, 9:08 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 1168	1	0	0
NtResumeThread Sept. 21, 2024, 9:08 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 3100	1	0	0
NtResumeThread Sept. 21, 2024, 9:08 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 3392	1	0	0
NtResumeThread Sept. 21, 2024, 9:08 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 3860	1	0	0
NtResumeThread Sept. 21, 2024, 9:09 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2088	1	0	0
NtResumeThread Sept. 21, 2024, 9:09 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2936	1	0	0

File has been identified by 23 AntiVirus engines on VirusTotal as malicious (23 events)

Bkav	W32.AIDetectMalware
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Genericuh.dh
ALYac	AIT:Trojan.Nymeria.4945
Cylance	Unsafe
VIPRE	AIT:Trojan.Nymeria.4945
Sangfor	Trojan.Win32.Save.a
BitDefender	AIT:Trojan.Nymeria.4945
Arcabit	AIT:Trojan.Nymeria.D1351
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Autoit.ORF
APEX	Malicious
MicroWorld-eScan	AIT:Trojan.Nymeria.4945
Emsisoft	AIT:Trojan.Nymeria.4945 (B)
McAfeeD	Real Protect-LS!D23AAC5D0B47
CTX	exe.trojan.nymeria
FireEye	Generic.mg.d23aac5d0b476547
Microsoft	Program:Win32/Wacapew.C!ml
GData	AIT:Trojan.Nymeria.4945
DeepInstinct	MALICIOUS
huorong	Trojan/AutoIT.Agent.d
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Autoit.ORF!tr

Executed a process and injected code into it, probably while unpacking (50 out of 423 events)

Time & API	Arguments	Status	Return
CreateProcessInternalW Sept. 21, 2024, 9:06 a.m.	thread_identifier: 2120 thread_handle: 0x0000012c process_identifier: 2116 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000130	1	1
CreateProcessInternalW Sept. 21, 2024, 9:06 a.m.	thread_identifier: 2288 thread_handle: 0x00000130 process_identifier: 2284 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x0000012c	1	1
CreateProcessInternalW Sept. 21, 2024, 9:06 a.m.	thread_identifier: 2488 thread_handle: 0x0000012c process_identifier: 2484 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000130	1	1
CreateProcessInternalW Sept. 21, 2024, 9:06 a.m.	thread_identifier: 2624 thread_handle: 0x00000130 process_identifier: 2620 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x0000012c	1	1
CreateProcessInternalW Sept. 21, 2024, 9:06 a.m.	thread_identifier: 2852 thread_handle: 0x0000012c process_identifier: 2848 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000130	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 2992 thread_handle: 0x00000130 process_identifier: 2988 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x0000012c	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 2180 thread_handle: 0x0000012c process_identifier: 2184 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000130	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 2724 thread_handle: 0x00000130 process_identifier: 2720 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x0000012c	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 2944 thread_handle: 0x0000012c process_identifier: 2948 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000130	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 2256 thread_handle: 0x00000130 process_identifier: 2408 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x0000012c	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 2900 thread_handle: 0x0000012c process_identifier: 1656 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000130	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 1340 thread_handle: 0x00000130 process_identifier: 2120 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x0000012c	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 1948 thread_handle: 0x0000012c process_identifier: 1020 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000130	1	1
CreateProcessInternalW Sept. 21, 2024, 9:08 a.m.	thread_identifier: 2616 thread_handle: 0x00000130 process_identifier: 2612 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x0000012c	1	1
CreateProcessInternalW Sept. 21, 2024, 9:08 a.m.	thread_identifier: 1780 thread_handle: 0x0000012c process_identifier: 2832 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000130	1	1
CreateProcessInternalW Sept. 21, 2024, 9:08 a.m.	thread_identifier: 3172 thread_handle: 0x00000130 process_identifier: 3168 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x0000012c	1	1
CreateProcessInternalW Sept. 21, 2024, 9:08 a.m.	thread_identifier: 3336 thread_handle: 0x0000012c process_identifier: 3332 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000130	1	1
CreateProcessInternalW Sept. 21, 2024, 9:08 a.m.	thread_identifier: 3452 thread_handle: 0x00000130 process_identifier: 3448 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x0000012c	1	1
CreateProcessInternalW Sept. 21, 2024, 9:08 a.m.	thread_identifier: 3632 thread_handle: 0x0000012c process_identifier: 3628 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000130	1	1
CreateProcessInternalW Sept. 21, 2024, 9:08 a.m.	thread_identifier: 3900 thread_handle: 0x00000130 process_identifier: 3896 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x0000012c	1	1
CreateProcessInternalW Sept. 21, 2024, 9:08 a.m.	thread_identifier: 4064 thread_handle: 0x0000012c process_identifier: 4060 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000130	1	1
CreateProcessInternalW Sept. 21, 2024, 9:09 a.m.	thread_identifier: 3240 thread_handle: 0x00000130 process_identifier: 812 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x0000012c	1	1
CreateProcessInternalW Sept. 21, 2024, 9:09 a.m.	thread_identifier: 3516 thread_handle: 0x0000012c process_identifier: 3500 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000130	1	1
CreateProcessInternalW Sept. 21, 2024, 9:09 a.m.	thread_identifier: 3304 thread_handle: 0x00000130 process_identifier: 3300 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x0000012c	1	1
CreateProcessInternalW Sept. 21, 2024, 9:09 a.m.	thread_identifier: 3912 thread_handle: 0x0000012c process_identifier: 3908 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000130	1	1
CreateProcessInternalW Sept. 21, 2024, 9:06 a.m.	thread_identifier: 2192 thread_handle: 0x0000000000000044 process_identifier: 2188 current_directory: filepath: C:\Program Files\Mozilla Firefox\firefox.exe track: 1 command_line: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account filepath_r: C:\Program Files\Mozilla Firefox\firefox.exe stack_pivoted: 0 creation_flags: 1028 (CREATE_SUSPENDED\|CREATE_UNICODE_ENVIRONMENT) inherit_handles: 0 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f8f22b0 process_identifier: 2188 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f900d88 process_identifier: 2188 process_handle: 0x000000000000004c	1	1
NtMapViewOfSection Sept. 21, 2024, 9:06 a.m.	section_handle: 0x0000000000000060 process_identifier: 2188 commit_size: 0 win32_protect: 32 (PAGE_EXECUTE_READ) buffer: base_address: 0x0000000072190000 allocation_type: 0 () section_offset: 0 view_size: 65536 process_handle: 0x0000000000000050	1	0
NtAllocateVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2188 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x0000000072190000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0x0000000000000050	1	0
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I»`#?Aÿã base_address: 0x0000000077711590 process_identifier: 2188 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: r base_address: 0x000000013f900d78 process_identifier: 2188 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I» ?Aÿã base_address: 0x00000000776e7a90 process_identifier: 2188 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: r base_address: 0x000000013f900d70 process_identifier: 2188 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: ÏT base_address: 0x000000013f8a0108 process_identifier: 2188 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: qw@qw qw@qwqw°qw nwàTnw 3qwqwÀ´lw`,qwÀowömw Yqw2qwVqw°wwnwRqw nwQqwÂnw ?owPnw°TnwàtnwðowÐ1qwmwÐOmw`êpwÐæpwÐæpwÐ.qw base_address: 0x000000013f8faae8 process_identifier: 2188 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f900c78 process_identifier: 2188 process_handle: 0x000000000000004c	1	1
NtResumeThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2188	1	0
NtResumeThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x000000000000016c suspend_count: 1 process_identifier: 2188	1	0
NtGetContextThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x00000000000001f8	1	0
NtGetContextThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000200	1	0
NtGetContextThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000204	1	0
NtGetContextThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000208	1	0
NtGetContextThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x000000000000020c	1	0
NtGetContextThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000210	1	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x00000000000001f8 suspend_count: 1 process_identifier: 2188	1	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x0000000000000200 suspend_count: 1 process_identifier: 2188	1	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x0000000000000204 suspend_count: 1 process_identifier: 2188	1	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x0000000000000208 suspend_count: 1 process_identifier: 2188	1	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x000000000000020c suspend_count: 1 process_identifier: 2188	1	0

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All