What is RescueMaster.exe?
RescueMaster.exe is part of ArchiCrypt Rescue Master 2008 and developed by Softwareentwicklung Remus according to the RescueMaster.exe version information.
RescueMaster.exe's description is "ArchiCrypt Rescue Master"
RescueMaster.exe is usually located in the 'C:\Program Files (x86)\ArchiCrypt\Rescue Master 2008\' folder.
Some of the anti-virus scanners at VirusTotal detected RescueMaster.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
The following is the available information on RescueMaster.exe:
| Property | Value |
|---|---|
| Product name | ArchiCrypt Rescue Master 2008 |
| Company name | Softwareentwicklung Remus |
| File description | ArchiCrypt Rescue Master |
| Legal copyright | ArchiCrypt |
| Legal trademark | ArchiCrypt |
| Product version | 1.0.5.1288 |
| File version | 1.0.5.1291 |
Here's a screenshot of the file properties when displayed by Windows Explorer:
| Product name | ArchiCrypt Rescue Master 2008 |
| Company name | Softwareentwicklung Remus |
| File description | ArchiCrypt Rescue Master |
| Legal copyright | ArchiCrypt |
| Legal trademark | ArchiCrypt |
| Product version | 1.0.5.1288 |
| File version | 1.0.5.1291 |
VirusTotal report
1 of the 69 anti-virus programs at VirusTotal detected the RescueMaster.exe file. That's a 1% detection rate.
| Scanner | Detection Name |
|---|---|
| Cylance | Unsafe |
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_recreated": [
"\\??\\SCSI0:",
"\\??\\Nsi",
"\\??\\PHYSICALDRIVE0"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A437345C-4DC7-BEF2-32DA-1ED479558E2A}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Licenses\\{K7C0DB872A3F777C0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A437345C-4DC7-BEF2-32DA-1ED479558E2A}\\InProcServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Software\\Licenses\\{R7C0DB872A3F777C0}",
"HKEY_CURRENT_USER\\Software\\Licenses\\{0AEDE45642C2B1C9C}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\RFC1156Agent\\CurrentVersion\\Parameters\\TrapPollTimeMilliSecs",
"HKEY_CURRENT_USER\\Software\\Licenses\\{IAEDE45642C2B1C9C}"
],
"dll_loaded": [
"gdiplus.dll",
"SvcTagLib.dll",
"winmm.dll",
"u3dapi10.dll",
"gdi32.dll",
"icm32.dll",
"KERNEL32.dll",
"UXTHEME.DLL",
"oleaut32.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"USER32.DLL",
"UxTheme.dll",
"mpr.dll",
"olepro32.dll",
"URLMON.DLL",
"C:\\Windows\\syswow64\\MSCTF.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"KERNEL32.DLL",
"OLEAUT32.DLL",
"version.dll",
"advapi32.dll",
"comctl32",
"ole32.dll",
"comctl32.dll",
"ws2_32.dll",
"USER32.dll",
"IMM32.dll",
"comdlg32.dll",
"kernel32.dll",
"inetmib1.dll",
"wininet.dll",
"shell32.dll",
"Kernel32.DLL",
"uxtheme.dll",
"OLEAUT32.dll",
"SHELL32.dll",
"DWMAPI.DLL",
"COMCTL32.dll",
"WindowsCodecs.dll",
"snmpapi.dll",
"GDI32.dll",
"LZ32.DLL",
"ADVAPI32.dll",
"rpcrt4.dll",
"SETUPAPI.dll",
"user32.dll",
"mscms.dll"
],
"file_failed": [
"\\??\\SIWVID",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\AEDE45642C2B1C9C.TMP",
"\\??\\SuperBPMDev0",
"\\??\\SIWDEBUG",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\AEDE4564.RREF",
"\\??\\NTICE",
"\\??\\SICE",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\11a75079e63f526b0fde37041799fce196a3398c30d278a71821b414cb0adc34.INI"
],
"regkey_opened": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\GDIPlus",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Rpc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A437345C-4DC7-BEF2-32DA-1ED479558E2A}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\CLSID\\{A437345C-4DC7-BEF2-32DA-1ED479558E2A}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Fonts",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\Tracing",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Control Panel\\Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_CURRENT_USER\\Software\\The Silicon Realms Toolworks\\Armadillo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\EUDC\\1252",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A437345C-4DC7-BEF2-32DA-1ED479558E2A}\\Containers",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_CURRENT_USER\\Software\\Borland\\Delphi\\Locales",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\Hardware\\Description\\System",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1249B20C-5DD0-44FE-B0B3-8F92C8E6D080}\\InProcServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1249B20C-5DD0-44FE-B0B3-8F92C8E6D080}\\Containers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\system\\CurrentControlSet\\control\\NetworkProvider\\HwOrder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ClusSvc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLEAUT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IceExt",
"HKEY_CURRENT_USER\\Software\\Borland\\Locales",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\CLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\Software\\Borland\\Locales",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\RFC1156Agent\\CurrentVersion\\Parameters",
"HKEY_CLASSES_ROOT\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\ICMatchers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\11a75079e63f526b0fde37041799fce196a3398c30d278a71821b414cb0adc34.bin",
"HKEY_CURRENT_USER\\Software\\Licenses",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1249B20C-5DD0-44FE-B0B3-8F92C8E6D080}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"
],
"regkey_deleted": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A437345C-4DC7-BEF2-32DA-1ED479558E2A}\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A437345C-4DC7-BEF2-32DA-1ED479558E2A}\\Version"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Roaming\\ArchiCrypt Rescue Master\\",
"C:\\Users\\cuck\\AppData\\Roaming\\",
"C:\\",
"C:\\Users\\cuck\\AppData\\Roaming\\ArchiCrypt Rescue Master\\RescueMasterInit.xml",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Language\\English.xml",
"C:\\Windows\\Fonts\\ahronbd.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\debug.log",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\loader.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\11a75079e63f526b0fde37041799fce196a3398c30d278a71821b414cb0adc34.bin",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\U3\\U3Raw.raw",
"C:\\Users\\cuck\\AppData\\Roaming\\ArchiCrypt Rescue Master",
"C:\\Windows\\System32\\spool\\drivers\\color\\Photo.gmmp",
"C:\\Windows\\System32\\spool\\drivers\\color\\D65.camp"
],
"mutex": [
"RALAEDE4564",
"11A75079E63F526B0FDE37041799FCE196A3398C30D278A71821B414CB0ADC34.BIN",
"AEDE4564::WK",
"ACRM"
],
"file_opened": [
"C:\\Windows\\Fonts\\msyh.ttf",
"C:\\Windows\\Fonts\\arialbd.ttf",
"C:\\",
"c:\\",
"C:\\Windows\\Fonts\\arialbi.ttf",
"C:\\Windows\\Fonts\\ariali.ttf",
"C:\\Windows\\Fonts\\micross.ttf",
"C:\\Windows\\Fonts\\tahoma.ttf",
"C:\\Windows\\Fonts\\segoeui.ttf",
"\\??\\c:",
"C:\\Windows\\Fonts\\segoeuib.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\11a75079e63f526b0fde37041799fce196a3398c30d278a71821b414cb0adc34.bin",
"C:\\Users\\cuck\\AppData\\Local\\GDIPFONTCACHEV1.DAT",
"C:\\Windows\\Fonts\\msjh.ttf",
"C:\\Windows\\Fonts\\malgun.ttf",
"C:\\Windows\\Fonts\\tahomabd.ttf",
"C:\\Windows\\Fonts\\segoeuiz.ttf",
"\\??\\C:",
"C:\\Windows\\Fonts\\segoeuii.ttf",
"C:\\Windows\\Fonts\\arial.ttf"
],
"guid": [
"{f5078f32-c551-11d3-89b9-0000f81fe221}",
"{00000112-0000-0000-c000-000000000046}",
"{00020400-0000-0000-c000-000000000046}",
"{88d969c0-f192-11d4-a65f-0040963251e5}",
"{8856f961-340a-11d0-a96b-00c04fd705a2}"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\11a75079e63f526b0fde37041799fce196a3398c30d278a71821b414cb0adc34.bin",
"\\??\\c:"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewAlphaSelect",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\MaxRpcSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\PageAllocatorUseSystemHeap",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\camp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_CURRENT_USER\\Software\\Licenses\\{0AEDE45642C2B1C9C}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\GDIPlus\\FontCachePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosVersion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_CURRENT_USER\\Software\\Licenses\\{R7C0DB872A3F777C0}",
"HKEY_CURRENT_USER\\Software\\Licenses\\{K7C0DB872A3F777C0}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\OOBEInProgress",
"HKEY_CURRENT_USER\\Software\\Licenses\\{IAEDE45642C2B1C9C}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\MS Shell Dlg 2",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosDate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arial",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\rip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\RFC1156Agent\\CurrentVersion\\Parameters\\TrapPollTimeMilliSecs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\PageAllocatorSystemHeapIsPrivate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName\\ComputerName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Tahoma",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\SmoothScroll",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewShadow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AccListViewV6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A437345C-4DC7-BEF2-32DA-1ED479558E2A}\\Twnfyglie",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\EnableBalloonTips",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey"
],
"directory_enumerated": [
"C:\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Rescue Plugins\\*.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\*",
"C:\\Windows\\*",
"C:\\Windows\\System32\\*"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\Roaming\\ArchiCrypt Rescue Master"
]
}Generic
[
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1560815586.3281,
"ppid": 376
},
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\11a75079e63f526b0fde37041799fce196a3398c30d278a71821b414cb0adc34.bin",
"process_name": "11a75079e63f526b0fde37041799fce196a3398c30d278a71821b414cb0adc34.bin",
"pid": 2660,
"summary": {
"file_recreated": [
"\\??\\SCSI0:",
"\\??\\Nsi",
"\\??\\PHYSICALDRIVE0"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A437345C-4DC7-BEF2-32DA-1ED479558E2A}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Licenses\\{K7C0DB872A3F777C0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A437345C-4DC7-BEF2-32DA-1ED479558E2A}\\InProcServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Software\\Licenses\\{R7C0DB872A3F777C0}",
"HKEY_CURRENT_USER\\Software\\Licenses\\{0AEDE45642C2B1C9C}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\RFC1156Agent\\CurrentVersion\\Parameters\\TrapPollTimeMilliSecs",
"HKEY_CURRENT_USER\\Software\\Licenses\\{IAEDE45642C2B1C9C}"
],
"dll_loaded": [
"gdiplus.dll",
"SvcTagLib.dll",
"winmm.dll",
"u3dapi10.dll",
"gdi32.dll",
"icm32.dll",
"KERNEL32.dll",
"UXTHEME.DLL",
"oleaut32.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"USER32.DLL",
"UxTheme.dll",
"mpr.dll",
"olepro32.dll",
"URLMON.DLL",
"C:\\Windows\\syswow64\\MSCTF.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"KERNEL32.DLL",
"OLEAUT32.DLL",
"version.dll",
"advapi32.dll",
"comctl32",
"ole32.dll",
"comctl32.dll",
"ws2_32.dll",
"USER32.dll",
"IMM32.dll",
"comdlg32.dll",
"kernel32.dll",
"inetmib1.dll",
"wininet.dll",
"shell32.dll",
"Kernel32.DLL",
"uxtheme.dll",
"OLEAUT32.dll",
"SHELL32.dll",
"DWMAPI.DLL",
"COMCTL32.dll",
"WindowsCodecs.dll",
"snmpapi.dll",
"GDI32.dll",
"LZ32.DLL",
"ADVAPI32.dll",
"rpcrt4.dll",
"SETUPAPI.dll",
"user32.dll",
"mscms.dll"
],
"file_failed": [
"\\??\\SIWVID",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\AEDE45642C2B1C9C.TMP",
"\\??\\SuperBPMDev0",
"\\??\\SIWDEBUG",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\AEDE4564.RREF",
"\\??\\NTICE",
"\\??\\SICE",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\11a75079e63f526b0fde37041799fce196a3398c30d278a71821b414cb0adc34.INI"
],
"regkey_opened": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\GDIPlus",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Rpc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A437345C-4DC7-BEF2-32DA-1ED479558E2A}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\CLSID\\{A437345C-4DC7-BEF2-32DA-1ED479558E2A}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Fonts",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\Tracing",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Control Panel\\Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_CURRENT_USER\\Software\\The Silicon Realms Toolworks\\Armadillo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\EUDC\\1252",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A437345C-4DC7-BEF2-32DA-1ED479558E2A}\\Containers",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_CURRENT_USER\\Software\\Borland\\Delphi\\Locales",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\Hardware\\Description\\System",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1249B20C-5DD0-44FE-B0B3-8F92C8E6D080}\\InProcServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1249B20C-5DD0-44FE-B0B3-8F92C8E6D080}\\Containers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\system\\CurrentControlSet\\control\\NetworkProvider\\HwOrder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ClusSvc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLEAUT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IceExt",
"HKEY_CURRENT_USER\\Software\\Borland\\Locales",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\CLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\Software\\Borland\\Locales",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\RFC1156Agent\\CurrentVersion\\Parameters",
"HKEY_CLASSES_ROOT\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\ICMatchers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\11a75079e63f526b0fde37041799fce196a3398c30d278a71821b414cb0adc34.bin",
"HKEY_CURRENT_USER\\Software\\Licenses",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1249B20C-5DD0-44FE-B0B3-8F92C8E6D080}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"
],
"regkey_deleted": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A437345C-4DC7-BEF2-32DA-1ED479558E2A}\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A437345C-4DC7-BEF2-32DA-1ED479558E2A}\\Version"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Roaming\\ArchiCrypt Rescue Master\\",
"C:\\Users\\cuck\\AppData\\Roaming\\",
"C:\\",
"C:\\Users\\cuck\\AppData\\Roaming\\ArchiCrypt Rescue Master\\RescueMasterInit.xml",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Language\\English.xml",
"C:\\Windows\\Fonts\\ahronbd.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\debug.log",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\loader.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\11a75079e63f526b0fde37041799fce196a3398c30d278a71821b414cb0adc34.bin",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\U3\\U3Raw.raw",
"C:\\Users\\cuck\\AppData\\Roaming\\ArchiCrypt Rescue Master",
"C:\\Windows\\System32\\spool\\drivers\\color\\Photo.gmmp",
"C:\\Windows\\System32\\spool\\drivers\\color\\D65.camp"
],
"mutex": [
"RALAEDE4564",
"11A75079E63F526B0FDE37041799FCE196A3398C30D278A71821B414CB0ADC34.BIN",
"AEDE4564::WK",
"ACRM"
],
"file_opened": [
"C:\\Windows\\Fonts\\msyh.ttf",
"C:\\Windows\\Fonts\\arialbd.ttf",
"C:\\",
"c:\\",
"C:\\Windows\\Fonts\\arialbi.ttf",
"C:\\Windows\\Fonts\\ariali.ttf",
"C:\\Windows\\Fonts\\micross.ttf",
"C:\\Windows\\Fonts\\tahoma.ttf",
"C:\\Windows\\Fonts\\segoeui.ttf",
"\\??\\c:",
"C:\\Windows\\Fonts\\segoeuib.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\11a75079e63f526b0fde37041799fce196a3398c30d278a71821b414cb0adc34.bin",
"C:\\Users\\cuck\\AppData\\Local\\GDIPFONTCACHEV1.DAT",
"C:\\Windows\\Fonts\\msjh.ttf",
"C:\\Windows\\Fonts\\malgun.ttf",
"C:\\Windows\\Fonts\\tahomabd.ttf",
"C:\\Windows\\Fonts\\segoeuiz.ttf",
"\\??\\C:",
"C:\\Windows\\Fonts\\segoeuii.ttf",
"C:\\Windows\\Fonts\\arial.ttf"
],
"guid": [
"{f5078f32-c551-11d3-89b9-0000f81fe221}",
"{00000112-0000-0000-c000-000000000046}",
"{00020400-0000-0000-c000-000000000046}",
"{88d969c0-f192-11d4-a65f-0040963251e5}",
"{8856f961-340a-11d0-a96b-00c04fd705a2}"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\11a75079e63f526b0fde37041799fce196a3398c30d278a71821b414cb0adc34.bin",
"\\??\\c:"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewAlphaSelect",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\MaxRpcSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\PageAllocatorUseSystemHeap",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\camp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_CURRENT_USER\\Software\\Licenses\\{0AEDE45642C2B1C9C}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\GDIPlus\\FontCachePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosVersion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_CURRENT_USER\\Software\\Licenses\\{R7C0DB872A3F777C0}",
"HKEY_CURRENT_USER\\Software\\Licenses\\{K7C0DB872A3F777C0}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\OOBEInProgress",
"HKEY_CURRENT_USER\\Software\\Licenses\\{IAEDE45642C2B1C9C}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\MS Shell Dlg 2",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosDate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arial",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\rip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\RFC1156Agent\\CurrentVersion\\Parameters\\TrapPollTimeMilliSecs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\PageAllocatorSystemHeapIsPrivate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName\\ComputerName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Tahoma",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\SmoothScroll",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewShadow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AccListViewV6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A437345C-4DC7-BEF2-32DA-1ED479558E2A}\\Twnfyglie",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\EnableBalloonTips",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey"
],
"directory_enumerated": [
"C:\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Rescue Plugins\\*.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\*",
"C:\\Windows\\*",
"C:\\Windows\\System32\\*"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\Roaming\\ArchiCrypt Rescue Master"
]
},
"first_seen": 1560815586.6562,
"ppid": 1624
}
]Signatures
[
{
"markcount": 16,
"families": [],
"description": "Queries for the computername",
"severity": 1,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1560815586.8133,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 551
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1560815586.8133,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 555
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1560815587.0942,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 764
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1560815587.0942,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 788
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1560815587.0942,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 820
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1560815587.0942,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 844
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1560815587.0942,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 876
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1560815587.0942,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 900
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1560815587.1102,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 932
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1560815587.1102,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 956
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1560815587.1102,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 965
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1560815587.1102,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 970
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1560815587.1102,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 988
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1560815587.1102,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1024
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1560815587.9223,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2973
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1560815588.0312,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 3445
}
],
"references": [],
"name": "antivm_queries_computername"
},
{
"markcount": 1,
"families": [],
"description": "Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)",
"severity": 1,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosDate",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "recon_fingerprint"
},
{
"markcount": 1,
"families": [],
"description": "Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "GlobalMemoryStatusEx",
"return_value": 1,
"arguments": {},
"time": 1560815587.1412,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1110
}
],
"references": [],
"name": "antivm_memory_available"
},
{
"markcount": 5,
"families": [],
"description": "The executable contains unknown PE section names indicative of a packer (could be a false positive)",
"severity": 1,
"marks": [
{
"category": "section",
"ioc": ".itext",
"type": "ioc",
"description": null
},
{
"category": "section",
"ioc": ".text1",
"type": "ioc",
"description": null
},
{
"category": "section",
"ioc": ".adata",
"type": "ioc",
"description": null
},
{
"category": "section",
"ioc": ".data1",
"type": "ioc",
"description": null
},
{
"category": "section",
"ioc": ".reloc1",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_features"
},
{
"markcount": 64,
"families": [],
"description": "One or more processes crashed",
"severity": 1,
"marks": [
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "S\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n0\n3\nf\n \n@\n \n0\nx\n2\n4\n1\n3\n7\n1\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n0\n2\n0\n \n@\n \n0\nx\n2\n4\n1\n3\n7\n0\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n8\n8\n3\n \n@\n \n0\nx\n2\n4\n0\n8\ne\n5\nd\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n0\n1\na\n \n@\n \n0\nx\n2\n4\n3\n4\n6\nf\na\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1631724,
"edi": 1221961681,
"eax": 1447909480,
"ebp": 1631732,
"edx": 22104,
"ebx": 0,
"esi": 7496560,
"ecx": 10
},
"exception": {
"instruction_r": "ed 81 fb 68 58 4d 56 75 04 c6 45 ff 01 8a 45 ff",
"instruction": "in eax, dx",
"exception_code": "0xc0000096",
"symbol": "SetFunctionAddresses+0x206d",
"address": "0x241374d"
}
},
"time": 1560815587.1412,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1091
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "S\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\n0\n4\n \n@\n \n0\nx\n2\n4\n1\n3\n7\ne\n4\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n8\n4\n7\n \n@\n \n0\nx\n2\n4\n0\n8\ne\n9\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n0\n1\na\n \n@\n \n0\nx\n2\n4\n3\n4\n6\nf\na\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1631792,
"edi": 1221961681,
"eax": 1,
"ebp": 1631804,
"edx": 2130566132,
"ebx": 0,
"esi": 7496560,
"ecx": 2003435520
},
"exception": {
"instruction_r": "0f 3f 07 0b 36 8b 04 24 64 a3 00 00 00 00 83 c4",
"symbol": "11a75079e63f526b0fde37041799fce196a3398c30d278a71821b414cb0adc34+0x2f0f06",
"address": "0x6f0f06",
"module": "11a75079e63f526b0fde37041799fce196a3398c30d278a71821b414cb0adc34.bin",
"exception_code": "0xc000001d",
"offset": 3084038
}
},
"time": 1560815587.1412,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1094
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n1\nb\na\n2\n3\n \n@\n \n0\nx\n2\n4\n2\nd\n1\n0\n3\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n1\na\na\nd\n0\n \n@\n \n0\nx\n2\n4\n2\nc\n1\nb\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n1\na\nc\n3\n3\n \n@\n \n0\nx\n2\n3\nf\n6\na\na\nd\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n1\na\nd\n1\n8\n \n@\n \n0\nx\n2\n3\nf\n6\n9\nc\n8\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n1\na\nf\ne\n1\n \n@\n \n0\nx\n2\n3\nf\n6\n6\nf\nf\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\ne\nc\n2\nc\n \n@\n \n0\nx\n2\n4\n0\n2\na\nb\n4\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\nb\n7\n4\nb\n \n@\n \n0\nx\n2\n4\n0\n5\nf\n9\n5\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\nb\na\n5\n9\n \n@\n \n0\nx\n2\n4\n0\n5\nc\n8\n7\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\ne\na\nf\nf\n \n@\n \n0\nx\n2\n4\n0\n2\nb\ne\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\nf\n9\nf\nf\n \n@\n \n0\nx\n2\n4\n0\n1\nc\ne\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n6\n8\n1\n \n@\n \n0\nx\n2\n4\n0\n9\n0\n5\nf\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n7\n8\n2\n \n@\n \n0\nx\n2\n4\n0\n8\nf\n5\ne\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n0\n1\na\n \n@\n \n0\nx\n2\n4\n3\n4\n6\nf\na\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1604176,
"edi": 1221961681,
"eax": 0,
"ebp": 1604180,
"edx": 38237316,
"ebx": 0,
"esi": 16384,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.1412,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1132
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n6\n2\n9\nb\n \n@\n \n0\nx\n2\n4\n1\n7\n9\n7\nb\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n1\n1\nd\n0\n3\n \n@\n \n0\nx\n2\n3\nf\nf\n9\nd\nd\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n6\n6\n4\ne\n \n@\n \n0\nx\n2\n4\n0\nb\n0\n9\n2\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n6\n7\n8\n2\n \n@\n \n0\nx\n2\n4\n0\na\nf\n5\ne\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n3\n9\n7\nd\n \n@\n \n0\nx\n2\n4\n0\nd\nd\n6\n3\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n3\n5\n0\n0\n \n@\n \n0\nx\n2\n4\n0\ne\n1\ne\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n6\nf\nb\n \n@\n \n0\nx\n2\n4\n0\n8\nf\ne\n5\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n0\n1\na\n \n@\n \n0\nx\n2\n4\n3\n4\n6\nf\na\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1602476,
"edi": 1221961681,
"eax": 0,
"ebp": 1602480,
"edx": 38237316,
"ebx": 0,
"esi": 7496560,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.1883,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1269
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n6\n2\n9\nb\n \n@\n \n0\nx\n2\n4\n1\n7\n9\n7\nb\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n1\n1\nd\n8\n7\n \n@\n \n0\nx\n2\n3\nf\nf\n9\n5\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n2\nc\n8\n \n@\n \n0\nx\n2\n4\n0\n9\n4\n1\n8\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\na\n2\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n8\n2\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1631700,
"edi": 1221961681,
"eax": 0,
"ebp": 1631704,
"edx": 38237316,
"ebx": 0,
"esi": 7496560,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.2032,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1394
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n6\n2\n9\nb\n \n@\n \n0\nx\n2\n4\n1\n7\n9\n7\nb\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n7\nc\na\nc\n \n@\n \n0\nx\n2\n4\n0\n9\na\n3\n4\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n2\n6\nb\n \n@\n \n0\nx\n2\n4\n0\n9\n4\n7\n5\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\na\n2\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n8\n2\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1631700,
"edi": 1221961681,
"eax": 0,
"ebp": 1631704,
"edx": 38237316,
"ebx": 0,
"esi": 7496560,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.2032,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1395
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\na\nc\ne\n \n@\n \n0\nx\n2\n4\n3\n5\n1\na\ne\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610720,
"edi": 1221961681,
"eax": 0,
"ebp": 1610724,
"edx": 38237316,
"ebx": 0,
"esi": 7496560,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.2032,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1396
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n5\n7\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nc\n5\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n4\n8\n3\nd\n \n@\n \n0\nx\n2\n4\n3\n5\nf\n1\nd\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610720,
"edi": 1221961681,
"eax": 0,
"ebp": 1610724,
"edx": 38237352,
"ebx": 1,
"esi": 2297344,
"ecx": 38237352
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.2032,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1399
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n4\nb\nd\nf\n \n@\n \n0\nx\n2\n4\n3\n6\n2\nb\nf\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610720,
"edi": 1221961681,
"eax": 0,
"ebp": 1610724,
"edx": 38237316,
"ebx": 1,
"esi": 2297344,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.2032,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1401
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\nb\n1\na\nf\n \n@\n \n0\nx\n2\n4\n3\nc\n8\n8\nf\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n4\nd\nd\ne\n \n@\n \n0\nx\n2\n4\n3\n6\n4\nb\ne\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1609584,
"edi": 1221961681,
"eax": 0,
"ebp": 1609588,
"edx": 38237316,
"ebx": 1,
"esi": 2297344,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.2032,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1402
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n6\n2\n9\nb\n \n@\n \n0\nx\n2\n4\n1\n7\n9\n7\nb\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n1\n1\nd\n8\n7\n \n@\n \n0\nx\n2\n3\nf\nf\n9\n5\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n2\nc\n8\n \n@\n \n0\nx\n2\n4\n0\n9\n4\n1\n8\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n4\ne\n0\n6\n \n@\n \n0\nx\n2\n4\n3\n6\n4\ne\n6\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1609412,
"edi": 1221961681,
"eax": 0,
"ebp": 1609416,
"edx": 38237316,
"ebx": 1,
"esi": 2297344,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.2192,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1515
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n6\n2\n9\nb\n \n@\n \n0\nx\n2\n4\n1\n7\n9\n7\nb\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n7\nc\na\nc\n \n@\n \n0\nx\n2\n4\n0\n9\na\n3\n4\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n2\n6\nb\n \n@\n \n0\nx\n2\n4\n0\n9\n4\n7\n5\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n4\ne\n0\n6\n \n@\n \n0\nx\n2\n4\n3\n6\n4\ne\n6\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1609412,
"edi": 1221961681,
"eax": 0,
"ebp": 1609416,
"edx": 38237316,
"ebx": 1,
"esi": 2297344,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.2192,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1516
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n5\n3\n3\n8\n \n@\n \n0\nx\n2\n4\n3\n6\na\n1\n8\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610720,
"edi": 1221961681,
"eax": 0,
"ebp": 1610724,
"edx": 38237316,
"ebx": 1,
"esi": 2297344,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.2192,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1522
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n5\n8\nc\n4\n \n@\n \n0\nx\n2\n4\n3\n6\nf\na\n4\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610720,
"edi": 1221961681,
"eax": 0,
"ebp": 1610724,
"edx": 38237316,
"ebx": 1,
"esi": 2297344,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.2192,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1524
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n6\n2\n9\nb\n \n@\n \n0\nx\n2\n4\n1\n7\n9\n7\nb\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n1\n1\nd\n8\n7\n \n@\n \n0\nx\n2\n3\nf\nf\n9\n5\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n2\nc\n8\n \n@\n \n0\nx\n2\n4\n0\n9\n4\n1\n8\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n5\na\nf\n9\n \n@\n \n0\nx\n2\n4\n3\n7\n1\nd\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1609412,
"edi": 1221961681,
"eax": 0,
"ebp": 1609416,
"edx": 38237316,
"ebx": 1,
"esi": 2297344,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.2352,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1631
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n6\n2\n9\nb\n \n@\n \n0\nx\n2\n4\n1\n7\n9\n7\nb\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n7\nc\na\nc\n \n@\n \n0\nx\n2\n4\n0\n9\na\n3\n4\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n2\n6\nb\n \n@\n \n0\nx\n2\n4\n0\n9\n4\n7\n5\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n5\na\nf\n9\n \n@\n \n0\nx\n2\n4\n3\n7\n1\nd\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1609412,
"edi": 1221961681,
"eax": 0,
"ebp": 1609416,
"edx": 38237316,
"ebx": 1,
"esi": 2297344,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.2352,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1632
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n6\n2\n9\nb\n \n@\n \n0\nx\n2\n4\n1\n7\n9\n7\nb\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n1\n1\nd\n8\n7\n \n@\n \n0\nx\n2\n3\nf\nf\n9\n5\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n2\nc\n8\n \n@\n \n0\nx\n2\n4\n0\n9\n4\n1\n8\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n6\n0\n7\n6\n \n@\n \n0\nx\n2\n4\n3\n7\n7\n5\n6\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1609412,
"edi": 1221961681,
"eax": 0,
"ebp": 1609416,
"edx": 38237316,
"ebx": 1,
"esi": 2297344,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.2503,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1739
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n6\n2\n9\nb\n \n@\n \n0\nx\n2\n4\n1\n7\n9\n7\nb\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n7\nc\na\nc\n \n@\n \n0\nx\n2\n4\n0\n9\na\n3\n4\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n2\n6\nb\n \n@\n \n0\nx\n2\n4\n0\n9\n4\n7\n5\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n6\n0\n7\n6\n \n@\n \n0\nx\n2\n4\n3\n7\n7\n5\n6\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1609412,
"edi": 1221961681,
"eax": 0,
"ebp": 1609416,
"edx": 38237316,
"ebx": 1,
"esi": 2297344,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.2503,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1740
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n6\n2\n9\nb\n \n@\n \n0\nx\n2\n4\n1\n7\n9\n7\nb\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n1\n1\nd\n8\n7\n \n@\n \n0\nx\n2\n3\nf\nf\n9\n5\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n2\nc\n8\n \n@\n \n0\nx\n2\n4\n0\n9\n4\n1\n8\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n9\nb\nf\n8\n \n@\n \n0\nx\n2\n4\n0\n7\na\ne\n8\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n1\nf\nc\nd\ne\n \n@\n \n0\nx\n2\n4\n3\n1\n3\nb\ne\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n6\n0\n7\nb\n \n@\n \n0\nx\n2\n4\n3\n7\n7\n5\nb\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1609332,
"edi": 1221961681,
"eax": 0,
"ebp": 1609336,
"edx": 38237316,
"ebx": 1,
"esi": 2297344,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.2662,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1847
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n6\n2\n9\nb\n \n@\n \n0\nx\n2\n4\n1\n7\n9\n7\nb\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n7\nc\na\nc\n \n@\n \n0\nx\n2\n4\n0\n9\na\n3\n4\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n2\n6\nb\n \n@\n \n0\nx\n2\n4\n0\n9\n4\n7\n5\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n9\nb\nf\n8\n \n@\n \n0\nx\n2\n4\n0\n7\na\ne\n8\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n1\nf\nc\nd\ne\n \n@\n \n0\nx\n2\n4\n3\n1\n3\nb\ne\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n6\n0\n7\nb\n \n@\n \n0\nx\n2\n4\n3\n7\n7\n5\nb\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1609332,
"edi": 1221961681,
"eax": 0,
"ebp": 1609336,
"edx": 38237316,
"ebx": 1,
"esi": 2297344,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.2662,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1848
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n6\n5\n0\n0\n \n@\n \n0\nx\n2\n4\n3\n7\nb\ne\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610720,
"edi": 0,
"eax": 0,
"ebp": 1610724,
"edx": 38237316,
"ebx": 1,
"esi": 7496560,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.3133,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2172
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n6\n2\n9\nb\n \n@\n \n0\nx\n2\n4\n1\n7\n9\n7\nb\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n1\n1\nd\n8\n7\n \n@\n \n0\nx\n2\n3\nf\nf\n9\n5\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n2\nc\n8\n \n@\n \n0\nx\n2\n4\n0\n9\n4\n1\n8\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n6\nb\n7\n8\n \n@\n \n0\nx\n2\n4\n3\n8\n2\n5\n8\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1609412,
"edi": 0,
"eax": 0,
"ebp": 1609416,
"edx": 38237316,
"ebx": 1,
"esi": 7496560,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.3442,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2279
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n6\n2\n9\nb\n \n@\n \n0\nx\n2\n4\n1\n7\n9\n7\nb\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n7\nc\na\nc\n \n@\n \n0\nx\n2\n4\n0\n9\na\n3\n4\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n2\n6\nb\n \n@\n \n0\nx\n2\n4\n0\n9\n4\n7\n5\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n6\nb\n7\n8\n \n@\n \n0\nx\n2\n4\n3\n8\n2\n5\n8\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1609412,
"edi": 0,
"eax": 0,
"ebp": 1609416,
"edx": 38237316,
"ebx": 1,
"esi": 7496560,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.3442,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2280
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n6\nd\nc\n8\n \n@\n \n0\nx\n2\n4\n3\n8\n4\na\n8\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610720,
"edi": 0,
"eax": 0,
"ebp": 1610724,
"edx": 38237316,
"ebx": 1,
"esi": 7496560,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.3442,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2298
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n6\n6\ne\ne\n \n@\n \n0\nx\n2\n4\n1\n7\nd\nc\ne\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n7\n0\n3\n1\n \n@\n \n0\nx\n2\n4\n3\n8\n7\n1\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610024,
"edi": 0,
"eax": 0,
"ebp": 1610028,
"edx": 38237316,
"ebx": 1,
"esi": 7496560,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.3442,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2299
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n9\n0\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nf\ne\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n7\n0\ne\nd\n \n@\n \n0\nx\n2\n4\n3\n8\n7\nc\nd\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610720,
"edi": 0,
"eax": 0,
"ebp": 1610724,
"edx": 38237388,
"ebx": 1,
"esi": 7496560,
"ecx": 38237388
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.3442,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2398
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\nd\n4\n9\n \n@\n \n0\nx\n2\n4\n4\n0\n4\n2\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n7\nd\n0\n4\n \n@\n \n0\nx\n2\n4\n3\n9\n3\ne\n4\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610720,
"edi": 0,
"eax": 0,
"ebp": 1610724,
"edx": 38237604,
"ebx": 0,
"esi": 7496560,
"ecx": 38237604
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.3442,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2399
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n7\nf\n8\n6\n \n@\n \n0\nx\n2\n4\n3\n9\n6\n6\n6\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610720,
"edi": 0,
"eax": 0,
"ebp": 1610724,
"edx": 38237316,
"ebx": 0,
"esi": 7496560,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.3442,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2400
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n8\n9\nf\nf\n \n@\n \n0\nx\n2\n4\n3\na\n0\nd\nf\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610720,
"edi": 0,
"eax": 0,
"ebp": 1610724,
"edx": 38237316,
"ebx": 0,
"esi": 7496560,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4383,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2437
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\ne\n8\n9\n \n@\n \n0\nx\n2\n4\n4\n0\n5\n6\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n8\nc\n6\n4\n \n@\n \n0\nx\n2\n4\n3\na\n3\n4\n4\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610720,
"edi": 0,
"eax": 0,
"ebp": 1610724,
"edx": 38237676,
"ebx": 0,
"esi": 7496560,
"ecx": 38237676
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4383,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2438
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n5\n7\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nc\n5\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n8\nc\nf\nd\n \n@\n \n0\nx\n2\n4\n3\na\n3\nd\nd\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610720,
"edi": 2377400537,
"eax": 0,
"ebp": 1610724,
"edx": 38237352,
"ebx": 0,
"esi": 1430911325,
"ecx": 38237352
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4383,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2439
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n8\nf\nb\nd\n \n@\n \n0\nx\n2\n4\n3\na\n6\n9\nd\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610720,
"edi": 2377400537,
"eax": 0,
"ebp": 1610724,
"edx": 38237316,
"ebx": 0,
"esi": 1430911325,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4383,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2445
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1430911325,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4383,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2446
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1979908096,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4383,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2449
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1979908096,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4383,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2452
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1983447040,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4383,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2455
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1975189504,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4383,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2458
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1975189504,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4383,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2461
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1983447040,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4383,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2464
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1979908096,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4383,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2467
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1979908096,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4383,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2470
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1979908096,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4383,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2474
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1975189504,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4383,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2481
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1979908096,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4383,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2484
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1979908096,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4532,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2496
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1979908096,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4532,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2499
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1979908096,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4532,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2528
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1975189504,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.4532,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2531
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1979908096,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.5003,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2534
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\ne\n4\n3\n9\n \n@\n \n0\nx\n2\n4\n3\nf\nb\n1\n9\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n8\nf\ne\n0\n \n@\n \n0\nx\n2\n4\n1\na\n6\nc\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n9\n2\na\n1\n \n@\n \n0\nx\n2\n4\n3\na\n9\n8\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n1\nb\n1\n \n@\n \n0\nx\n2\n4\n3\n4\n8\n9\n1\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1610632,
"edi": 2377400537,
"eax": 0,
"ebp": 1610636,
"edx": 38237316,
"ebx": 0,
"esi": 1979908096,
"ecx": 38237316
},
"exception": {
"instruction_r": "c6 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc",
"instruction": "mov byte ptr [eax], 0",
"exception_code": "0xc0000005",
"symbol": "SetFunctionAddresses+0x2e4de",
"address": "0x243fbbe"
}
},
"time": 1560815587.5003,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2537
}
],
"references": [],
"name": "raises_exception"
},
{
"markcount": 2,
"families": [],
"description": "Allocates read-write-execute memory (usually to unpack itself)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2660,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 450560,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x023f1000"
},
"time": 1560815586.7812,
"tid": 2308,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2660,
"type": "call",
"cid": 422
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2660,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00a00000"
},
"time": 1560815587.5633,
"tid": 2308,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2660,
"type": "call",
"cid": 2804
}
],
"references": [],
"name": "allocates_rwx"
},
{
"markcount": 1,
"families": [],
"description": "A process attempted to delay the analysis task.",
"severity": 2,
"marks": [
{
"type": "generic",
"description": "11a75079e63f526b0fde37041799fce196a3398c30d278a71821b414cb0adc34.bin tried to sleep 184 seconds, actually delayed analysis time by 184 seconds"
}
],
"references": [],
"name": "antisandbox_sleep"
},
{
"markcount": 5,
"families": [],
"description": "Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation",
"severity": 2,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetDiskFreeSpaceW",
"return_value": 1,
"arguments": {
"root_path": "c:\\",
"sectors_per_cluster": 8,
"number_of_free_clusters": 5739805,
"total_number_of_clusters": 8362495,
"bytes_per_sector": 512
},
"time": 1560815587.5633,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2878
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetDiskFreeSpaceExW",
"return_value": 1,
"arguments": {
"root_path": "C:\\",
"free_bytes_available": 23509716992,
"total_number_of_free_bytes": 0,
"total_number_of_bytes": 34252779520
},
"time": 1560815588.0312,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 3441
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetDiskFreeSpaceExW",
"return_value": 1,
"arguments": {
"root_path": "C:\\",
"free_bytes_available": 23509716992,
"total_number_of_free_bytes": 0,
"total_number_of_bytes": 34252779520
},
"time": 1560815588.0312,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 3442
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetDiskFreeSpaceExW",
"return_value": 1,
"arguments": {
"root_path": "C:\\",
"free_bytes_available": 23509716992,
"total_number_of_free_bytes": 0,
"total_number_of_bytes": 34252779520
},
"time": 1560815588.2973,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 5179
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetDiskFreeSpaceExW",
"return_value": 1,
"arguments": {
"root_path": "C:\\",
"free_bytes_available": 23509716992,
"total_number_of_free_bytes": 0,
"total_number_of_bytes": 34252779520
},
"time": 1560815588.2973,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 5180
}
],
"references": [],
"name": "antivm_disk_size"
},
{
"markcount": 2,
"families": [],
"description": "The binary likely contains encrypted or compressed data indicative of a packer",
"severity": 2,
"marks": [
{
"entropy": 7.9991358207883,
"section": {
"size_of_data": "0x001d4000",
"virtual_address": "0x00346000",
"entropy": 7.9991358207883,
"name": ".pdata",
"virtual_size": "0x001e0000"
},
"type": "generic",
"description": "A section with a high entropy has been found"
},
{
"entropy": 0.81391304347826,
"type": "generic",
"description": "Overall entropy of this PE file is high"
}
],
"references": [
"http:\/\/www.forensickb.com\/2013\/03\/file-entropy-explained.html",
"http:\/\/virii.es\/U\/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf"
],
"name": "packer_entropy"
},
{
"markcount": 1,
"families": [],
"description": "Checks for the Locally Unique Identifier on the system for a suspicious privilege",
"severity": 2,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeBackupPrivilege"
},
"time": 1560815587.5633,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 2870
}
],
"references": [],
"name": "privilege_luid_check"
},
{
"markcount": 4,
"families": [],
"description": "Checks for the presence of known devices from debuggers and forensic tools",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "\\??\\SICE",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "\\??\\SIWVID",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "\\??\\SIWDEBUG",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "\\??\\NTICE",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "antidbg_devices"
},
{
"markcount": 7,
"families": [],
"description": "Checks for the presence of known windows from debuggers and forensic tools",
"severity": 3,
"marks": [
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FileMonClass",
"window_name": ""
},
"time": 1560815587.1412,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1120
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FileMonClass",
"window_name": ""
},
"time": 1560815587.1412,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1120
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegMonClass",
"window_name": ""
},
"time": 1560815587.1412,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1121
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegMonClass",
"window_name": ""
},
"time": 1560815587.1412,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1121
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "PROCMON_WINDOW_CLASS",
"window_name": ""
},
"time": 1560815587.1412,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1122
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 2,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "ThunderRT6FormDC",
"window_name": "Shareware Cheater v 3.0"
},
"time": 1560815587.2032,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1407
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 2,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "ThunderRT6FormDC",
"window_name": ""
},
"time": 1560815587.2032,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1408
}
],
"references": [],
"name": "antidbg_windows"
},
{
"markcount": 1,
"families": [],
"description": "Checks the version of Bios, possibly for anti-virtualization",
"severity": 3,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosVersion",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "antivm_generic_bios"
},
{
"markcount": 2,
"families": [],
"description": "Queries information on disks, possibly for anti-virtualization",
"severity": 3,
"marks": [
{
"call": {
"category": "file",
"status": 1,
"stacktrace": [],
"api": "NtCreateFile",
"return_value": 0,
"arguments": {
"create_disposition": 3,
"file_handle": "0x0000015c",
"filepath": "\\??\\PHYSICALDRIVE0",
"desired_access": "0x00100080",
"file_attributes": 0,
"filepath_r": "\\??\\PHYSICALDRIVE0",
"create_options": 96,
"status_info": 0,
"share_access": 3
},
"time": 1560815586.8282,
"tid": 2308,
"flags": {
"create_disposition": "FILE_OPEN_IF",
"desired_access": "FILE_READ_ATTRIBUTES|SYNCHRONIZE",
"create_options": "FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT",
"file_attributes": "",
"status_info": "FILE_SUPERSEDED",
"share_access": "FILE_SHARE_READ|FILE_SHARE_WRITE"
}
},
"pid": 2660,
"type": "call",
"cid": 590
},
{
"call": {
"category": "file",
"status": 1,
"stacktrace": [],
"api": "DeviceIoControl",
"return_value": 1,
"arguments": {
"input_buffer": "",
"device_handle": "0x0000015c",
"control_code": 458752,
"output_buffer": "Q\u0010\u0000\u0000\u0000\u0000\u0000\u0000\f\u0000\u0000\u0000\u00ff\u0000\u0000\u0000?\u0000\u0000\u0000\u0000\u0002\u0000\u0000"
},
"time": 1560815586.8282,
"tid": 2308,
"flags": {
"control_code": "IOCTL_DISK_GET_DRIVE_GEOMETRY"
}
},
"pid": 2660,
"type": "call",
"cid": 591
}
],
"references": [],
"name": "antivm_generic_disk"
},
{
"markcount": 1,
"families": [],
"description": "Detects VMWare through the in instruction feature",
"severity": 3,
"marks": [
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "S\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n0\n3\nf\n \n@\n \n0\nx\n2\n4\n1\n3\n7\n1\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n0\n2\n0\n \n@\n \n0\nx\n2\n4\n1\n3\n7\n0\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n8\n8\n8\n3\n \n@\n \n0\nx\n2\n4\n0\n8\ne\n5\nd\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n3\n0\n1\na\n \n@\n \n0\nx\n2\n4\n3\n4\n6\nf\na\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\n0\ne\n5\n1\n \n@\n \n0\nx\n6\nf\n0\ne\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n1\nb\na\n6\n \n@\n \n0\nx\n2\n4\n3\n3\n2\n8\n6\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\n8\nf\n5\ne\n \n@\n \n0\nx\n6\ne\n8\nf\n5\ne\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n4\n6\nf\n \n@\n \n0\nx\n6\ne\na\n4\n6\nf\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\n5\n5\n8\n \n@\n \n0\nx\n6\ne\na\n5\n5\n8\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\ne\na\ne\n3\n9\n \n@\n \n0\nx\n6\ne\na\ne\n3\n9\n\n\n1\n1\na\n7\n5\n0\n7\n9\ne\n6\n3\nf\n5\n2\n6\nb\n0\nf\nd\ne\n3\n7\n0\n4\n1\n7\n9\n9\nf\nc\ne\n1\n9\n6\na\n3\n3\n9\n8\nc\n3\n0\nd\n2\n7\n8\na\n7\n1\n8\n2\n1\nb\n4\n1\n4\nc\nb\n0\na\nd\nc\n3\n4\n+\n0\nx\n2\nf\nd\nd\n6\n9\n \n@\n \n0\nx\n6\nf\nd\nd\n6\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1631724,
"edi": 1221961681,
"eax": 1447909480,
"ebp": 1631732,
"edx": 22104,
"ebx": 0,
"esi": 7496560,
"ecx": 10
},
"exception": {
"instruction_r": "ed 81 fb 68 58 4d 56 75 04 c6 45 ff 01 8a 45 ff",
"instruction": "in eax, dx",
"exception_code": "0xc0000096",
"symbol": "SetFunctionAddresses+0x206d",
"address": "0x241374d"
}
},
"time": 1560815587.1412,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 1091
}
],
"references": [],
"name": "antivm_vmware_in_instruction"
}
]Yara
[
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualpc": [
[
184070,
0
]
]
},
"strings": [
"Dz8HCw=="
]
}
]Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 662,
"time": 6.2327060699463,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 5342,
"time": 12.232526063919,
"dport": 138,
"sport": 138
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7186,
"time": 6.1634628772736,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7514,
"time": 4.1725640296936,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7842,
"time": 6.1974608898163,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8170,
"time": 4.674987077713,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8498,
"time": 3.0484869480133,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 8826,
"time": 4.7353849411011,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 28236,
"time": 4.2334098815918,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 36620,
"time": 6.2783069610596,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "49f707768a68640918c3bdff631991c269eaf6f40934a1b76c49707a407396c0",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "23072986594edafee63acc45afb38b36c66dad9ed26a5bda9937723e6c5675c2",
"irc": [],
"https_ex": []
}Screenshots
Hashes [?]
| Property | Value |
|---|---|
| MD5 | f5708eb32e6ee5044d907a43bf6b3115 |
| SHA256 | 11a75079e63f526b0fde37041799fce196a3398c30d278a71821b414cb0adc34 |
Error Messages
These are some of the error messages that can appear related to rescuemaster.exe:
rescuemaster.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
rescuemaster.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
ArchiCrypt Rescue Master has stopped working.
End Program - rescuemaster.exe. This program is not responding.
rescuemaster.exe is not a valid Win32 application.
rescuemaster.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with the file?
To help other users, please let us know what you will do with the file:
Malware or legitimate?
If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.
And now some shameless self promotion ;)
Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.
If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.