WinZip_Keygen.myegy.exe is part of Winzip_Keygen_By_DeltaFoX/TeamURET and developed by DeFconX according to the WinZip_Keygen.myegy.exe version information.
WinZip_Keygen.myegy.exe's description is "Winzip_Keygen_By_DeltaFoX/TeamURET"
WinZip_Keygen.myegy.exe is usually located in the 'c:\downloads\' folder.
Some of the anti-virus scanners at VirusTotal detected WinZip_Keygen.myegy.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
The following is the available information on WinZip_Keygen.myegy.exe:
Property | Value |
---|---|
Product name | Winzip_Keygen_By_DeltaFoX/TeamURET |
Company name | DeFconX |
File description | Winzip_Keygen_By_DeltaFoX/TeamURET |
Internal name | WinZip_Keygen_By_DFoX.exe |
Original filename | WinZip_Keygen_By_DFoX.exe |
Comments | Keygen and Factor for Winzip all Version and all Edition |
Legal copyright | Copyright © 2017 |
Legal trademark | DeltaFoX |
Product version | 2.9.0.0 |
File version | 2.9.0.0 |
Here's a screenshot of the file properties when displayed by Windows Explorer:
Product name | Winzip_Keygen_By_DeltaFoX/TeamURET |
Company name | DeFconX |
File description | Winzip_Keygen_By_DeltaFoX/TeamURET |
Internal name | WinZip_Keygen_By_DFoX.exe |
Original filename | WinZip_Keygen_By_DFoX.exe |
Comments | Keygen and Factor for Winzip all Ver.. |
Legal copyright | Copyright © 2017 |
Legal trademark | DeltaFoX |
Product version | 2.9.0.0 |
File version | 2.9.0.0 |
WinZip_Keygen.myegy.exe is not signed.
42 of the 71 anti-virus programs at VirusTotal detected the WinZip_Keygen.myegy.exe file. That's a 59% detection rate.
Scanner | Detection Name |
---|---|
Acronis | suspicious |
AegisLab | Trojan.Win32.Generic.4!c |
AhnLab-V3 | Malware/Win32.Generic.C2798453 |
Antiy-AVL | Trojan/Win32.TSGeneric |
Avast | Win32:Malware-gen |
AVG | Win32:Malware-gen |
Avira | HEUR/AGEN.1023554 |
Bkav | W32.HfsAutoB. |
CAT-QuickHeal | Worm.Generic |
Comodo | Malware@#oluzwdkod5a7 |
CrowdStrike | win/malicious_confidence_70% (W) |
Cybereason | malicious.872bd6 |
Cylance | Unsafe |
Cyren | W32/Trojan.YPXN-6116 |
Endgame | malicious (high confidence) |
ESET-NOD32 | a variant of MSIL/HackTool.Crack.V potentially unsafe |
F-Secure | Heuristic.HEUR/AGEN.1023554 |
FireEye | Generic.mg.db73fbb0648aa054 |
Fortinet | W32/Crack.V!tr |
GData | Win32.Trojan.Agent.0LWL9T |
Ikarus | PUA.MSIL.Hacktool |
Invincea | heuristic |
K7AntiVirus | Unwanted-Program ( 0050b6021 ) |
K7GW | Unwanted-Program ( 0050b6021 ) |
Malwarebytes | HackTool.Agent |
MAX | malware (ai score=99) |
McAfee | Generic-FAWW!DB73FBB0648A |
McAfee-GW-Edition | BehavesLike.Win32.Dropper.dc |
Microsoft | Trojan:Win32/Tiggre!rfn |
NANO-Antivirus | Trojan.Win32.Crack.fdtudi |
Paloalto | generic.ml |
Panda | Trj/CI.A |
Rising | Virus.Virut!8.44 (CLOUD) |
SentinelOne | DFI - Malicious PE |
Sophos | Mal/EncPk-ANL |
Symantec | ML.Attribute.HighConfidence |
Trapmine | malicious.moderate.ml.score |
TrendMicro | TROJ_GEN.R002C0PBB19 |
TrendMicro-HouseCall | TROJ_GEN.R002C0PBB19 |
Webroot | W32.Trojan.Genkd |
Yandex | PUP.Crack! |
Zillya | Tool.Crack.Win32.1711 |
The following information was gathered by executing the file inside Cuckoo Sandbox.
Successfully executed process in sandbox.
{ "file_created": [ "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}\\000005E8.obs" ], "directory_created": [ "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\", "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}" ], "dll_loaded": [ "dwmapi.dll", "ADVAPI32.dll", "psapi.dll", "SHLWAPI.dll", "C:\\Windows\\system32\\uxtheme.dll" ], "file_failed": [ "\\??\\VBoxGuest", "\\??\\SICE", "\\??\\NTICE", "C:\\Users\\cuck\\AppData\\Local\\Temp\\381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin.config", "\\??\\NTFIRE" ], "regkey_opened": [ "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\Upgrades", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\Upgrades", "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework\\Policy\\Standards", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\Standards\\v4.0.30319", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework", "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework\\Policy\\Upgrades", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\Standards", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\AppPatch", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\v2.0", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\Standards" ], "file_exists": [ "C:\\Windows\\System32\\mscoree.dll.local" ], "mutex": [ "{87EE6C4F-6B0F0419-23A5F32C-A653477D}" ], "file_opened": [ "C:\\Users\\cuck\\AppData\\Local\\Temp\\381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin" ], "file_read": [ "C:\\Users\\cuck\\AppData\\Local\\Temp\\381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin" ], "regkey_read": [ "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\RegisteredOwner", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\InstallRoot", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\CLRLoadLogDir", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\OnlyUseLatestCLR" ], "directory_enumerated": [ "C:\\Windows\\Microsoft.NET\\Framework\\Upgrades.2.0.50727\\mscoreei.dll", "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscoreei.dll", "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}\\*.obs", "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorwks.dll" ] }
[ { "process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin", "process_name": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin", "pid": 1512, "summary": { "file_created": [ "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}\\000005E8.obs" ], "directory_created": [ "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\", "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}" ], "dll_loaded": [ "dwmapi.dll", "ADVAPI32.dll", "psapi.dll", "SHLWAPI.dll", "C:\\Windows\\system32\\uxtheme.dll" ], "file_failed": [ "\\??\\VBoxGuest", "\\??\\SICE", "\\??\\NTICE", "C:\\Users\\cuck\\AppData\\Local\\Temp\\381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin.config", "\\??\\NTFIRE" ], "regkey_opened": [ "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\Upgrades", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\Upgrades", "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework\\Policy\\Standards", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\Standards\\v4.0.30319", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework", "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework\\Policy\\Upgrades", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\Standards", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\AppPatch", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\v2.0", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\Standards" ], "file_exists": [ "C:\\Windows\\System32\\mscoree.dll.local" ], "mutex": [ "{87EE6C4F-6B0F0419-23A5F32C-A653477D}" ], "file_opened": [ "C:\\Users\\cuck\\AppData\\Local\\Temp\\381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin" ], "file_read": [ "C:\\Users\\cuck\\AppData\\Local\\Temp\\381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin" ], "regkey_read": [ "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\RegisteredOwner", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\InstallRoot", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\CLRLoadLogDir", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\OnlyUseLatestCLR" ], "directory_enumerated": [ "C:\\Windows\\Microsoft.NET\\Framework\\Upgrades.2.0.50727\\mscoreei.dll", "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscoreei.dll", "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}\\*.obs", "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorwks.dll" ] }, "first_seen": 1567057986.75, "ppid": 1564 }, { "process_path": "C:\\Windows\\System32\\lsass.exe", "process_name": "lsass.exe", "pid": 476, "summary": {}, "first_seen": 1567057986.5469, "ppid": 376 } ]
[ { "markcount": 1, "families": [], "description": "Queries for the computername", "severity": 1, "marks": [ { "call": { "category": "misc", "status": 1, "stacktrace": [], "api": "GetComputerNameA", "return_value": 1, "arguments": { "computer_name": "CUCKPC" }, "time": 1567057986.922, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 299 } ], "references": [], "name": "antivm_queries_computername" }, { "markcount": 2, "families": [], "description": "Checks if process is being debugged by a debugger", "severity": 1, "marks": [ { "call": { "category": "system", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741816, "api": "IsDebuggerPresent", "return_value": 0, "arguments": {}, "time": 1567057986.89, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 87 }, { "call": { "category": "system", "status": 0, "stacktrace": [], "last_error": 18, "nt_status": -1073741772, "api": "IsDebuggerPresent", "return_value": 0, "arguments": {}, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 257 } ], "references": [], "name": "checks_debugger" }, { "markcount": 1, "families": [], "description": "The executable contains unknown PE section names indicative of a packer (could be a false positive)", "severity": 1, "marks": [ { "category": "section", "ioc": "", "type": "ioc", "description": null } ], "references": [], "name": "pe_features" }, { "markcount": 54, "families": [], "description": "One or more processes crashed", "severity": 1, "marks": [ { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "R\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5", "registers": { "esp": 1638272, "edi": 0, "eax": 0, "ebp": 1638292, "edx": 5148672, "ebx": 4294828032, "esi": 0, "ecx": 0 }, "exception": { "instruction_r": "8b 10 eb 04 dc b1 38 3a 64 8f 00 eb 01 0d 83 c4", "symbol": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26+0xe905c", "instruction": "mov edx, dword ptr [eax]", "module": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin", "exception_code": "0xc0000005", "offset": 954460, "address": "0x4e905c" } }, "time": 1567057986.859, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 0 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "R\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5", "registers": { "esp": 1638240, "edi": 0, "eax": 0, "ebp": 1638292, "edx": 0, "ebx": 4294828032, "esi": 0, "ecx": 0 }, "exception": { "instruction_r": "8b 00 eb 03 dd a4 7b 64 8f 00 eb 01 c1 83 c4 04", "symbol": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26+0xea244", "instruction": "mov eax, dword ptr [eax]", "module": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin", "exception_code": "0xc0000005", "offset": 959044, "address": "0x4ea244" } }, "time": 1567057986.859, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 1 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "", "registers": { "esp": 1638232, "edi": 5243377, "eax": 0, "ebp": 4282126712, "edx": 0, "ebx": 5150328, "esi": 5150328, "ecx": 5243634 }, "exception": { "instruction_r": "cd 01 40 40 eb 03 a2 24 ff 85 c0 73 05 03 2d db", "symbol": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26+0x10028d", "instruction": "int 1", "module": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin", "exception_code": "0xc0000005", "offset": 1049229, "address": "0x50028d" } }, "time": 1567057986.875, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 9 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "", "registers": { "esp": 1638240, "edi": 5235197, "eax": 0, "ebp": 4282132466, "edx": 0, "ebx": 30539776, "esi": 5150328, "ecx": 877 }, "exception": { "instruction_r": "89 0a eb 02 dc 77 e9 f0 fb ff ff eb 03 33 92 5b", "symbol": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26+0xebc6d", "instruction": "mov dword ptr [edx], ecx", "module": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin", "exception_code": "0xc0000005", "offset": 965741, "address": "0x4ebc6d" } }, "time": 1567057986.875, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 18 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "", "registers": { "esp": 1638240, "edi": 31260672, "eax": 3339275212, "ebp": 4282132466, "edx": 5237109, "ebx": 30539776, "esi": 31260856, "ecx": 0 }, "exception": { "instruction_r": "0f 0b eb 03 89 b4 0e 0f 0b eb 02 02 97 e9 bf 04", "symbol": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26+0xeb833", "instruction": "ud2", "module": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin", "exception_code": "0xc000001d", "offset": 964659, "address": "0x4eb833" } }, "time": 1567057986.875, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 20 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\nb\nd\n2\n7\n \n@\n \n0\nx\n4\ne\nb\nd\n2\n7", "registers": { "esp": 1637904, "edi": 30543592, "eax": 0, "ebp": 1638220, "edx": 5158672, "ebx": 31260856, "esi": 4282199045, "ecx": 235 }, "exception": { "instruction_r": "0f 0b eb 01 d2 0f 0b eb 01 f2 eb 02 3e 66 eb 03", "instruction": "ud2", "exception_code": "0xc000001d", "symbol": "", "address": "0x1dd0cea" } }, "time": 1567057986.875, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 29 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "R\nt\nl\nD\no\ns\nS\ne\na\nr\nc\nh\nP\na\nt\nh\n_\nU\ns\nt\nr\n+\n0\nx\na\nd\na\n \nR\nt\nl\nC\na\np\nt\nu\nr\ne\nC\no\nn\nt\ne\nx\nt\n-\n0\nx\n7\n2\n \nn\nt\nd\nl\nl\n+\n0\nx\n4\n6\na\nb\n9\n \n@\n \n0\nx\n7\n7\nb\nd\n6\na\nb\n9\n\n\nR\nt\nl\nD\no\ns\nS\ne\na\nr\nc\nh\nP\na\nt\nh\n_\nU\ns\nt\nr\n+\n0\nx\na\na\nc\n \nR\nt\nl\nC\na\np\nt\nu\nr\ne\nC\no\nn\nt\ne\nx\nt\n-\n0\nx\na\n0\n \nn\nt\nd\nl\nl\n+\n0\nx\n4\n6\na\n8\nb\n \n@\n \n0\nx\n7\n7\nb\nd\n6\na\n8\nb\n\n\nN\ne\nw\n_\nn\nt\nd\nl\nl\n_\nR\nt\nl\nD\ni\ns\np\na\nt\nc\nh\nE\nx\nc\ne\np\nt\ni\no\nn\n@\n8\n+\n0\nx\nf\n7\n \nN\ne\nw\n_\nn\nt\nd\nl\nl\n_\nR\nt\nl\nR\ne\nm\no\nv\ne\nV\ne\nc\nt\no\nr\ne\nd\nC\no\nn\nt\ni\nn\nu\ne\nH\na\nn\nd\nl\ne\nr\n@\n4\n-\n0\nx\n2\n3\n \n@\n \n0\nx\n6\n3\nd\ne\n4\na\n5\n9\n\n\nK\ni\nU\ns\ne\nr\nE\nx\nc\ne\np\nt\ni\no\nn\nD\ni\ns\np\na\nt\nc\nh\ne\nr\n+\n0\nx\nf\n \nK\ni\nR\na\ni\ns\ne\nU\ns\ne\nr\nE\nx\nc\ne\np\nt\ni\no\nn\nD\ni\ns\np\na\nt\nc\nh\ne\nr\n-\n0\nx\n4\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n1\n0\n1\n4\n3\n \n@\n \n0\nx\n7\n7\nb\na\n0\n1\n4\n3\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\nb\nd\n2\n7\n \n@\n \n0\nx\n4\ne\nb\nd\n2\n7", "registers": { "esp": 1636112, "edi": 0, "eax": 0, "ebp": 1636128, "edx": 5158672, "ebx": 31264255, "esi": 0, "ecx": 1636780 }, "exception": { "instruction_r": "f7 f0 eb 01 83 eb 03 23 84 3a eb 05 dd 96 cf fd", "instruction": "div eax", "exception_code": "0xc0000094", "symbol": "", "address": "0x1dd0e6b" } }, "time": 1567057986.875, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 30 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "0\nx\n1\nd\nd\n5\na\n5\n5\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\nb\nd\n2\n7\n \n@\n \n0\nx\n4\ne\nb\nd\n2\n7", "registers": { "esp": 1637880, "edi": 30567976, "eax": 1, "ebp": 1637892, "edx": 5158672, "ebx": 31260856, "esi": 4282199045, "ecx": 2020557398 }, "exception": { "instruction_r": "0f 3f 07 0b c7 45 fc ff ff ff ff 33 c0 33 d2 39", "exception_code": "0xc000001d", "symbol": "", "address": "0x1dd5bc4" } }, "time": 1567057986.875, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 73 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\nb\nd\n2\n7\n \n@\n \n0\nx\n4\ne\nb\nd\n2\n7", "registers": { "esp": 1637904, "edi": 30567976, "eax": 0, "ebp": 1638220, "edx": 2, "ebx": 31260856, "esi": 4282199045, "ecx": 4294823936 }, "exception": { "instruction_r": "8b 00 90 90 f8 eb 01 65 73 48 eb 05 ea e9 8f 69", "instruction": "mov eax, dword ptr [eax]", "exception_code": "0xc0000005", "symbol": "", "address": "0x1dd5a7d" } }, "time": 1567057986.875, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 75 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\nb\nd\n2\n7\n \n@\n \n0\nx\n4\ne\nb\nd\n2\n7", "registers": { "esp": 1637904, "edi": 30567976, "eax": 0, "ebp": 1638220, "edx": 2, "ebx": 31260856, "esi": 4282199045, "ecx": 4294823936 }, "exception": { "instruction_r": "90 f8 eb 01 65 73 48 eb 05 ea e9 8f 69 62 eb 03", "instruction": "nop", "exception_code": "0x80000004", "symbol": "", "address": "0x1dd5a80" } }, "time": 1567057986.875, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 76 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\nb\nd\n2\n7\n \n@\n \n0\nx\n4\ne\nb\nd\n2\n7", "registers": { "esp": 1637900, "edi": 30569668, "eax": 0, "ebp": 1638220, "edx": 5158672, "ebx": 31260856, "esi": 1637900, "ecx": 150 }, "exception": { "instruction_r": "cc eb 01 8b 8b 83 20 02 00 00 eb 03 a3 64 2c c7", "instruction": "int3", "exception_code": "0x80000003", "symbol": "", "address": "0x1dd5ab3" } }, "time": 1567057986.875, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 78 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\nb\nd\n2\n7\n \n@\n \n0\nx\n4\ne\nb\nd\n2\n7", "registers": { "esp": 1637904, "edi": 30570200, "eax": 0, "ebp": 1638220, "edx": 31284153, "ebx": 31260856, "esi": 4282199045, "ecx": 5158672 }, "exception": { "instruction_r": "cd 01 40 40 eb 01 2b 85 c0 eb 05 82 cb 05 0e d5", "instruction": "int 1", "exception_code": "0xc0000005", "symbol": "", "address": "0x1dd5ac9" } }, "time": 1567057986.875, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 79 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "", "registers": { "esp": 1638240, "edi": 30588896, "eax": 92, "ebp": 4282138865, "edx": 5167569, "ebx": 30539776, "esi": 31260856, "ecx": 0 }, "exception": { "instruction_r": "0f 0b eb 03 a0 a8 70 0f 0b eb 03 63 9e 62 eb a1", "symbol": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26+0xedea2", "instruction": "ud2", "module": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin", "exception_code": "0xc000001d", "offset": 974498, "address": "0x4edea2" } }, "time": 1567057986.89, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 135 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "", "registers": { "esp": 1638240, "edi": 31029764, "eax": 31029764, "ebp": 4282138865, "edx": 0, "ebx": 30539776, "esi": 31260856, "ecx": 3351183360 }, "exception": { "instruction_r": "89 0a eb 03 c1 a3 10 e9 8a fd ff ff eb 01 86 55", "symbol": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26+0xedf2e", "instruction": "mov dword ptr [edx], ecx", "module": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin", "exception_code": "0xc0000005", "offset": 974638, "address": "0x4edf2e" } }, "time": 1567057986.89, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 139 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637904, "edi": 31076140, "eax": 0, "ebp": 1638220, "edx": 5158672, "ebx": 31260856, "esi": 4282199045, "ecx": 235 }, "exception": { "instruction_r": "0f 0b eb 01 d2 0f 0b eb 01 f2 eb 02 3e 66 eb 03", "instruction": "ud2", "exception_code": "0xc000001d", "symbol": "", "address": "0x1de47b2" } }, "time": 1567057986.89, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 151 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "R\nt\nl\nD\no\ns\nS\ne\na\nr\nc\nh\nP\na\nt\nh\n_\nU\ns\nt\nr\n+\n0\nx\na\nd\na\n \nR\nt\nl\nC\na\np\nt\nu\nr\ne\nC\no\nn\nt\ne\nx\nt\n-\n0\nx\n7\n2\n \nn\nt\nd\nl\nl\n+\n0\nx\n4\n6\na\nb\n9\n \n@\n \n0\nx\n7\n7\nb\nd\n6\na\nb\n9\n\n\nR\nt\nl\nD\no\ns\nS\ne\na\nr\nc\nh\nP\na\nt\nh\n_\nU\ns\nt\nr\n+\n0\nx\na\na\nc\n \nR\nt\nl\nC\na\np\nt\nu\nr\ne\nC\no\nn\nt\ne\nx\nt\n-\n0\nx\na\n0\n \nn\nt\nd\nl\nl\n+\n0\nx\n4\n6\na\n8\nb\n \n@\n \n0\nx\n7\n7\nb\nd\n6\na\n8\nb\n\n\nN\ne\nw\n_\nn\nt\nd\nl\nl\n_\nR\nt\nl\nD\ni\ns\np\na\nt\nc\nh\nE\nx\nc\ne\np\nt\ni\no\nn\n@\n8\n+\n0\nx\nf\n7\n \nN\ne\nw\n_\nn\nt\nd\nl\nl\n_\nR\nt\nl\nR\ne\nm\no\nv\ne\nV\ne\nc\nt\no\nr\ne\nd\nC\no\nn\nt\ni\nn\nu\ne\nH\na\nn\nd\nl\ne\nr\n@\n4\n-\n0\nx\n2\n3\n \n@\n \n0\nx\n6\n3\nd\ne\n4\na\n5\n9\n\n\nK\ni\nU\ns\ne\nr\nE\nx\nc\ne\np\nt\ni\no\nn\nD\ni\ns\np\na\nt\nc\nh\ne\nr\n+\n0\nx\nf\n \nK\ni\nR\na\ni\ns\ne\nU\ns\ne\nr\nE\nx\nc\ne\np\nt\ni\no\nn\nD\ni\ns\np\na\nt\nc\nh\ne\nr\n-\n0\nx\n4\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n1\n0\n1\n4\n3\n \n@\n \n0\nx\n7\n7\nb\na\n0\n1\n4\n3\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1636112, "edi": 0, "eax": 0, "ebp": 1636128, "edx": 5158672, "ebx": 31344839, "esi": 0, "ecx": 1636780 }, "exception": { "instruction_r": "f7 f0 eb 01 83 eb 03 23 84 3a eb 05 dd 96 cf fd", "instruction": "div eax", "exception_code": "0xc0000094", "symbol": "", "address": "0x1de4933" } }, "time": 1567057986.89, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 152 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637888, "edi": 31260856, "eax": 0, "ebp": 1637916, "edx": 1637908, "ebx": 12144792, "esi": 4282199045, "ecx": 94 }, "exception": { "instruction_r": "0f b7 53 06 eb 03 a9 b2 72 c1 e2 10 eb 01 83 66", "instruction": "movzx edx, word ptr [ebx + 6]", "exception_code": "0xc0000005", "symbol": "", "address": "0x1de4aed" } }, "time": 1567057986.89, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 158 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637892, "edi": 31079196, "eax": 0, "ebp": 1637916, "edx": 5237109, "ebx": 31260856, "esi": 31345244, "ecx": 1 }, "exception": { "instruction_r": "0f 0b 0f 0b eb b6 eb 01 b4 eb 01 a2 33 d2 71 03", "instruction": "ud2", "exception_code": "0xc000001d", "symbol": "", "address": "0x1de4c36" } }, "time": 1567057986.89, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 159 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637892, "edi": 31079196, "eax": 0, "ebp": 1637916, "edx": 5237109, "ebx": 31260856, "esi": 31345244, "ecx": 0 }, "exception": { "instruction_r": "0f 0b 0f 0b eb b6 eb 01 b4 eb 01 a2 33 d2 71 03", "instruction": "ud2", "exception_code": "0xc000001d", "symbol": "", "address": "0x1de4c36" } }, "time": 1567057986.89, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 160 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637892, "edi": 31079196, "eax": 0, "ebp": 1637916, "edx": 5237109, "ebx": 31260856, "esi": 31345244, "ecx": 1 }, "exception": { "instruction_r": "8b c2 eb 03 bb 35 1f 55 8b 60 83 6c 24 20 05 8b", "instruction": "mov eax, edx", "exception_code": "0x80000004", "symbol": "", "address": "0x1de4cc3" } }, "time": 1567057986.89, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 161 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637892, "edi": 31079196, "eax": 0, "ebp": 1637916, "edx": 5237109, "ebx": 31260856, "esi": 31345244, "ecx": 0 }, "exception": { "instruction_r": "8b c2 eb 03 bb 35 1f 55 8b 60 83 6c 24 20 05 8b", "instruction": "mov eax, edx", "exception_code": "0x80000004", "symbol": "", "address": "0x1de4cc3" } }, "time": 1567057986.89, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 162 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637892, "edi": 31079196, "eax": 0, "ebp": 1637916, "edx": 5237109, "ebx": 31260856, "esi": 31345244, "ecx": 1 }, "exception": { "instruction_r": "8b c2 eb 03 bb 35 1f 55 8b 60 83 6c 24 20 05 8b", "instruction": "mov eax, edx", "exception_code": "0x80000004", "symbol": "", "address": "0x1de4cc3" } }, "time": 1567057986.89, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 163 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637892, "edi": 31079196, "eax": 5237110, "ebp": 1637916, "edx": 5237109, "ebx": 31260856, "esi": 31345244, "ecx": 0 }, "exception": { "instruction_r": "cc eb 02 80 26 5e 5b 8b e5 5d c3 eb 04 03 bb ba", "instruction": "int3", "exception_code": "0x80000003", "symbol": "", "address": "0x1de4c09" } }, "time": 1567057986.89, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 164 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637892, "edi": 31079196, "eax": 0, "ebp": 1637916, "edx": 5237109, "ebx": 31260856, "esi": 31345244, "ecx": 1 }, "exception": { "instruction_r": "8b c2 eb 03 bb 35 1f 55 8b 60 83 6c 24 20 05 8b", "instruction": "mov eax, edx", "exception_code": "0x80000004", "symbol": "", "address": "0x1de4cc3" } }, "time": 1567057986.89, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 165 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637892, "edi": 31079196, "eax": 0, "ebp": 1637916, "edx": 5237109, "ebx": 31260856, "esi": 31345244, "ecx": 0 }, "exception": { "instruction_r": "8b c2 eb 03 bb 35 1f 55 8b 60 83 6c 24 20 05 8b", "instruction": "mov eax, edx", "exception_code": "0x80000004", "symbol": "", "address": "0x1de4cc3" } }, "time": 1567057986.89, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 166 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "0\nx\n1\nd\ne\n4\na\nf\n5\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637880, "edi": 31079968, "eax": 1, "ebp": 1637892, "edx": 5158672, "ebx": 31260856, "esi": 4282199045, "ecx": 2020557398 }, "exception": { "instruction_r": "0f 3f 07 0b c7 45 fc ff ff ff ff 33 c0 33 d2 39", "exception_code": "0xc000001d", "symbol": "", "address": "0x1de4c64" } }, "time": 1567057986.89, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 167 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637904, "edi": 31079968, "eax": 0, "ebp": 1638220, "edx": 2, "ebx": 31260856, "esi": 4282199045, "ecx": 4294823936 }, "exception": { "instruction_r": "8b 00 90 90 f8 eb 01 65 73 48 eb 05 ea e9 8f 69", "instruction": "mov eax, dword ptr [eax]", "exception_code": "0xc0000005", "symbol": "", "address": "0x1de4b1d" } }, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 169 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637904, "edi": 31079968, "eax": 0, "ebp": 1638220, "edx": 2, "ebx": 31260856, "esi": 4282199045, "ecx": 4294823936 }, "exception": { "instruction_r": "90 f8 eb 01 65 73 48 eb 05 ea e9 8f 69 62 eb 03", "instruction": "nop", "exception_code": "0x80000004", "symbol": "", "address": "0x1de4b20" } }, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 170 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637904, "edi": 31081108, "eax": 17152, "ebp": 1638220, "edx": 5158672, "ebx": 31260856, "esi": 4282199045, "ecx": 62 }, "exception": { "instruction_r": "cd 68 eb 02 c1 4c 66 3d 86 f3 eb 04 ea 0d bf ea", "instruction": "int 0x68", "exception_code": "0xc0000005", "symbol": "", "address": "0x1de4ad0" } }, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 171 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637904, "edi": 31086160, "eax": 0, "ebp": 1638220, "edx": 31348637, "ebx": 31260856, "esi": 4282199045, "ecx": 5158672 }, "exception": { "instruction_r": "cd 01 40 40 eb 01 2b 85 c0 eb 05 82 cb 05 0e d5", "instruction": "int 1", "exception_code": "0xc0000005", "symbol": "", "address": "0x1de56ad" } }, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 176 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "", "registers": { "esp": 1637900, "edi": 31091840, "eax": 4, "ebp": 1111705675, "edx": 5158672, "ebx": 31260856, "esi": 4282199045, "ecx": 0 }, "exception": { "instruction_r": "cc eb 04 33 15 e8 cf 3c 04 eb 03 30 8e 94 75 49", "instruction": "int3", "exception_code": "0x80000003", "symbol": "", "address": "0x1de692b" } }, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 258 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637892, "edi": 31092388, "eax": 0, "ebp": 1637916, "edx": 5237109, "ebx": 31260856, "esi": 31353004, "ecx": 0 }, "exception": { "instruction_r": "cc eb 02 80 26 5e 5b 8b e5 5d c3 eb 04 03 bb ba", "instruction": "int3", "exception_code": "0x80000003", "symbol": "", "address": "0x1de6a59" } }, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 259 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637892, "edi": 31092388, "eax": 0, "ebp": 1637916, "edx": 5237109, "ebx": 31260856, "esi": 31353004, "ecx": 1 }, "exception": { "instruction_r": "8b c2 eb 03 bb 35 1f 55 8b 60 83 6c 24 20 05 8b", "instruction": "mov eax, edx", "exception_code": "0x80000004", "symbol": "", "address": "0x1de6b13" } }, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 260 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637892, "edi": 31092388, "eax": 0, "ebp": 1637916, "edx": 5237109, "ebx": 31260856, "esi": 31353004, "ecx": 0 }, "exception": { "instruction_r": "8b c2 eb 03 bb 35 1f 55 8b 60 83 6c 24 20 05 8b", "instruction": "mov eax, edx", "exception_code": "0x80000004", "symbol": "", "address": "0x1de6b13" } }, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 261 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637892, "edi": 31092388, "eax": 5237110, "ebp": 1637916, "edx": 5237109, "ebx": 31260856, "esi": 31353004, "ecx": 1 }, "exception": { "instruction_r": "cc eb 02 80 26 5e 5b 8b e5 5d c3 eb 04 03 bb ba", "instruction": "int3", "exception_code": "0x80000003", "symbol": "", "address": "0x1de6a59" } }, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 262 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637892, "edi": 31092388, "eax": 0, "ebp": 1637916, "edx": 5237109, "ebx": 31260856, "esi": 31353004, "ecx": 0 }, "exception": { "instruction_r": "cc eb 02 80 26 5e 5b 8b e5 5d c3 eb 04 03 bb ba", "instruction": "int3", "exception_code": "0x80000003", "symbol": "", "address": "0x1de6a59" } }, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 263 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637892, "edi": 31092388, "eax": 0, "ebp": 1637916, "edx": 0, "ebx": 31260856, "esi": 31353004, "ecx": 1 }, "exception": { "symbol": "", "exception_code": "0xc0000005", "address": "0x0" } }, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 264 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637892, "edi": 31092388, "eax": 5237110, "ebp": 1637916, "edx": 5237109, "ebx": 31260856, "esi": 31353004, "ecx": 0 }, "exception": { "instruction_r": "cc eb 02 80 26 5e 5b 8b e5 5d c3 eb 04 03 bb ba", "instruction": "int3", "exception_code": "0x80000003", "symbol": "", "address": "0x1de6a59" } }, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 265 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "0\nx\n1\nd\ne\n6\n8\nb\n4\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637552, "edi": 31096864, "eax": 0, "ebp": 1637904, "edx": 31318796, "ebx": 31260856, "esi": 31318796, "ecx": 31260856 }, "exception": { "instruction_r": "f7 f0 eb 03 9a 1e 07 eb 16 eb 02 35 5b eb 02 0f", "instruction": "div eax", "exception_code": "0xc0000094", "symbol": "", "address": "0x1dde3b5" } }, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 275 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "0\nx\n1\nd\ne\n6\n9\na\na\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637528, "edi": 31353268, "eax": 0, "ebp": 1637884, "edx": 1637600, "ebx": 31260856, "esi": 31321790, "ecx": 31260856 }, "exception": { "instruction_r": "0f 0b 0f 0b eb 04 82 64 19 05 eb 01 28 f7 f0 eb", "instruction": "ud2", "exception_code": "0xc000001d", "symbol": "", "address": "0x1ddef51" } }, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 277 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "0\nx\n1\nd\ne\n7\n2\n8\nc\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637552, "edi": 31099416, "eax": 0, "ebp": 1637904, "edx": 31318796, "ebx": 31260856, "esi": 31318796, "ecx": 31260856 }, "exception": { "instruction_r": "f7 f0 eb 03 9a 1e 07 eb 16 eb 02 35 5b eb 02 0f", "instruction": "div eax", "exception_code": "0xc0000094", "symbol": "", "address": "0x1dde3b5" } }, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 278 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "0\nx\n1\nd\ne\n7\nd\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637540, "edi": 31099416, "eax": 0, "ebp": 1637892, "edx": 31318796, "ebx": 31260856, "esi": 31318796, "ecx": 31260856 }, "exception": { "instruction_r": "f7 f0 eb 03 9a 1e 07 eb 16 eb 02 35 5b eb 02 0f", "instruction": "div eax", "exception_code": "0xc0000094", "symbol": "", "address": "0x1dde3b5" } }, "time": 1567057986.906, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 282 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "0\nx\n1\nd\ne\n8\n0\n5\n3\n\n\n0\nx\n1\nd\ne\n7\n8\n4\nd\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637128, "edi": 31099416, "eax": 0, "ebp": 1637484, "edx": 1637508, "ebx": 31260856, "esi": 31321790, "ecx": 31260856 }, "exception": { "instruction_r": "0f 0b 0f 0b eb 04 82 64 19 05 eb 01 28 f7 f0 eb", "instruction": "ud2", "exception_code": "0xc000001d", "symbol": "", "address": "0x1ddef51" } }, "time": 1567057986.922, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 284 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "0\nx\n1\nd\ne\nb\nd\nf\n8\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637532, "edi": 31099416, "eax": 0, "ebp": 1637884, "edx": 31318796, "ebx": 31260856, "esi": 31318796, "ecx": 31260856 }, "exception": { "instruction_r": "f7 f0 eb 03 9a 1e 07 eb 16 eb 02 35 5b eb 02 0f", "instruction": "div eax", "exception_code": "0xc0000094", "symbol": "", "address": "0x1dde3b5" } }, "time": 1567057986.922, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 285 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "0\nx\n1\nd\ne\nc\na\nd\na\n\n\n0\nx\n1\nd\ne\n7\n8\nf\nc\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637412, "edi": 31099416, "eax": 0, "ebp": 1637768, "edx": 4294967295, "ebx": 31260856, "esi": 31321790, "ecx": 31260856 }, "exception": { "instruction_r": "f7 f0 eb 02 2b 99 eb 06 eb 04 81 a5 9b 38 eb 03", "instruction": "div eax", "exception_code": "0xc0000094", "symbol": "", "address": "0x1ddef5e" } }, "time": 1567057986.922, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 287 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "0\nx\n1\nd\ne\n7\n9\n4\n5\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637540, "edi": 31099416, "eax": 0, "ebp": 1637896, "edx": 2902880718, "ebx": 31260856, "esi": 31321790, "ecx": 31260856 }, "exception": { "instruction_r": "0f 0b 0f 0b eb 04 82 64 19 05 eb 01 28 f7 f0 eb", "instruction": "ud2", "exception_code": "0xc000001d", "symbol": "", "address": "0x1ddef51" } }, "time": 1567057986.922, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 288 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "0\nx\n1\nd\ne\n9\n1\n6\n3\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1637244, "edi": 5144772, "eax": 0, "ebp": 1637596, "edx": 31318796, "ebx": 31260856, "esi": 31318796, "ecx": 31260856 }, "exception": { "instruction_r": "f7 f0 eb 03 9a 1e 07 eb 16 eb 02 35 5b eb 02 0f", "instruction": "div eax", "exception_code": "0xc0000094", "symbol": "", "address": "0x1dde3b5" } }, "time": 1567057986.922, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 303 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "0\nx\n1\nd\ne\n9\n8\nd\na\n\n\n0\nx\n1\nd\ne\ne\n6\ne\n5\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1636964, "edi": 5144772, "eax": 0, "ebp": 1637316, "edx": 31318796, "ebx": 31260856, "esi": 31318796, "ecx": 31260856 }, "exception": { "instruction_r": "f7 f0 eb 03 9a 1e 07 eb 16 eb 02 35 5b eb 02 0f", "instruction": "div eax", "exception_code": "0xc0000094", "symbol": "", "address": "0x1dde3b5" } }, "time": 1567057986.922, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 305 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "0\nx\n1\nd\nd\nf\na\nc\n4\n\n\n0\nx\n1\nd\ne\n9\n1\n7\nd\n\n\n0\nx\n1\nd\ne\ne\n6\ne\n5\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1636932, "edi": 5144772, "eax": 0, "ebp": 1637284, "edx": 31318796, "ebx": 31260856, "esi": 31318796, "ecx": 31260856 }, "exception": { "instruction_r": "f7 f0 eb 03 9a 1e 07 eb 16 eb 02 35 5b eb 02 0f", "instruction": "div eax", "exception_code": "0xc0000094", "symbol": "", "address": "0x1dde3b5" } }, "time": 1567057986.922, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 309 }, { "call": { "category": "__notification__", "status": 1, "stacktrace": [], "raw": [ "stacktrace" ], "api": "__exception__", "return_value": 0, "arguments": { "stacktrace": "0\nx\n1\nd\nd\nf\nb\na\n8\n\n\n0\nx\n1\nd\ne\n9\n9\n4\n1\n\n\n0\nx\n1\nd\ne\n9\n1\n7\nd\n\n\n0\nx\n1\nd\ne\ne\n6\ne\n5\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8", "registers": { "esp": 1636920, "edi": 5144772, "eax": 0, "ebp": 1637276, "edx": 0, "ebx": 14834580, "esi": 31321790, "ecx": 31260856 }, "exception": { "instruction_r": "0f 0b 0f 0b eb 04 82 64 19 05 eb 01 28 f7 f0 eb", "instruction": "ud2", "exception_code": "0xc000001d", "symbol": "", "address": "0x1ddef51" } }, "time": 1567057986.922, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 311 } ], "references": [], "name": "raises_exception" }, { "markcount": 12, "families": [], "description": "Allocates read-write-execute memory (usually to unpack itself)", "severity": 2, "marks": [ { "call": { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 1512, "region_size": 593920, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 64, "process_handle": "0xffffffff", "allocation_type": 12288, "base_address": "0x01d20000" }, "time": 1567057986.875, "tid": 2732, "flags": { "protection": "PAGE_EXECUTE_READWRITE", "allocation_type": "MEM_COMMIT|MEM_RESERVE" } }, "pid": 1512, "type": "call", "cid": 13 }, { "call": { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 1512, "region_size": 278528, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 64, "process_handle": "0xffffffff", "allocation_type": 12288, "base_address": "0x01dd0000" }, "time": 1567057986.875, "tid": 2732, "flags": { "protection": "PAGE_EXECUTE_READWRITE", "allocation_type": "MEM_COMMIT|MEM_RESERVE" } }, "pid": 1512, "type": "call", "cid": 19 }, { "call": { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 1512, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 262144, "protection": 64, "process_handle": "0xffffffff", "base_address": "0x75181000" }, "time": 1567057986.875, "tid": 2732, "flags": { "protection": "PAGE_EXECUTE_READWRITE" } }, "pid": 1512, "type": "call", "cid": 58 }, { "call": { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 1512, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 64, "process_handle": "0xffffffff", "base_address": "0x77ba0000" }, "time": 1567057986.875, "tid": 2732, "flags": { "protection": "PAGE_EXECUTE_READWRITE" } }, "pid": 1512, "type": "call", "cid": 66 }, { "call": { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 1512, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 442368, "protection": 64, "process_handle": "0xffffffff", "base_address": "0x00402000" }, "time": 1567057986.89, "tid": 2732, "flags": { "protection": "PAGE_EXECUTE_READWRITE" } }, "pid": 1512, "type": "call", "cid": 137 }, { "call": { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 1512, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 442368, "protection": 64, "process_handle": "0xffffffff", "base_address": "0x00402000" }, "time": 1567057986.89, "tid": 2732, "flags": { "protection": "PAGE_EXECUTE_READWRITE" } }, "pid": 1512, "type": "call", "cid": 138 }, { "call": { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 1512, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 64, "process_handle": "0xffffffff", "base_address": "0x00402000" }, "time": 1567057986.89, "tid": 2732, "flags": { "protection": "PAGE_EXECUTE_READWRITE" } }, "pid": 1512, "type": "call", "cid": 146 }, { "call": { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 1512, "region_size": 4096, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 64, "process_handle": "0xffffffff", "allocation_type": 12288, "base_address": "0x01f30000" }, "time": 1567057986.89, "tid": 2732, "flags": { "protection": "PAGE_EXECUTE_READWRITE", "allocation_type": "MEM_COMMIT|MEM_RESERVE" } }, "pid": 1512, "type": "call", "cid": 150 }, { "call": { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 1512, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 331776, "protection": 64, "process_handle": "0xffffffff", "base_address": "0x77571000" }, "time": 1567057986.922, "tid": 2732, "flags": { "protection": "PAGE_EXECUTE_READWRITE" } }, "pid": 1512, "type": "call", "cid": 378 }, { "call": { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 1512, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 299008, "protection": 64, "process_handle": "0xffffffff", "base_address": "0x76310000" }, "time": 1567057986.922, "tid": 2732, "flags": { "protection": "PAGE_EXECUTE_READWRITE" } }, "pid": 1512, "type": "call", "cid": 382 }, { "call": { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 1512, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 651264, "protection": 64, "process_handle": "0xffffffff", "base_address": "0x76531000" }, "time": 1567057986.922, "tid": 2732, "flags": { "protection": "PAGE_EXECUTE_READWRITE" } }, "pid": 1512, "type": "call", "cid": 391 }, { "call": { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 1512, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 258048, "protection": 64, "process_handle": "0xffffffff", "base_address": "0x75db1000" }, "time": 1567057986.922, "tid": 2732, "flags": { "protection": "PAGE_EXECUTE_READWRITE" } }, "pid": 1512, "type": "call", "cid": 397 } ], "references": [], "name": "allocates_rwx" }, { "markcount": 2, "families": [], "description": "Creates hidden or system file", "severity": 2, "marks": [ { "call": { "category": "file", "status": 1, "stacktrace": [], "api": "SetFileAttributesW", "return_value": 1, "arguments": { "file_attributes": 2, "filepath_r": "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}", "filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}" }, "time": 1567057986.922, "tid": 2732, "flags": { "file_attributes": "FILE_ATTRIBUTE_HIDDEN" } }, "pid": 1512, "type": "call", "cid": 294 }, { "call": { "category": "file", "status": 1, "stacktrace": [], "api": "NtCreateFile", "return_value": 0, "arguments": { "create_disposition": 5, "file_handle": "0x0000011c", "filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}\\000005E8.obs", "desired_access": "0xc0110080", "file_attributes": 2, "filepath_r": "\\??\\C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}\\000005E8.obs", "create_options": 4192, "status_info": 2, "share_access": 0 }, "time": 1567057986.922, "tid": 2732, "flags": { "create_disposition": "FILE_OVERWRITE_IF", "desired_access": "FILE_READ_ATTRIBUTES|DELETE|SYNCHRONIZE|GENERIC_WRITE", "create_options": "FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_DELETE_ON_CLOSE", "file_attributes": "FILE_ATTRIBUTE_HIDDEN", "status_info": "FILE_CREATED", "share_access": "" } }, "pid": 1512, "type": "call", "cid": 296 } ], "references": [], "name": "creates_hidden_file" }, { "markcount": 1, "families": [], "description": "Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)", "severity": 2, "marks": [ { "call": { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 1512, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 1, "length": 4096, "protection": 32, "process_handle": "0xffffffff", "base_address": "0x01e30000" }, "time": 1567057986.89, "tid": 2732, "flags": { "protection": "PAGE_EXECUTE_READ" } }, "pid": 1512, "type": "call", "cid": 149 } ], "references": [], "name": "protection_rx" }, { "markcount": 3, "families": [], "description": "The binary likely contains encrypted or compressed data indicative of a packer", "severity": 2, "marks": [ { "entropy": 6.9836991716041, "section": { "size_of_data": "0x0003b1c4", "virtual_address": "0x000ad000", "entropy": 6.9836991716041, "name": ".rsrc", "virtual_size": "0x0003b1c4" }, "type": "generic", "description": "A section with a high entropy has been found" }, { "entropy": 7.9971440267011, "section": { "size_of_data": "0x00019e59", "virtual_address": "0x000e9000", "entropy": 7.9971440267011, "name": "", "virtual_size": "0x0001a000" }, "type": "generic", "description": "A section with a high entropy has been found" }, { "entropy": 0.99853169334186, "type": "generic", "description": "Overall entropy of this PE file is high" } ], "references": [ "http:\/\/www.forensickb.com\/2013\/03\/file-entropy-explained.html", "http:\/\/virii.es\/U\/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf" ], "name": "packer_entropy" }, { "markcount": 1, "families": [], "description": "Expresses interest in specific running processes", "severity": 2, "marks": [ { "category": "process", "ioc": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin", "type": "ioc", "description": null } ], "references": [], "name": "process_interest" }, { "markcount": 2, "families": [], "description": "Checks for the presence of known devices from debuggers and forensic tools", "severity": 3, "marks": [ { "category": "file", "ioc": "\\??\\SICE", "type": "ioc", "description": null }, { "category": "file", "ioc": "\\??\\NTICE", "type": "ioc", "description": null } ], "references": [], "name": "antidbg_devices" }, { "markcount": 3, "families": [], "description": "Checks for the presence of known windows from debuggers and forensic tools", "severity": 3, "marks": [ { "call": { "category": "ui", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "FindWindowW", "return_value": 0, "arguments": { "class_name": "WinDbgFrameClass", "window_name": "" }, "time": 1567057986.875, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 25 }, { "call": { "category": "ui", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "FindWindowW", "return_value": 0, "arguments": { "class_name": "OLLYDBG", "window_name": "" }, "time": 1567057986.875, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 27 }, { "call": { "category": "ui", "status": 1, "stacktrace": [], "api": "FindWindowExW", "return_value": 1639142, "arguments": { "class_name": "OLLYDBG", "parent_hwnd": "0x00000000", "child_after_hwnd": "0x00000000", "window_name": "OllyDBg" }, "time": 1567057986.89, "tid": 2732, "flags": {} }, "pid": 1512, "type": "call", "cid": 112 } ], "references": [], "name": "antidbg_windows" }, { "markcount": 1, "families": [], "description": "Detects VirtualBox through the presence of a device", "severity": 3, "marks": [ { "category": "file", "ioc": "\\??\\VBoxGuest", "type": "ioc", "description": null } ], "references": [], "name": "antivm_vbox_devices" } ]
The Yara rules did not detect anything in the file.
{ "tls": [], "udp": [ { "src": "192.168.56.101", "dst": "192.168.56.255", "offset": 546, "time": 3.0789890289307, "dport": 137, "sport": 137 }, { "src": "192.168.56.101", "dst": "224.0.0.252", "offset": 3346, "time": 3.0361969470978, "dport": 5355, "sport": 51001 }, { "src": "192.168.56.101", "dst": "224.0.0.252", "offset": 3674, "time": 1.0161118507385, "dport": 5355, "sport": 53595 }, { "src": "192.168.56.101", "dst": "224.0.0.252", "offset": 4002, "time": 3.0474109649658, "dport": 5355, "sport": 53848 }, { "src": "192.168.56.101", "dst": "224.0.0.252", "offset": 4330, "time": 1.653284072876, "dport": 5355, "sport": 54255 }, { "src": "192.168.56.101", "dst": "224.0.0.252", "offset": 4658, "time": -0.091340065002441, "dport": 5355, "sport": 55314 }, { "src": "192.168.56.101", "dst": "239.255.255.250", "offset": 4986, "time": 1.0807118415833, "dport": 1900, "sport": 1900 }, { "src": "192.168.56.101", "dst": "239.255.255.250", "offset": 12604, "time": 1.046660900116, "dport": 3702, "sport": 49152 }, { "src": "192.168.56.101", "dst": "239.255.255.250", "offset": 16796, "time": 3.1246619224548, "dport": 1900, "sport": 53598 } ], "dns_servers": [], "http": [], "icmp": [], "smtp": [], "tcp": [], "smtp_ex": [], "mitm": [], "hosts": [], "pcap_sha256": "a35f66c213cca721bd9ffcff86704f3dba9a29dc803b10bae5ee8f440be21287", "dns": [], "http_ex": [], "domains": [], "dead_hosts": [], "sorted_pcap_sha256": "172ecb0696026be728785d4a09ad657de4c51ad8ec498bdbb15ad2fc5a500aa9", "irc": [], "https_ex": [] }
The instructions below shows how to remove WinZip_Keygen.myegy.exe with help from the FreeFixer removal tool. Basically, you install FreeFixer, scan your computer, check the WinZip_Keygen.myegy.exe file for removal, restart your computer and scan it again to verify that WinZip_Keygen.myegy.exe has been successfully removed. Here are the removal instructions in more detail:
Property | Value |
---|---|
MD5 | db73fbb0648aa054a6dd0e3979c77f04 |
SHA256 | 381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26 |
These are some of the error messages that can appear related to winzip_keygen.myegy.exe:
winzip_keygen.myegy.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
winzip_keygen.myegy.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
Winzip_Keygen_By_DeltaFoX/TeamURET has stopped working.
End Program - winzip_keygen.myegy.exe. This program is not responding.
winzip_keygen.myegy.exe is not a valid Win32 application.
winzip_keygen.myegy.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
To help other users, please let us know what you will do with the file:
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.