What is Supr.exe?
Supr.exe is usually located in the 'c:\downloads\' folder.
Some of the anti-virus scanners at VirusTotal detected Supr.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Digital signatures [?]
Supr.exe is not signed.
VirusTotal report
47 of the 63 anti-virus programs at VirusTotal detected the Supr.exe file. That's a 75% detection rate.
| Scanner | Detection Name |
|---|---|
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKD.41015736 |
| ALYac | Trojan.GenericKD.41015736 |
| Antiy-AVL | Trojan/Win32.Occamy |
| Avast | Win32:Trojan-gen |
| AVG | Win32:Trojan-gen |
| Avira | TR/Crypt.TPM.Gen |
| BitDefender | Trojan.GenericKD.41015736 |
| CAT-QuickHeal | Trojan.Generic |
| Comodo | Malware@#3b5zvmeyddptg |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.5aaae4 |
| Cyren | W32/Trojan.NLGR-7113 |
| DrWeb | Trojan.Packed.193 |
| eGambit | Trojan.Generic |
| Emsisoft | Trojan.GenericKD.41015736 (B) |
| Endgame | malicious (high confidence) |
| ESET-NOD32 | a variant of Win32/Packed.Themida.ACU |
| F-Secure | Trojan.TR/Crypt.TPM.Gen |
| Fortinet | W32/Generic!tr |
| GData | Trojan.GenericKD.41015736 |
| Invincea | heuristic |
| K7AntiVirus | Trojan ( 0040f4ef1 ) |
| K7GW | Trojan ( 0040f4ef1 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| Malwarebytes | Trojan.Crypt.Themida |
| MAX | malware (ai score=100) |
| McAfee | RDN/Generic.dx |
| McAfee-GW-Edition | BehavesLike.Win32.Backdoor.cc |
| Microsoft | Trojan:Win32/Occamy.C |
| MicroWorld-eScan | Trojan.GenericKD.41015736 |
| NANO-Antivirus | Trojan.Win32.TPM.fmzyuy |
| Paloalto | generic.ml |
| Panda | Trj/CI.A |
| Qihoo-360 | Win32/Trojan.2ff |
| SentinelOne | static engine - malicious |
| Sophos | Mal/Generic-S |
| SUPERAntiSpyware | Trojan.Agent/Gen-Dropper |
| Symantec | Trojan.Gen.2 |
| Tencent | Win32.Trojan.Generic.Pbyp |
| Trapmine | malicious.high.ml.score |
| VBA32 | BScope.Trojan.Packed |
| VIPRE | Backdoor.Win32.Ircbot.gen (v) |
| ViRobot | Trojan.Win32.Z.Themida.849920 |
| Webroot | W32.Trojan.Gen |
| Yandex | Trojan.Agent!nj1Ius+qEk0 |
| ZoneAlarm | HEUR:Trojan.Win32.Generic |
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"directory_created": [
"C:\\ProgramData\\{01MYYKFL-1JYM-R8OS-7Q7E5637PWAZ}"
],
"dll_loaded": [
"NTDLL",
"urlmon.dll",
"winmm.dll",
"KERNEL32.dll",
"GDI32.dll",
"SHELL32.dll",
"kernel32.dll",
"ADVAPI32.dll",
"NTDLL.dll",
"PSAPI.DLL",
"WS2_32.dll",
"USER32.dll",
"WINHTTP.dll"
],
"file_failed": [
"\\??\\NTICE",
"\\??\\SICE",
"C:\\ProgramData\\{01MYYKFL-1JYM-R8OS-7Q7E5637PWAZ}\\:Zone.Identifier",
"\\??\\SIWVID"
],
"file_copied": [
[
"C:\\Users\\cuck\\AppData\\Local\\Temp\\309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"C:\\ProgramData\\{01MYYKFL-1JYM-R8OS-7Q7E5637PWAZ}\\"
]
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\Hardware\\description\\System",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000",
"HKEY_CURRENT_USER\\Software\\Wine",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\HARDWARE\\ACPI\\DSDT\\VBOX__",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
],
"file_opened": [
"C:\\Windows\\System32\\ntdll.dll",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"file_read": [
"C:\\Windows\\System32\\ntdll.dll"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\VideoBiosVersion",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProductName",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDesc",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\ProcessorNameString",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US"
]
}Generic
[
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"process_name": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"pid": 2816,
"summary": {
"directory_created": [
"C:\\ProgramData\\{01MYYKFL-1JYM-R8OS-7Q7E5637PWAZ}"
],
"dll_loaded": [
"NTDLL",
"urlmon.dll",
"winmm.dll",
"KERNEL32.dll",
"GDI32.dll",
"SHELL32.dll",
"kernel32.dll",
"ADVAPI32.dll",
"NTDLL.dll",
"PSAPI.DLL",
"WS2_32.dll",
"USER32.dll",
"WINHTTP.dll"
],
"file_failed": [
"\\??\\NTICE",
"\\??\\SICE",
"C:\\ProgramData\\{01MYYKFL-1JYM-R8OS-7Q7E5637PWAZ}\\:Zone.Identifier",
"\\??\\SIWVID"
],
"file_copied": [
[
"C:\\Users\\cuck\\AppData\\Local\\Temp\\309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"C:\\ProgramData\\{01MYYKFL-1JYM-R8OS-7Q7E5637PWAZ}\\"
]
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\Hardware\\description\\System",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000",
"HKEY_CURRENT_USER\\Software\\Wine",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\HARDWARE\\ACPI\\DSDT\\VBOX__",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
],
"file_opened": [
"C:\\Windows\\System32\\ntdll.dll",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"file_read": [
"C:\\Windows\\System32\\ntdll.dll"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\VideoBiosVersion",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProductName",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDesc",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\ProcessorNameString",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US"
]
},
"first_seen": 1603378386.78125,
"ppid": 2016
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1603378386.328125,
"ppid": 376
}
]Signatures
[
{
"markcount": 2,
"families": [],
"description": "Checks if process is being debugged by a debugger",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1603378387.23425,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6070
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 123,
"nt_status": -1073741773,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1603378387.85925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6493
}
],
"references": [],
"name": "checks_debugger"
},
{
"markcount": 5,
"families": [],
"description": "The executable contains unknown PE section names indicative of a packer (could be a false positive)",
"severity": 1,
"marks": [
{
"category": "section",
"ioc": " \\x00 ",
"type": "ioc",
"description": null
},
{
"category": "section",
"ioc": ".idata ",
"type": "ioc",
"description": null
},
{
"category": "section",
"ioc": " ",
"type": "ioc",
"description": null
},
{
"category": "section",
"ioc": "vwuqbeeg",
"type": "ioc",
"description": null
},
{
"category": "section",
"ioc": "cyzwphjl",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_features"
},
{
"markcount": 112,
"families": [],
"description": "One or more processes crashed",
"severity": 1,
"marks": [
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "R\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 6421196,
"edi": 0,
"eax": 1,
"ebp": 6421212,
"edx": 3948544,
"ebx": 2130567168,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x13d0b9",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 1298617,
"address": "0x30d0b9"
}
},
"time": 1603378386.87525,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 0
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421164,
"edi": 1975189736,
"eax": 25943,
"ebp": 4069883924,
"edx": 1900544,
"ebx": 2163258,
"esi": 3,
"ecx": 1975386112
},
"exception": {
"instruction_r": "fb 51 68 52 3c 00 00 89 2c 24 e9 da 02 00 00 81",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x3a033",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 237619,
"address": "0x20a033"
}
},
"time": 1603378386.87525,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 1
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421164,
"edi": 1975189736,
"eax": 1961448529,
"ebp": 4069883924,
"edx": 1900544,
"ebx": 2140494,
"esi": 0,
"ecx": 1975386112
},
"exception": {
"instruction_r": "fb b9 8f 72 1c 00 81 c1 e7 04 e7 5a e9 94 0a 00",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x39e03",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 237059,
"address": "0x209e03"
}
},
"time": 1603378386.87525,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 2
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421164,
"edi": 1975189736,
"eax": 30529,
"ebp": 4069883924,
"edx": 1503815182,
"ebx": 2171515,
"esi": 224489,
"ecx": 4294939756
},
"exception": {
"instruction_r": "fb e9 51 03 00 00 29 c8 59 29 f0 05 ff 2c bc 70",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x3ac63",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 240739,
"address": "0x20ac63"
}
},
"time": 1603378386.87525,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 3
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421160,
"edi": 2172574,
"eax": 2338354,
"ebp": 4069883924,
"edx": 217088,
"ebx": 217088,
"esi": 2337820,
"ecx": 3342991360
},
"exception": {
"instruction_r": "fb 05 9e 03 4c 72 53 e9 0e fb ff ff 50 b8 35 7e",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x6b46e",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 439406,
"address": "0x23b46e"
}
},
"time": 1603378386.87525,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421164,
"edi": 0,
"eax": 2340954,
"ebp": 4069883924,
"edx": 217088,
"ebx": 217088,
"esi": 2337820,
"ecx": 22249
},
"exception": {
"instruction_r": "fb e9 55 00 00 00 4d 68 b6 41 00 00 e9 54 ff ff",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x6b520",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 439584,
"address": "0x23b520"
}
},
"time": 1603378386.87525,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 7
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421160,
"edi": 0,
"eax": 32928,
"ebp": 4069883924,
"edx": 2130566132,
"ebx": 2353255,
"esi": 2337820,
"ecx": 875
},
"exception": {
"instruction_r": "fb e9 18 ff ff ff 52 ba d8 6b 80 17 c1 e2 05 81",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x6ed2b",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 453931,
"address": "0x23ed2b"
}
},
"time": 1603378386.87525,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 11
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421164,
"edi": 0,
"eax": 32928,
"ebp": 4069883924,
"edx": 2130566132,
"ebx": 2386183,
"esi": 2337820,
"ecx": 875
},
"exception": {
"instruction_r": "fb e9 4b fd ff ff 01 d5 5a e9 81 03 00 00 81 ef",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x6ef47",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 454471,
"address": "0x23ef47"
}
},
"time": 1603378386.87525,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 12
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421164,
"edi": 0,
"eax": 50665,
"ebp": 4069883924,
"edx": 4294937436,
"ebx": 2386183,
"esi": 2337820,
"ecx": 875
},
"exception": {
"instruction_r": "fb e9 38 f9 ff ff 55 bd e1 36 56 51 89 e8 5d e9",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x6efb4",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 454580,
"address": "0x23efb4"
}
},
"time": 1603378386.87525,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 13
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421164,
"edi": 0,
"eax": 1259,
"ebp": 4069883924,
"edx": 0,
"ebx": 2358312,
"esi": 2381071,
"ecx": 1975439852
},
"exception": {
"instruction_r": "fb e9 b4 0a 00 00 81 ed 0c 4e 7a 0f 56 e9 4a 05",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x74a06",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 477702,
"address": "0x244a06"
}
},
"time": 1603378386.89025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421156,
"edi": 0,
"eax": 1447909480,
"ebp": 4069883924,
"edx": 22104,
"ebx": 1975324853,
"esi": 2387639,
"ecx": 20
},
"exception": {
"instruction_r": "ed 64 8f 05 00 00 00 00 68 61 37 00 00 e9 69 2e",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x77197",
"instruction": "in eax, dx",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 487831,
"address": "0x247197"
}
},
"time": 1603378386.89025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 22
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421156,
"edi": 0,
"eax": 1,
"ebp": 4069883924,
"edx": 22104,
"ebx": 0,
"esi": 2387639,
"ecx": 20
},
"exception": {
"instruction_r": "0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x78af3",
"address": "0x248af3",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc000001d",
"offset": 494323
}
},
"time": 1603378386.89025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 23
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421156,
"edi": 0,
"eax": 1447909480,
"ebp": 4069883924,
"edx": 22104,
"ebx": 2256917605,
"esi": 2387639,
"ecx": 10
},
"exception": {
"instruction_r": "ed 81 fb 68 58 4d 56 75 0a c7 85 a8 37 8b 0d 01",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x78dfc",
"instruction": "in eax, dx",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 495100,
"address": "0x248dfc"
}
},
"time": 1603378386.89025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 24
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421164,
"edi": 0,
"eax": 2445710,
"ebp": 4069883924,
"edx": 2130566132,
"ebx": 55297077,
"esi": 10,
"ecx": 55
},
"exception": {
"instruction_r": "fb 52 50 81 ec 04 00 00 00 89 14 24 55 68 87 38",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x7dd03",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 515331,
"address": "0x24dd03"
}
},
"time": 1603378387.04725,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 2771
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421164,
"edi": 0,
"eax": 2445710,
"ebp": 4069883924,
"edx": 2130566132,
"ebx": 1108064,
"esi": 4294940220,
"ecx": 55
},
"exception": {
"instruction_r": "fb 68 d7 91 e7 6d 8b 0c 24 52 89 e2 51 e9 62 06",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x7de07",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 515591,
"address": "0x24de07"
}
},
"time": 1603378387.04725,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 2772
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 0,
"eax": 6421124,
"ebp": 4069883924,
"edx": 46570,
"ebx": 2419309,
"esi": 46548,
"ecx": 2405703
},
"exception": {
"instruction_r": "cd 01 eb 00 8b f7 e8 0c 00 00 00 1c 4a f0 f9 8c",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x7e9a3",
"instruction": "int 1",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000005",
"offset": 518563,
"address": "0x24e9a3"
}
},
"time": 1603378387.04725,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 2773
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421160,
"edi": 2130694,
"eax": 2461076,
"ebp": 4069883924,
"edx": 6,
"ebx": 55297299,
"esi": 1975260176,
"ecx": 0
},
"exception": {
"instruction_r": "fb 68 e5 66 00 00 89 3c 24 bf 6e 41 b9 16 e9 dd",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x8939d",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 562077,
"address": "0x25939d"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5964
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421164,
"edi": 2130694,
"eax": 2492316,
"ebp": 4069883924,
"edx": 6,
"ebx": 55297299,
"esi": 1975260176,
"ecx": 0
},
"exception": {
"instruction_r": "fb 68 03 1c 00 00 ff 34 24 5e 56 56 e9 03 fe ff",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x89127",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 561447,
"address": "0x259127"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5965
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421164,
"edi": 2130694,
"eax": 2463632,
"ebp": 4069883924,
"edx": 7149928,
"ebx": 55297299,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "fb 68 34 59 d3 14 e9 8d 01 00 00 81 c7 3e 7a 52",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x890c6",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 561350,
"address": "0x2590c6"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5966
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421160,
"edi": 2130694,
"eax": 2463810,
"ebp": 4069883924,
"edx": 998897684,
"ebx": 55297299,
"esi": 0,
"ecx": 155767157
},
"exception": {
"instruction_r": "fb 83 ec 04 89 1c 24 e9 fa 05 00 00 57 e9 81 00",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x89965",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 563557,
"address": "0x259965"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5967
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421164,
"edi": 2130694,
"eax": 2491739,
"ebp": 4069883924,
"edx": 4294941988,
"ebx": 55297299,
"esi": 0,
"ecx": 262633
},
"exception": {
"instruction_r": "fb 56 68 1b 7d c9 45 ff 34 24 8b 34 24 81 c4 04",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x89b21",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 564001,
"address": "0x259b21"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5968
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421156,
"edi": 4294939848,
"eax": 695529,
"ebp": 4069883924,
"edx": 4294941988,
"ebx": 2507770,
"esi": 346454,
"ecx": 2451316
},
"exception": {
"instruction_r": "fb 81 ec 04 00 00 00 89 2c 24 e9 8d fe ff ff 50",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x8d452",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 578642,
"address": "0x25d452"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5970
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421152,
"edi": 4294939848,
"eax": 28460,
"ebp": 4069883924,
"edx": 2497728,
"ebx": 2128519718,
"esi": 346454,
"ecx": 3342991360
},
"exception": {
"instruction_r": "fb 81 ea c2 47 3d 78 81 ea 4d 1f 52 09 03 14 24",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x92a9a",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 600730,
"address": "0x262a9a"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5972
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421156,
"edi": 30185,
"eax": 28460,
"ebp": 4069883924,
"edx": 2501408,
"ebx": 2128519718,
"esi": 0,
"ecx": 3342991360
},
"exception": {
"instruction_r": "fb 53 89 e3 56 be 04 00 00 00 01 f3 5e 81 eb 04",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x91d16",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 597270,
"address": "0x261d16"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5973
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421120,
"edi": 2608567,
"eax": 30721,
"ebp": 4069883924,
"edx": 2131861,
"ebx": 304129024,
"esi": 2604983,
"ecx": 4682493
},
"exception": {
"instruction_r": "fb 81 c7 93 7a c0 62 53 bb 6a 77 6b 7b e9 a6 07",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xacdee",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 708078,
"address": "0x27cdee"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5981
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 2639288,
"eax": 30721,
"ebp": 4069883924,
"edx": 2131861,
"ebx": 304129024,
"esi": 4294939384,
"ecx": 116969
},
"exception": {
"instruction_r": "fb 55 55 89 04 24 b8 c7 55 41 41 f7 d0 51 b9 17",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xad719",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 710425,
"address": "0x27d719"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5982
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421120,
"edi": 2639288,
"eax": 28954,
"ebp": 4069883924,
"edx": 2613182,
"ebx": 304129024,
"esi": 4294939384,
"ecx": 116969
},
"exception": {
"instruction_r": "fb 68 23 40 00 00 89 04 24 b8 69 02 9f 13 e9 6c",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xae5e8",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 714216,
"address": "0x27e5e8"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5983
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 6889,
"eax": 4294940760,
"ebp": 4069883924,
"edx": 2642136,
"ebx": 304129024,
"esi": 4294939384,
"ecx": 116969
},
"exception": {
"instruction_r": "fb 68 cf 3d 00 00 89 3c 24 68 75 3f 27 22 ff 34",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xae4b0",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 713904,
"address": "0x27e4b0"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5984
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 4069890813,
"eax": 2651831,
"ebp": 4069883924,
"edx": 1140213367,
"ebx": 1426090592,
"esi": 4294946273,
"ecx": 4294937420
},
"exception": {
"instruction_r": "fb 50 68 d4 6f d5 33 8b 04 24 55 54 5d 50 b8 43",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xafab5",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 719541,
"address": "0x27fab5"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5985
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 2622949,
"eax": 26870,
"ebp": 4069883924,
"edx": 3035471315,
"ebx": 2650093,
"esi": 2621985,
"ecx": 0
},
"exception": {
"instruction_r": "fb 31 ff ff 34 1f ff 34 24 ff 34 24 8b 0c 24 e9",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xb0ec8",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 724680,
"address": "0x280ec8"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5986
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 4294943072,
"eax": 26870,
"ebp": 4069883924,
"edx": 3035471315,
"ebx": 2650093,
"esi": 2621985,
"ecx": 44777
},
"exception": {
"instruction_r": "fb 68 bc 08 00 00 89 2c 24 bd aa 7e 31 7d 4d 56",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xb102b",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 725035,
"address": "0x28102b"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5987
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421120,
"edi": 4294943072,
"eax": 26223,
"ebp": 4069883924,
"edx": 0,
"ebx": 2634139,
"esi": 2621985,
"ecx": 1983578254
},
"exception": {
"instruction_r": "fb 57 68 0f 42 00 00 89 34 24 be 52 2d fd 2f 68",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xb35a5",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 734629,
"address": "0x2835a5"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5989
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 805267537,
"eax": 26223,
"ebp": 4069883924,
"edx": 0,
"ebx": 2636746,
"esi": 2621985,
"ecx": 0
},
"exception": {
"instruction_r": "fb 56 89 14 24 e9 12 07 00 00 f7 d8 35 ac 01 68",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xb32ae",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 733870,
"address": "0x2832ae"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5990
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 805267537,
"eax": 27031,
"ebp": 4069883924,
"edx": 2664002,
"ebx": 2636746,
"esi": 2621985,
"ecx": 1541300746
},
"exception": {
"instruction_r": "fb 68 a4 17 00 00 ff 34 24 58 56 68 a6 03 00 00",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xb4526",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 738598,
"address": "0x284526"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5991
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 805267537,
"eax": 0,
"ebp": 4069883924,
"edx": 2639794,
"ebx": 98537,
"esi": 2621985,
"ecx": 1541300746
},
"exception": {
"instruction_r": "fb 50 89 e0 05 04 00 00 00 83 e8 04 87 04 24 e9",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xb438a",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 738186,
"address": "0x28438a"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5992
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 805267537,
"eax": 30704,
"ebp": 4069883924,
"edx": 750842147,
"ebx": 98537,
"esi": 2621985,
"ecx": 2676180
},
"exception": {
"instruction_r": "fb 68 00 00 00 00 8b 34 24 50 89 e0 55 68 64 78",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xb5e22",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 744994,
"address": "0x285e22"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5993
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 805267537,
"eax": 30704,
"ebp": 4069883924,
"edx": 4073,
"ebx": 98537,
"esi": 4294939224,
"ecx": 2676180
},
"exception": {
"instruction_r": "fb 56 e9 e1 00 00 00 83 c4 04 83 ec 04 89 0c 24",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xb5f2d",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 745261,
"address": "0x285f2d"
}
},
"time": 1603378387.21925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5994
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 179945,
"eax": 4294937836,
"ebp": 4069883924,
"edx": 2653686,
"ebx": 3714775118,
"esi": 2653209,
"ecx": 2686676
},
"exception": {
"instruction_r": "fb 55 89 34 24 57 68 c8 39 2e 1b 5f 81 f7 7b 63",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xb8454",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 754772,
"address": "0x288454"
}
},
"time": 1603378387.23425,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5995
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421120,
"edi": 179945,
"eax": 2666338,
"ebp": 4069883924,
"edx": 2130566132,
"ebx": 2147483650,
"esi": 2657399,
"ecx": 3342991360
},
"exception": {
"instruction_r": "fb 68 17 18 00 00 89 14 24 55 89 3c 24 bf d9 73",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xbb121",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 766241,
"address": "0x28b121"
}
},
"time": 1603378387.23425,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6003
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 179945,
"eax": 2695842,
"ebp": 4069883924,
"edx": 2130566132,
"ebx": 2147483650,
"esi": 2657399,
"ecx": 3342991360
},
"exception": {
"instruction_r": "fb 68 11 1a 00 00 ff 34 24 5f 55 54 ff 34 24 5d",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xbb849",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 768073,
"address": "0x28b849"
}
},
"time": 1603378387.23425,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6004
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 0,
"eax": 2669150,
"ebp": 4069883924,
"edx": 2130566132,
"ebx": 2147483650,
"esi": 28137,
"ecx": 3342991360
},
"exception": {
"instruction_r": "fb e9 52 fc ff ff 81 f3 8e 6a 6e db 09 da e9 a3",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xbb792",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 767890,
"address": "0x28b792"
}
},
"time": 1603378387.23425,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6005
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 2724156,
"eax": 25929,
"ebp": 4069883924,
"edx": 2130566132,
"ebx": 13033,
"esi": 2669181,
"ecx": 4294944248
},
"exception": {
"instruction_r": "fb e9 d0 fc ff ff 5e e9 52 01 00 00 58 e9 df f9",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xc3525",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 800037,
"address": "0x293525"
}
},
"time": 1603378387.23425,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6018
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 4072411036,
"eax": 2762343,
"ebp": 4069883924,
"edx": 713576,
"ebx": 4076208179,
"esi": 7688052,
"ecx": 3449279
},
"exception": {
"instruction_r": "fb e9 03 02 00 00 bf b2 20 06 05 ba f1 04 28 70",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xcc255",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 836181,
"address": "0x29c255"
}
},
"time": 1603378387.23425,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6071
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 0,
"eax": 2739271,
"ebp": 4069883924,
"edx": 713576,
"ebx": 4076208179,
"esi": 63465,
"ecx": 3449279
},
"exception": {
"instruction_r": "fb 52 68 f0 12 d6 44 e9 2f 02 00 00 81 c2 95 13",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xcc408",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 836616,
"address": "0x29c408"
}
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6072
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421120,
"edi": 3342991360,
"eax": 25375,
"ebp": 4069883924,
"edx": 2754060,
"ebx": 2739355,
"esi": 4964332,
"ecx": 3342991360
},
"exception": {
"instruction_r": "fb e9 76 00 00 00 29 fa 5f 81 c2 d6 08 28 3e 81",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xd0b68",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 854888,
"address": "0x2a0b68"
}
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6087
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 3342991360,
"eax": 25375,
"ebp": 4069883924,
"edx": 2779435,
"ebx": 4294944244,
"esi": 8681,
"ecx": 3342991360
},
"exception": {
"instruction_r": "fb e9 41 ff ff ff b8 04 00 00 00 01 c1 e9 ac f9",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xd0d79",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 855417,
"address": "0x2a0d79"
}
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6088
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421120,
"edi": 3342991360,
"eax": 2772171,
"ebp": 4069883924,
"edx": 9961472,
"ebx": 1169320342,
"esi": 3805729571,
"ecx": 2008823930
},
"exception": {
"instruction_r": "fb 2d ce 70 2d 5f 05 21 61 2a 45 e9 e6 00 00 00",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xd5170",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 872816,
"address": "0x2a5170"
}
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6093
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 3342991360,
"eax": 2802296,
"ebp": 4069883924,
"edx": 9961472,
"ebx": 1169320342,
"esi": 3805729571,
"ecx": 2008823930
},
"exception": {
"instruction_r": "fb e9 d9 f4 ff ff 50 b8 a5 30 e5 71 89 c7 e9 c8",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xd5904",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 874756,
"address": "0x2a5904"
}
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6094
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 3342991360,
"eax": 2775472,
"ebp": 4069883924,
"edx": 20713,
"ebx": 1169320342,
"esi": 3805729571,
"ecx": 0
},
"exception": {
"instruction_r": "fb 68 4a 1c 00 00 e9 ee 03 00 00 8b 1c 24 83 c4",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xd4e7f",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 872063,
"address": "0x2a4e7f"
}
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6095
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421124,
"edi": 0,
"eax": 1092968,
"ebp": 4069883924,
"edx": 126614527,
"ebx": 2838753,
"esi": 2633884,
"ecx": 3738837515
},
"exception": {
"instruction_r": "fb 53 89 34 24 e9 5c 07 00 00 ff 34 24 5a e9 97",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0xe47c0",
"instruction": "sti",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 935872,
"address": "0x2b47c0"
}
},
"time": 1603378387.26525,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6155
}
],
"references": [],
"name": "raises_exception"
},
{
"markcount": 29,
"families": [],
"description": "Allocates read-write-execute memory (usually to unpack itself)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 8192,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x77c2f000"
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2816,
"type": "call",
"cid": 6128
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 8192,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x77ba0000"
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2816,
"type": "call",
"cid": 6130
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 98304,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x001d1000"
},
"time": 1603378387.28125,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2816,
"type": "call",
"cid": 6196
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00630000"
},
"time": 1603378387.29725,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6235
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00640000"
},
"time": 1603378387.29725,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6236
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00650000"
},
"time": 1603378387.29725,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6237
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 65536,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00660000"
},
"time": 1603378387.29725,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6238
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00670000"
},
"time": 1603378387.29725,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6239
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00680000"
},
"time": 1603378387.29725,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6240
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00690000"
},
"time": 1603378387.29725,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6242
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x006a0000"
},
"time": 1603378387.29725,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6243
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x006b0000"
},
"time": 1603378387.29725,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6244
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x006c0000"
},
"time": 1603378387.29725,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6246
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x006d0000"
},
"time": 1603378387.29725,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6247
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x006e0000"
},
"time": 1603378387.31225,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6250
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x006f0000"
},
"time": 1603378387.31225,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6253
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00700000"
},
"time": 1603378387.31225,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6256
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00710000"
},
"time": 1603378387.31225,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6257
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00720000"
},
"time": 1603378387.31225,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6259
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00670000"
},
"time": 1603378387.31225,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6261
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00730000"
},
"time": 1603378387.31225,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6262
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00740000"
},
"time": 1603378387.31225,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6263
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00670000"
},
"time": 1603378387.31225,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6265
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00670000"
},
"time": 1603378387.31225,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6267
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00670000"
},
"time": 1603378387.31225,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6269
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00670000"
},
"time": 1603378387.31225,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6271
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00670000"
},
"time": 1603378387.31225,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6273
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00670000"
},
"time": 1603378387.31225,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6275
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00670000"
},
"time": 1603378387.31225,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2816,
"type": "call",
"cid": 6277
}
],
"references": [],
"name": "allocates_rwx"
},
{
"markcount": 3,
"families": [],
"description": "The binary likely contains encrypted or compressed data indicative of a packer",
"severity": 2,
"marks": [
{
"entropy": 7.983576075027491,
"section": {
"size_of_data": "0x00017a00",
"virtual_address": "0x00001000",
"entropy": 7.983576075027491,
"name": " \\x00 ",
"virtual_size": "0x00035000"
},
"type": "generic",
"description": "A section with a high entropy has been found"
},
{
"entropy": 7.924176200650461,
"section": {
"size_of_data": "0x000b6600",
"virtual_address": "0x0013d000",
"entropy": 7.924176200650461,
"name": "vwuqbeeg",
"virtual_size": "0x000b7000"
},
"type": "generic",
"description": "A section with a high entropy has been found"
},
{
"entropy": 0.9975786924939467,
"type": "generic",
"description": "Overall entropy of this PE file is high"
}
],
"references": [
"http:\/\/www.forensickb.com\/2013\/03\/file-entropy-explained.html",
"http:\/\/virii.es\/U\/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf"
],
"name": "packer_entropy"
},
{
"markcount": 1,
"families": [],
"description": "Expresses interest in specific running processes",
"severity": 2,
"marks": [
{
"category": "process",
"ioc": "system",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "process_interest"
},
{
"markcount": 3,
"families": [],
"description": "Checks for the presence of known devices from debuggers and forensic tools",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "\\??\\SICE",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "\\??\\SIWVID",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "\\??\\NTICE",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "antidbg_devices"
},
{
"markcount": 17,
"families": [],
"description": "Checks for the presence of known windows from debuggers and forensic tools",
"severity": 3,
"marks": [
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "OLLYDBG",
"window_name": ""
},
"time": 1603378387.23425,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6011
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "GBDYLLO",
"window_name": ""
},
"time": 1603378387.23425,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6012
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "pediy06",
"window_name": ""
},
"time": 1603378387.23425,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6013
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FilemonClass",
"window_name": ""
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6073
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FilemonClass",
"window_name": ""
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6073
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "#0",
"window_name": "File Monitor - Sysinternals: www.sysinternals.com"
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6074
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "PROCMON_WINDOW_CLASS",
"window_name": ""
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6075
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "#0",
"window_name": "Process Monitor - Sysinternals: www.sysinternals.com"
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6076
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 126,
"nt_status": -1073741515,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegmonClass",
"window_name": ""
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6100
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 126,
"nt_status": -1073741515,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegmonClass",
"window_name": ""
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6100
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 126,
"nt_status": -1073741515,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "#0",
"window_name": "Registry Monitor - Sysinternals: www.sysinternals.com"
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6101
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 126,
"nt_status": -1073741515,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "18467-41",
"window_name": ""
},
"time": 1603378387.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6102
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FilemonClass",
"window_name": ""
},
"time": 1603378387.28125,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6199
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FilemonClass",
"window_name": ""
},
"time": 1603378387.28125,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6199
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "#0",
"window_name": "File Monitor - Sysinternals: www.sysinternals.com"
},
"time": 1603378387.28125,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6200
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "PROCMON_WINDOW_CLASS",
"window_name": ""
},
"time": 1603378387.28125,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6201
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "#0",
"window_name": "Process Monitor - Sysinternals: www.sysinternals.com"
},
"time": 1603378387.28125,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 6202
}
],
"references": [],
"name": "antidbg_windows"
},
{
"markcount": 2,
"families": [],
"description": "Checks the version of Bios, possibly for anti-virtualization",
"severity": 3,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosVersion",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\VideoBiosVersion",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "antivm_generic_bios"
},
{
"markcount": 1,
"families": [],
"description": "Checks the CPU name from registry, possibly for anti-virtualization",
"severity": 3,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\ProcessorNameString",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "antivm_generic_cpu"
},
{
"markcount": 1,
"families": [],
"description": "Detects VirtualBox through the presence of a registry key",
"severity": 3,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\HARDWARE\\ACPI\\DSDT\\VBOX__",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "antivm_vbox_keys"
},
{
"markcount": 1,
"families": [],
"description": "Detects VMWare through the in instruction feature",
"severity": 3,
"marks": [
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 6421156,
"edi": 0,
"eax": 1447909480,
"ebp": 4069883924,
"edx": 22104,
"ebx": 1975324853,
"esi": 2387639,
"ecx": 20
},
"exception": {
"instruction_r": "ed 64 8f 05 00 00 00 00 68 61 37 00 00 e9 69 2e",
"symbol": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1+0x77197",
"instruction": "in eax, dx",
"module": "309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1.bin",
"exception_code": "0xc0000096",
"offset": 487831,
"address": "0x247197"
}
},
"time": 1603378386.89025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 22
}
],
"references": [],
"name": "antivm_vmware_in_instruction"
},
{
"markcount": 1,
"families": [],
"description": "Detects the presence of Wine emulator",
"severity": 3,
"marks": [
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\Wine",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "antiemu_wine"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 546,
"time": 3.079097032546997,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 3346,
"time": 3.0108649730682373,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 3674,
"time": 1.034574031829834,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 4002,
"time": 3.017904043197632,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 4330,
"time": 1.5353169441223145,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 4658,
"time": -0.0980989933013916,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 4986,
"time": 1.5632450580596924,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 11456,
"time": 1.0677199363708496,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 15648,
"time": 3.1251630783081055,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "b99315b301be2179ab10d27a8975e57c1b9adc1e954e701de64ae079afa85709",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "95baa8430971ff65de8aeba331333da9c91f54ed1edb4c8ff0b467d57d1db857",
"irc": [],
"https_ex": []
}Screenshots
Supr.exe removal instructions
The instructions below shows how to remove Supr.exe with help from the FreeFixer removal tool. Basically, you install FreeFixer, scan your computer, check the Supr.exe file for removal, restart your computer and scan it again to verify that Supr.exe has been successfully removed. Here are the removal instructions in more detail:
- Download and install FreeFixer: http://www.freefixer.com/download.html
- Start FreeFixer and press the Start Scan button. The scan will finish in approximately five minutes.
- When the scan is finished, locate Supr.exe in the scan result and tick the checkbox next to the Supr.exe file. Do not check any other file for removal unless you are 100% sure you want to delete it. Tip: Press CTRL-F to open up FreeFixer's search dialog to quickly locate Supr.exe in the scan result.
c:\downloads\Supr.exe 
- Scroll down to the bottom of the scan result and press the Fix button. FreeFixer will now delete the Supr.exe file.
- Restart your computer.
- Start FreeFixer and scan your computer again. If Supr.exe still remains in the scan result, proceed with the next step. If Supr.exe is gone from the scan result you're done.
- If Supr.exe still remains in the scan result, check its checkbox again in the scan result and click Fix.
- Restart your computer.
- Start FreeFixer and scan your computer again. Verify that Supr.exe no longer appear in the scan result.
Hashes [?]
| Property | Value |
|---|---|
| MD5 | b40b78f16b205b1b9052d5662c0a4a02 |
| SHA256 | 309b81e6815cf8619556577b7c412429a380aed8681509cc407e31067b1e8ab1 |
Error Messages
These are some of the error messages that can appear related to supr.exe:
supr.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
supr.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
supr.exe has stopped working.
End Program - supr.exe. This program is not responding.
supr.exe is not a valid Win32 application.
supr.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with Supr.exe?
To help other users, please let us know what you will do with Supr.exe:
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.