Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 21, 2024, 9:06 a.m.	Sept. 21, 2024, 9:13 a.m.

Size	897.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0568c4bcf6acda54e2251b1e35929608`
SHA256	`264551a092cc2329dc4ef096cb88112583318dce4cbc565cff77ebe4c86f1800`
CRC32	`3BECC434`
ssdeep	`12288:4qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga2Td:4qDEvCTbMWu7rQYlBQcBiT6rprG8aOd`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

wels.exe "C:\Users\test22\AppData\Local\Temp\wels.exe"
2560
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2612
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2680
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\ee573f7a-07c6-4c1a-8b0c-3e58f97e88a4.dmp"
      192
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\ee573f7a-07c6-4c1a-8b0c-3e58f97e88a4.dmp"
        1380
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2776
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2820
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\qxo5wa6x.default-release\minidumps\203ec40c-9bac-471c-8fbc-f17f3baab0ef.dmp"
      1784
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\qxo5wa6x.default-release\minidumps\203ec40c-9bac-471c-8fbc-f17f3baab0ef.dmp"
        1644
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2952
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3036
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\3ecb5527-ee03-49c2-bb74-42ad3f51f6c0.dmp"
      1040
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\3ecb5527-ee03-49c2-bb74-42ad3f51f6c0.dmp"
        2184
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2080
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2108
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\c6e8b682-74aa-4f4e-b97a-3e29df4e0206.dmp"
      3256
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\c6e8b682-74aa-4f4e-b97a-3e29df4e0206.dmp"
        3448
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2232
  - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\bca5cd2a-ebd1-4cf7-aa64-80b5172c9cf9.dmp"
    2932
    - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\bca5cd2a-ebd1-4cf7-aa64-80b5172c9cf9.dmp"
      3212
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2440
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2540
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\652ea18e-a53b-45c0-bc68-b132ac0e49b6.dmp"
      3964
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\652ea18e-a53b-45c0-bc68-b132ac0e49b6.dmp"
        3096
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2728
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2788
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\17ed59a1-a3a1-4a03-9f91-e45e15f47f8c.dmp"
      3284
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\17ed59a1-a3a1-4a03-9f91-e45e15f47f8c.dmp"
        3464
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3012
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    300
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\4a146ccc-259c-4bb2-9ee3-b71628589285.dmp"
      3924
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\4a146ccc-259c-4bb2-9ee3-b71628589285.dmp"
        2748
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  1976
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    1848
    - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\6c52910b-4cf3-4048-9110-89bf77183ade.dmp"
      3524
      - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\6c52910b-4cf3-4048-9110-89bf77183ade.dmp"
        2700
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  1308
  - crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\5e2c52c0-2190-41ae-bdad-6a1fec78a240.dmp"
    2100
    - minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\5e2c52c0-2190-41ae-bdad-6a1fec78a240.dmp"
      1244
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2660
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2968
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2684
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2000
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2416
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  1608
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    2964
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2896
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2916
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3196
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3304
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3520
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3604
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3700
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3880
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    4028
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  4088
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3364
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3616
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3748
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3912
  - firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3224
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  3248
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2084
- firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  1108

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (50 out of 119 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0
IsDebuggerPresent Sept. 21, 2024, 9:07 a.m.			0	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Tries to locate where the browsers are installed (1 event)

file	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 21, 2024, 9:07 a.m.		1	1	0

One or more processes crashed (24 events)

Time & API	Arguments	Status
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8778928 registers.r15: 8778432 registers.rcx: 48 registers.rsi: 14706336 registers.r10: 0 registers.rbx: 0 registers.rsp: 8777480 registers.r11: 8779680 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8778263 registers.rbp: 8777600 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: 0xcd1f04 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10481304 registers.r15: 8791560722032 registers.rcx: 48 registers.rsi: 8791560653696 registers.r10: 0 registers.rbx: 0 registers.rsp: 10480936 registers.r11: 10484320 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092879440 registers.r12: 14910784 registers.rbp: 10481056 registers.rdi: 273784864 registers.rax: 13442816 registers.r13: 10481896	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9304960 registers.r15: 9304464 registers.rcx: 48 registers.rsi: 14707488 registers.r10: 0 registers.rbx: 0 registers.rsp: 9303512 registers.r11: 9305712 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9304295 registers.rbp: 9303632 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8713904 registers.r15: 8713408 registers.rcx: 48 registers.rsi: 14707296 registers.r10: 0 registers.rbx: 0 registers.rsp: 8712456 registers.r11: 8714656 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8713239 registers.rbp: 8712576 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 8713744 registers.r15: 8713248 registers.rcx: 48 registers.rsi: 14705472 registers.r10: 0 registers.rbx: 0 registers.rsp: 8712296 registers.r11: 8714496 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8713079 registers.rbp: 8712416 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10615840 registers.r15: 10615344 registers.rcx: 48 registers.rsi: 14707584 registers.r10: 0 registers.rbx: 0 registers.rsp: 10614392 registers.r11: 10616592 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10615175 registers.rbp: 10614512 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8649328 registers.r15: 8648832 registers.rcx: 48 registers.rsi: 14705472 registers.r10: 0 registers.rbx: 0 registers.rsp: 8647880 registers.r11: 8650080 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8648663 registers.rbp: 8648000 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8910320 registers.r15: 8909824 registers.rcx: 48 registers.rsi: 14707104 registers.r10: 0 registers.rbx: 0 registers.rsp: 8908872 registers.r11: 8911072 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8909655 registers.rbp: 8908992 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9370784 registers.r15: 9370288 registers.rcx: 48 registers.rsi: 14706912 registers.r10: 0 registers.rbx: 0 registers.rsp: 9369336 registers.r11: 9371536 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9370119 registers.rbp: 9369456 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xa91f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa91f04 registers.r14: 9959392 registers.r15: 9958896 registers.rcx: 48 registers.rsi: 15754336 registers.r10: 0 registers.rbx: 0 registers.rsp: 9957944 registers.r11: 9960144 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9958727 registers.rbp: 9958064 registers.rdi: 100 registers.rax: 11083520 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10024944 registers.r15: 10024448 registers.rcx: 48 registers.rsi: 14706432 registers.r10: 0 registers.rbx: 0 registers.rsp: 10023496 registers.r11: 10025696 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10024279 registers.rbp: 10023616 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcc1f04 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 8842600 registers.r15: 8791560722032 registers.rcx: 48 registers.rsi: 8791560653696 registers.r10: 0 registers.rbx: 0 registers.rsp: 8842232 registers.r11: 8845616 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 14918016 registers.rbp: 8842352 registers.rdi: 67222112 registers.rax: 13377280 registers.r13: 8843192	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9958896 registers.r15: 9958400 registers.rcx: 48 registers.rsi: 14705952 registers.r10: 0 registers.rbx: 0 registers.rsp: 9957448 registers.r11: 9959648 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9958231 registers.rbp: 9957568 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9696800 registers.r15: 9696304 registers.rcx: 48 registers.rsi: 14707680 registers.r10: 0 registers.rbx: 0 registers.rsp: 9695352 registers.r11: 9697552 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9696135 registers.rbp: 9695472 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8648896 registers.r15: 8648400 registers.rcx: 48 registers.rsi: 14706528 registers.r10: 0 registers.rbx: 0 registers.rsp: 8647448 registers.r11: 8649648 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8648231 registers.rbp: 8647568 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9041648 registers.r15: 9041152 registers.rcx: 48 registers.rsi: 14707488 registers.r10: 0 registers.rbx: 0 registers.rsp: 9040200 registers.r11: 9042400 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9040983 registers.rbp: 9040320 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9763072 registers.r15: 9762576 registers.rcx: 48 registers.rsi: 14705760 registers.r10: 0 registers.rbx: 0 registers.rsp: 9761624 registers.r11: 9763824 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9762407 registers.rbp: 9761744 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9762352 registers.r15: 9761856 registers.rcx: 48 registers.rsi: 14706336 registers.r10: 0 registers.rbx: 0 registers.rsp: 9760904 registers.r11: 9763104 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9761687 registers.rbp: 9761024 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8648992 registers.r15: 8648496 registers.rcx: 48 registers.rsi: 14706144 registers.r10: 0 registers.rbx: 0 registers.rsp: 8647544 registers.r11: 8649744 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8648327 registers.rbp: 8647664 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:09 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 10024720 registers.r15: 10024224 registers.rcx: 48 registers.rsi: 14704800 registers.r10: 0 registers.rbx: 0 registers.rsp: 10023272 registers.r11: 10025472 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 10024055 registers.rbp: 10023392 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:09 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9173088 registers.r15: 9172592 registers.rcx: 48 registers.rsi: 14706816 registers.r10: 0 registers.rbx: 0 registers.rsp: 9171640 registers.r11: 9173840 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092879440 registers.r12: 9172423 registers.rbp: 9171760 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:09 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 10353152 registers.r15: 10352656 registers.rcx: 48 registers.rsi: 14704992 registers.r10: 0 registers.rbx: 0 registers.rsp: 10351704 registers.r11: 10353904 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10352487 registers.rbp: 10351824 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:09 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10024736 registers.r15: 10024240 registers.rcx: 48 registers.rsi: 14705184 registers.r10: 0 registers.rbx: 0 registers.rsp: 10023288 registers.r11: 10025488 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10024071 registers.rbp: 10023408 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1
__exception__ Sept. 21, 2024, 9:02 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 8976304 registers.r15: 8975808 registers.rcx: 48 registers.rsi: 14707488 registers.r10: 0 registers.rbx: 0 registers.rsp: 8974856 registers.r11: 8977056 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8975639 registers.rbp: 8974976 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (50 out of 173 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x734c2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c5b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c26000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002870000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007398d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2820 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2820 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c5b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2820 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2820 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c26000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2820 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002820000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2820 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007398d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 3036 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 3036 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c5b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 3036 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 3036 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c26000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 3036 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002860000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 3036 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007398d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2108 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2108 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c5b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2108 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2108 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c26000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2108 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002920000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2108 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007398d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000b60000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c5b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000b60000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c26000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000005d250000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007398f000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002790000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007398d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c5b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c26000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002920000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007398d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2788 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2788 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c5b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2788 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2788 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c26000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2788 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003cb0000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2788 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007398d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c5b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076c26000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003470000 process_handle: 0xffffffffffffffff	1

An application raised an exception which may be indicative of an exploit crash (48 events)

Time & API	Arguments	Status	Return	Repeated
Application Crash	Process firefox.exe with pid 2680 crashed
Application Crash	Process firefox.exe with pid 2820 crashed
Application Crash	Process firefox.exe with pid 3036 crashed
Application Crash	Process firefox.exe with pid 2108 crashed
Application Crash	Process firefox.exe with pid 2232 crashed
Application Crash	Process firefox.exe with pid 2540 crashed
Application Crash	Process firefox.exe with pid 2788 crashed
Application Crash	Process firefox.exe with pid 300 crashed
Application Crash	Process firefox.exe with pid 1308 crashed
Application Crash	Process firefox.exe with pid 1848 crashed
Application Crash	Process firefox.exe with pid 2968 crashed
Application Crash	Process firefox.exe with pid 2416 crashed
Application Crash	Process firefox.exe with pid 2000 crashed
Application Crash	Process firefox.exe with pid 2896 crashed
Application Crash	Process firefox.exe with pid 2964 crashed
Application Crash	Process firefox.exe with pid 3304 crashed
Application Crash	Process firefox.exe with pid 3196 crashed
Application Crash	Process firefox.exe with pid 3700 crashed
Application Crash	Process firefox.exe with pid 3604 crashed
Application Crash	Process firefox.exe with pid 4088 crashed
Application Crash	Process firefox.exe with pid 4028 crashed
Application Crash	Process firefox.exe with pid 3748 crashed
Application Crash	Process firefox.exe with pid 3616 crashed
Application Crash	Process firefox.exe with pid 3248 crashed
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8778928 registers.r15: 8778432 registers.rcx: 48 registers.rsi: 14706336 registers.r10: 0 registers.rbx: 0 registers.rsp: 8777480 registers.r11: 8779680 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8778263 registers.rbp: 8777600 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: 0xcd1f04 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10481304 registers.r15: 8791560722032 registers.rcx: 48 registers.rsi: 8791560653696 registers.r10: 0 registers.rbx: 0 registers.rsp: 10480936 registers.r11: 10484320 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092879440 registers.r12: 14910784 registers.rbp: 10481056 registers.rdi: 273784864 registers.rax: 13442816 registers.r13: 10481896	1	0	0
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9304960 registers.r15: 9304464 registers.rcx: 48 registers.rsi: 14707488 registers.r10: 0 registers.rbx: 0 registers.rsp: 9303512 registers.r11: 9305712 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9304295 registers.rbp: 9303632 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8713904 registers.r15: 8713408 registers.rcx: 48 registers.rsi: 14707296 registers.r10: 0 registers.rbx: 0 registers.rsp: 8712456 registers.r11: 8714656 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8713239 registers.rbp: 8712576 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 8713744 registers.r15: 8713248 registers.rcx: 48 registers.rsi: 14705472 registers.r10: 0 registers.rbx: 0 registers.rsp: 8712296 registers.r11: 8714496 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8713079 registers.rbp: 8712416 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10615840 registers.r15: 10615344 registers.rcx: 48 registers.rsi: 14707584 registers.r10: 0 registers.rbx: 0 registers.rsp: 10614392 registers.r11: 10616592 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10615175 registers.rbp: 10614512 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8649328 registers.r15: 8648832 registers.rcx: 48 registers.rsi: 14705472 registers.r10: 0 registers.rbx: 0 registers.rsp: 8647880 registers.r11: 8650080 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8648663 registers.rbp: 8648000 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8910320 registers.r15: 8909824 registers.rcx: 48 registers.rsi: 14707104 registers.r10: 0 registers.rbx: 0 registers.rsp: 8908872 registers.r11: 8911072 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8909655 registers.rbp: 8908992 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9370784 registers.r15: 9370288 registers.rcx: 48 registers.rsi: 14706912 registers.r10: 0 registers.rbx: 0 registers.rsp: 9369336 registers.r11: 9371536 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9370119 registers.rbp: 9369456 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xa91f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa91f04 registers.r14: 9959392 registers.r15: 9958896 registers.rcx: 48 registers.rsi: 15754336 registers.r10: 0 registers.rbx: 0 registers.rsp: 9957944 registers.r11: 9960144 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9958727 registers.rbp: 9958064 registers.rdi: 100 registers.rax: 11083520 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:07 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10024944 registers.r15: 10024448 registers.rcx: 48 registers.rsi: 14706432 registers.r10: 0 registers.rbx: 0 registers.rsp: 10023496 registers.r11: 10025696 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10024279 registers.rbp: 10023616 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcc1f04 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 8842600 registers.r15: 8791560722032 registers.rcx: 48 registers.rsi: 8791560653696 registers.r10: 0 registers.rbx: 0 registers.rsp: 8842232 registers.r11: 8845616 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 14918016 registers.rbp: 8842352 registers.rdi: 67222112 registers.rax: 13377280 registers.r13: 8843192	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9958896 registers.r15: 9958400 registers.rcx: 48 registers.rsi: 14705952 registers.r10: 0 registers.rbx: 0 registers.rsp: 9957448 registers.r11: 9959648 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9958231 registers.rbp: 9957568 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9696800 registers.r15: 9696304 registers.rcx: 48 registers.rsi: 14707680 registers.r10: 0 registers.rbx: 0 registers.rsp: 9695352 registers.r11: 9697552 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 9696135 registers.rbp: 9695472 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8648896 registers.r15: 8648400 registers.rcx: 48 registers.rsi: 14706528 registers.r10: 0 registers.rbx: 0 registers.rsp: 8647448 registers.r11: 8649648 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8648231 registers.rbp: 8647568 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9041648 registers.r15: 9041152 registers.rcx: 48 registers.rsi: 14707488 registers.r10: 0 registers.rbx: 0 registers.rsp: 9040200 registers.r11: 9042400 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9040983 registers.rbp: 9040320 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9763072 registers.r15: 9762576 registers.rcx: 48 registers.rsi: 14705760 registers.r10: 0 registers.rbx: 0 registers.rsp: 9761624 registers.r11: 9763824 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9762407 registers.rbp: 9761744 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 9762352 registers.r15: 9761856 registers.rcx: 48 registers.rsi: 14706336 registers.r10: 0 registers.rbx: 0 registers.rsp: 9760904 registers.r11: 9763104 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 9761687 registers.rbp: 9761024 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:08 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 8648992 registers.r15: 8648496 registers.rcx: 48 registers.rsi: 14706144 registers.r10: 0 registers.rbx: 0 registers.rsp: 8647544 registers.r11: 8649744 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8648327 registers.rbp: 8647664 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:09 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 10024720 registers.r15: 10024224 registers.rcx: 48 registers.rsi: 14704800 registers.r10: 0 registers.rbx: 0 registers.rsp: 10023272 registers.r11: 10025472 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092883536 registers.r12: 10024055 registers.rbp: 10023392 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:09 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 9173088 registers.r15: 9172592 registers.rcx: 48 registers.rsi: 14706816 registers.r10: 0 registers.rbx: 0 registers.rsp: 9171640 registers.r11: 9173840 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092879440 registers.r12: 9172423 registers.rbp: 9171760 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:09 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 10353152 registers.r15: 10352656 registers.rcx: 48 registers.rsi: 14704992 registers.r10: 0 registers.rbx: 0 registers.rsp: 10351704 registers.r11: 10353904 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10352487 registers.rbp: 10351824 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:09 a.m.	stacktrace: 0xcd1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcd1f04 registers.r14: 10024736 registers.r15: 10024240 registers.rcx: 48 registers.rsi: 14705184 registers.r10: 0 registers.rbx: 0 registers.rsp: 10023288 registers.r11: 10025488 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 10024071 registers.rbp: 10023408 registers.rdi: 100 registers.rax: 13442816 registers.r13: 3	1	0	0
__exception__ Sept. 21, 2024, 9:02 a.m.	stacktrace: 0xcc1f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xcc1f04 registers.r14: 8976304 registers.r15: 8975808 registers.rcx: 48 registers.rsi: 14707488 registers.r10: 0 registers.rbx: 0 registers.rsp: 8974856 registers.r11: 8977056 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 8796092887632 registers.r12: 8975639 registers.rbp: 8974976 registers.rdi: 100 registers.rax: 13377280 registers.r13: 3	1	0	0

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2820 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x00000363d8730000 process_handle: 0xffffffffffffffff	1	0	0

Potentially malicious URLs were found in the process memory dump (3 events)

url	https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%SYSTEM_CAPABILITIES%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml
url	https://crash-reports.mozilla.com/submit?id=
url	https://hg.mozilla.org/releases/mozilla-release/rev/92187d03adde4b31daef292087a266f10121379c

Yara rule detected in process memory (50 out of 144 events)

description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active

Allocates execute permission to another process indicative of possible code injection (34 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2820 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2820 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 3036 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 3036 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2108 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2108 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2788 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2788 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 1848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 1848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2968 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2968 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:07 a.m.	process_identifier: 2000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:08 a.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:08 a.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:08 a.m.	process_identifier: 3196 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:08 a.m.	process_identifier: 3196 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:08 a.m.	process_identifier: 3604 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:08 a.m.	process_identifier: 3604 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:08 a.m.	process_identifier: 4028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:08 a.m.	process_identifier: 4028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:09 a.m.	process_identifier: 3616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:09 a.m.	process_identifier: 3616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:09 a.m.	process_identifier: 3224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:09 a.m.	process_identifier: 3224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:02 a.m.	process_identifier: 3884 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1
NtProtectVirtualMemory Sept. 21, 2024, 9:02 a.m.	process_identifier: 3884 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1

Manipulates memory of a non-child process indicative of process injection (13 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2084 manipulating memory of non-child process 3884
NtProtectVirtualMemory Sept. 21, 2024, 9:02 a.m.	process_identifier: 3884 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 4 (PAGE_READWRITE) base_address: 0x000000013f352000 process_handle: 0x000000000000004c	1	0	0
NtProtectVirtualMemory Sept. 21, 2024, 9:02 a.m.	process_identifier: 3884 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 2 (PAGE_READONLY) base_address: 0x000000013f352000 process_handle: 0x000000000000004c	1	0	0
NtMapViewOfSection Sept. 21, 2024, 9:02 a.m.	section_handle: 0x0000000000000060 process_identifier: 3884 commit_size: 0 win32_protect: 32 (PAGE_EXECUTE_READ) buffer: base_address: 0x000000000c580000 allocation_type: 0 () section_offset: 0 view_size: 65536 process_handle: 0x0000000000000050	1	0	0
NtAllocateVirtualMemory Sept. 21, 2024, 9:02 a.m.	process_identifier: 3884 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x000000000c580000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0x0000000000000050	1	0	0
NtProtectVirtualMemory Sept. 21, 2024, 9:02 a.m.	process_identifier: 3884 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1	0	0
NtProtectVirtualMemory Sept. 21, 2024, 9:02 a.m.	process_identifier: 3884 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x0000000076d81000 process_handle: 0x0000000000000050	1	0	0
NtProtectVirtualMemory Sept. 21, 2024, 9:02 a.m.	process_identifier: 3884 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1	0	0
NtProtectVirtualMemory Sept. 21, 2024, 9:02 a.m.	process_identifier: 3884 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x0000000076d57000 process_handle: 0x0000000000000050	1	0	0
NtProtectVirtualMemory Sept. 21, 2024, 9:02 a.m.	process_identifier: 3884 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 4 (PAGE_READWRITE) base_address: 0x000000013f300000 process_handle: 0x000000000000004c	1	0	0
NtProtectVirtualMemory Sept. 21, 2024, 9:02 a.m.	process_identifier: 3884 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 2 (PAGE_READONLY) base_address: 0x000000013f300000 process_handle: 0x000000000000004c	1	0	0
NtProtectVirtualMemory Sept. 21, 2024, 9:02 a.m.	process_identifier: 3884 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 4 (PAGE_READWRITE) base_address: 0x000000013f35a000 process_handle: 0x000000000000004c	1	0	0
NtProtectVirtualMemory Sept. 21, 2024, 9:02 a.m.	process_identifier: 3884 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 2 (PAGE_READONLY) base_address: 0x000000013f35a000 process_handle: 0x000000000000004c	1	0	0

Potential code injection by writing to the memory of another process (50 out of 154 events)

Time & API	Arguments	Status	Return
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f3522b0 process_identifier: 2680 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f360d88 process_identifier: 2680 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I»`#2?Aÿã base_address: 0x0000000076d81590 process_identifier: 2680 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: ïM base_address: 0x000000013f360d78 process_identifier: 2680 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I» 2?Aÿã base_address: 0x0000000076d57a90 process_identifier: 2680 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: ïM base_address: 0x000000013f360d70 process_identifier: 2680 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: ÏT base_address: 0x000000013f300108 process_identifier: 2680 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: Øv@Øv Øv@ØvØv°Øv ÕvàTÕv 3ØvØvÀ´Óv`,ØvÀÖvöÔv YØv2ØvVØv°ÞvÕvRØv ÕvQØvÂÕv ?ÖvPÕv°TÕvàtÕvðÖvÐ1ØvÔvÐOÔv`ê×vÐæ×vÐæ×vÐ.Øv base_address: 0x000000013f35aae8 process_identifier: 2680 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f360c78 process_identifier: 2680 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f3522b0 process_identifier: 2820 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f360d88 process_identifier: 2820 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I»`#2?Aÿã base_address: 0x0000000076d81590 process_identifier: 2820 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: S base_address: 0x000000013f360d78 process_identifier: 2820 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I» 2?Aÿã base_address: 0x0000000076d57a90 process_identifier: 2820 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: S base_address: 0x000000013f360d70 process_identifier: 2820 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: ÏT base_address: 0x000000013f300108 process_identifier: 2820 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: Øv@Øv Øv@ØvØv°Øv ÕvàTÕv 3ØvØvÀ´Óv`,ØvÀÖvöÔv YØv2ØvVØv°ÞvÕvRØv ÕvQØvÂÕv ?ÖvPÕv°TÕvàtÕvðÖvÐ1ØvÔvÐOÔv`ê×vÐæ×vÐæ×vÐ.Øv base_address: 0x000000013f35aae8 process_identifier: 2820 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f360c78 process_identifier: 2820 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f3522b0 process_identifier: 3036 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f360d88 process_identifier: 3036 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I»`#2?Aÿã base_address: 0x0000000076d81590 process_identifier: 3036 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: f base_address: 0x000000013f360d78 process_identifier: 3036 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I» 2?Aÿã base_address: 0x0000000076d57a90 process_identifier: 3036 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: f base_address: 0x000000013f360d70 process_identifier: 3036 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: ÏT base_address: 0x000000013f300108 process_identifier: 3036 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: Øv@Øv Øv@ØvØv°Øv ÕvàTÕv 3ØvØvÀ´Óv`,ØvÀÖvöÔv YØv2ØvVØv°ÞvÕvRØv ÕvQØvÂÕv ?ÖvPÕv°TÕvàtÕvðÖvÐ1ØvÔvÐOÔv`ê×vÐæ×vÐæ×vÐ.Øv base_address: 0x000000013f35aae8 process_identifier: 3036 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f360c78 process_identifier: 3036 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f3522b0 process_identifier: 2108 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f360d88 process_identifier: 2108 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I»`#2?Aÿã base_address: 0x0000000076d81590 process_identifier: 2108 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: Q base_address: 0x000000013f360d78 process_identifier: 2108 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I» 2?Aÿã base_address: 0x0000000076d57a90 process_identifier: 2108 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: Q base_address: 0x000000013f360d70 process_identifier: 2108 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: ÏT base_address: 0x000000013f300108 process_identifier: 2108 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: Øv@Øv Øv@ØvØv°Øv ÕvàTÕv 3ØvØvÀ´Óv`,ØvÀÖvöÔv YØv2ØvVØv°ÞvÕvRØv ÕvQØvÂÕv ?ÖvPÕv°TÕvàtÕvðÖvÐ1ØvÔvÐOÔv`ê×vÐæ×vÐæ×vÐ.Øv base_address: 0x000000013f35aae8 process_identifier: 2108 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f360c78 process_identifier: 2108 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: base_address: 0x000000013f3522b0 process_identifier: 2540 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: base_address: 0x000000013f360d88 process_identifier: 2540 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: I»`#2?Aÿã base_address: 0x0000000076d81590 process_identifier: 2540 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: ^ base_address: 0x000000013f360d78 process_identifier: 2540 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: I» 2?Aÿã base_address: 0x0000000076d57a90 process_identifier: 2540 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: ^ base_address: 0x000000013f360d70 process_identifier: 2540 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: ÏT base_address: 0x000000013f300108 process_identifier: 2540 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: Øv@Øv Øv@ØvØv°Øv ÕvàTÕv 3ØvØvÀ´Óv`,ØvÀÖvöÔv YØv2ØvVØv°ÞvÕvRØv ÕvQØvÂÕv ?ÖvPÕv°TÕvàtÕvðÖvÐ1ØvÔvÐOÔv`ê×vÐæ×vÐæ×vÐ.Øv base_address: 0x000000013f35aae8 process_identifier: 2540 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: base_address: 0x000000013f360c78 process_identifier: 2540 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: base_address: 0x000000013f3522b0 process_identifier: 2788 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: base_address: 0x000000013f360d88 process_identifier: 2788 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: I»`#2?Aÿã base_address: 0x0000000076d81590 process_identifier: 2788 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: ÷@ base_address: 0x000000013f360d78 process_identifier: 2788 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:07 a.m.	buffer: I» 2?Aÿã base_address: 0x0000000076d57a90 process_identifier: 2788 process_handle: 0x0000000000000050	1	1

One or more non-whitelisted processes were created (27 events)

parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\qxo5wa6x.default-release\minidumps\203ec40c-9bac-471c-8fbc-f17f3baab0ef.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\652ea18e-a53b-45c0-bc68-b132ac0e49b6.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\ee573f7a-07c6-4c1a-8b0c-3e58f97e88a4.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\5e2c52c0-2190-41ae-bdad-6a1fec78a240.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\4a146ccc-259c-4bb2-9ee3-b71628589285.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\6c52910b-4cf3-4048-9110-89bf77183ade.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\c6e8b682-74aa-4f4e-b97a-3e29df4e0206.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\bca5cd2a-ebd1-4cf7-aa64-80b5172c9cf9.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\3ecb5527-ee03-49c2-bb74-42ad3f51f6c0.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\17ed59a1-a3a1-4a03-9f91-e45e15f47f8c.dmp"
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
parent_process	firefox.exe	martian_process	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account

Appends a known multi-family ransomware file extension to files that have been encrypted (2 events)

file	C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\qxo5wa6x.default-release\parent.lock
file	C:\Users\test22\AppData\Local\Temp\firefox\parent.lock

Resumed a suspended thread in a remote process potentially indicative of process injection (32 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2612 resumed a thread in remote process 2680
Process injection	Process 2776 resumed a thread in remote process 2820
Process injection	Process 2952 resumed a thread in remote process 3036
Process injection	Process 2080 resumed a thread in remote process 2108
Process injection	Process 2440 resumed a thread in remote process 2540
Process injection	Process 2728 resumed a thread in remote process 2788
Process injection	Process 3012 resumed a thread in remote process 300
Process injection	Process 1976 resumed a thread in remote process 1848
Process injection	Process 2660 resumed a thread in remote process 2968
Process injection	Process 2684 resumed a thread in remote process 2000
Process injection	Process 1608 resumed a thread in remote process 2964
Process injection	Process 2916 resumed a thread in remote process 3196
Process injection	Process 3520 resumed a thread in remote process 3604
Process injection	Process 3880 resumed a thread in remote process 4028
Process injection	Process 3364 resumed a thread in remote process 3616
Process injection	Process 3912 resumed a thread in remote process 3224
NtResumeThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2680	1	0	0
NtResumeThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2820	1	0	0
NtResumeThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 3036	1	0	0
NtResumeThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2108	1	0	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2540	1	0	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2788	1	0	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 300	1	0	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 1848	1	0	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2968	1	0	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2000	1	0	0
NtResumeThread Sept. 21, 2024, 9:08 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2964	1	0	0
NtResumeThread Sept. 21, 2024, 9:08 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 3196	1	0	0
NtResumeThread Sept. 21, 2024, 9:08 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 3604	1	0	0
NtResumeThread Sept. 21, 2024, 9:08 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 4028	1	0	0
NtResumeThread Sept. 21, 2024, 9:09 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 3616	1	0	0
NtResumeThread Sept. 21, 2024, 9:09 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 3224	1	0	0

Executed a process and injected code into it, probably while unpacking (50 out of 484 events)

Time & API	Arguments	Status	Return
CreateProcessInternalW Sept. 21, 2024, 9:06 a.m.	thread_identifier: 2616 thread_handle: 0x00000134 process_identifier: 2612 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 21, 2024, 9:06 a.m.	thread_identifier: 2780 thread_handle: 0x00000138 process_identifier: 2776 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 21, 2024, 9:06 a.m.	thread_identifier: 2956 thread_handle: 0x00000134 process_identifier: 2952 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 21, 2024, 9:06 a.m.	thread_identifier: 2084 thread_handle: 0x00000138 process_identifier: 2080 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 21, 2024, 9:06 a.m.	thread_identifier: 2236 thread_handle: 0x00000134 process_identifier: 2232 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 2464 thread_handle: 0x00000138 process_identifier: 2440 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 2720 thread_handle: 0x00000134 process_identifier: 2728 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 3020 thread_handle: 0x00000138 process_identifier: 3012 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 2304 thread_handle: 0x00000134 process_identifier: 1976 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 1732 thread_handle: 0x00000138 process_identifier: 1308 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 2368 thread_handle: 0x00000134 process_identifier: 2660 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 2932 thread_handle: 0x00000138 process_identifier: 2684 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 1948 thread_handle: 0x00000134 process_identifier: 2416 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 21, 2024, 9:07 a.m.	thread_identifier: 2992 thread_handle: 0x00000138 process_identifier: 1608 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 21, 2024, 9:08 a.m.	thread_identifier: 1964 thread_handle: 0x00000134 process_identifier: 2896 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 21, 2024, 9:08 a.m.	thread_identifier: 3076 thread_handle: 0x00000138 process_identifier: 2916 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 21, 2024, 9:08 a.m.	thread_identifier: 3308 thread_handle: 0x00000134 process_identifier: 3304 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 21, 2024, 9:08 a.m.	thread_identifier: 3524 thread_handle: 0x00000138 process_identifier: 3520 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 21, 2024, 9:08 a.m.	thread_identifier: 3704 thread_handle: 0x00000134 process_identifier: 3700 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 21, 2024, 9:08 a.m.	thread_identifier: 3884 thread_handle: 0x00000138 process_identifier: 3880 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 21, 2024, 9:08 a.m.	thread_identifier: 4092 thread_handle: 0x00000134 process_identifier: 4088 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 21, 2024, 9:08 a.m.	thread_identifier: 3356 thread_handle: 0x00000138 process_identifier: 3364 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 21, 2024, 9:09 a.m.	thread_identifier: 3752 thread_handle: 0x00000134 process_identifier: 3748 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 21, 2024, 9:09 a.m.	thread_identifier: 3004 thread_handle: 0x00000138 process_identifier: 3912 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 21, 2024, 9:09 a.m.	thread_identifier: 1536 thread_handle: 0x00000134 process_identifier: 3248 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 21, 2024, 9:09 a.m.	thread_identifier: 1156 thread_handle: 0x00000138 process_identifier: 2084 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000134	1	1
CreateProcessInternalW Sept. 21, 2024, 9:09 a.m.	thread_identifier: 3392 thread_handle: 0x00000134 process_identifier: 1108 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Program Files\Mozilla Firefox\firefox.exe --kiosk https://www.youtube.com/account filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000138	1	1
CreateProcessInternalW Sept. 21, 2024, 9:06 a.m.	thread_identifier: 2684 thread_handle: 0x0000000000000044 process_identifier: 2680 current_directory: filepath: C:\Program Files\Mozilla Firefox\firefox.exe track: 1 command_line: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account filepath_r: C:\Program Files\Mozilla Firefox\firefox.exe stack_pivoted: 0 creation_flags: 1028 (CREATE_SUSPENDED\|CREATE_UNICODE_ENVIRONMENT) inherit_handles: 0 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f3522b0 process_identifier: 2680 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f360d88 process_identifier: 2680 process_handle: 0x000000000000004c	1	1
NtMapViewOfSection Sept. 21, 2024, 9:06 a.m.	section_handle: 0x0000000000000060 process_identifier: 2680 commit_size: 0 win32_protect: 32 (PAGE_EXECUTE_READ) buffer: base_address: 0x000000004def0000 allocation_type: 0 () section_offset: 0 view_size: 65536 process_handle: 0x0000000000000050	1	0
NtAllocateVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x000000004def0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0x0000000000000050	1	0
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I»`#2?Aÿã base_address: 0x0000000076d81590 process_identifier: 2680 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: ïM base_address: 0x000000013f360d78 process_identifier: 2680 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: I» 2?Aÿã base_address: 0x0000000076d57a90 process_identifier: 2680 process_handle: 0x0000000000000050	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: ïM base_address: 0x000000013f360d70 process_identifier: 2680 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: ÏT base_address: 0x000000013f300108 process_identifier: 2680 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: Øv@Øv Øv@ØvØv°Øv ÕvàTÕv 3ØvØvÀ´Óv`,ØvÀÖvöÔv YØv2ØvVØv°ÞvÕvRØv ÕvQØvÂÕv ?ÖvPÕv°TÕvàtÕvðÖvÐ1ØvÔvÐOÔv`ê×vÐæ×vÐæ×vÐ.Øv base_address: 0x000000013f35aae8 process_identifier: 2680 process_handle: 0x000000000000004c	1	1
WriteProcessMemory Sept. 21, 2024, 9:06 a.m.	buffer: base_address: 0x000000013f360c78 process_identifier: 2680 process_handle: 0x000000000000004c	1	1
NtResumeThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000044 suspend_count: 1 process_identifier: 2680	1	0
NtResumeThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x000000000000016c suspend_count: 1 process_identifier: 2680	1	0
NtGetContextThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x00000000000001d8	1	0
NtGetContextThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x00000000000001dc	1	0
NtGetContextThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x00000000000001f8	1	0
NtGetContextThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000200	1	0
NtGetContextThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000204		-1073741823
NtGetContextThread Sept. 21, 2024, 9:06 a.m.	thread_handle: 0x0000000000000208	1	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x00000000000001d8 suspend_count: 1 process_identifier: 2680	1	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x00000000000001dc suspend_count: 1 process_identifier: 2680	1	0
NtResumeThread Sept. 21, 2024, 9:07 a.m.	thread_handle: 0x00000000000001f8 suspend_count: 1 process_identifier: 2680	1	0

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win64.Injects.ts93
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Genericuh.ch
ALYac	Trojan.Generic.36767049
Cylance	Unsafe
VIPRE	Trojan.Generic.36767049
Sangfor	Trojan.Win32.Autoit.V2fm
BitDefender	Trojan.Generic.36767049
K7GW	Trojan ( 005ba03d1 )
K7AntiVirus	Trojan ( 005ba03d1 )
Arcabit	Trojan.Generic.D2310549
VirIT	Trojan.Win32.AutoIt.HHD
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Autoit.ORF
APEX	Malicious
Avast	Win32:Malware-gen
Alibaba	Trojan:Win32/AutoInject.f2f0ac80
MicroWorld-eScan	Trojan.Generic.36767049
Emsisoft	Trojan.Generic.36767049 (B)
F-Secure	Trojan.TR/AVI.Agent.fqhom
DrWeb	Trojan.Siggen29.4458
TrendMicro	Trojan.Win32.AMADEY.YXEISZ
McAfeeD	Real Protect-LS!0568C4BCF6AC
CTX	exe.trojan.autoit
Sophos	Mal/Generic-S
FireEye	Generic.mg.0568c4bcf6acda54
Webroot	W32.Trojan.Agent.Gen
Google	Detected
Avira	TR/AVI.Agent.fqhom
Kingsoft	Script.Trojan.AutoIt.an
Gridinsoft	Trojan.Win32.Agent.sa
Xcitium	Malware@#usup19jmazjp
Microsoft	Trojan:Win32/AutoInject.CCJC!MTB
GData	Trojan.Generic.36767049
Varist	W32/AutoIt.ABD.gen!Eldorado
AhnLab-V3	Trojan/Win.Injection.C5671887
McAfee	Artemis!0568C4BCF6AC
DeepInstinct	MALICIOUS
VBA32	Trojan.Script
Malwarebytes	Malware.AI.22776748
Ikarus	Trojan.Win32.Autoit
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.AMADEY.YXEISZ
Tencent	Autoit.Trojan.Autoit.Itgl
huorong	Trojan/AutoIT.Agent.d
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Autoit.ORF!tr
AVG	Win32:Malware-gen

wels.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All