What is WinZip_Keygen.myegy.exe?

WinZip_Keygen.myegy.exe is part of Winzip_Keygen_By_DeltaFoX/TeamURET and developed by DeFconX according to the WinZip_Keygen.myegy.exe version information.

WinZip_Keygen.myegy.exe's description is "Winzip_Keygen_By_DeltaFoX/TeamURET"

WinZip_Keygen.myegy.exe is usually located in the 'c:\downloads\' folder.

Some of the anti-virus scanners at VirusTotal detected WinZip_Keygen.myegy.exe.

If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.

Vendor and version information [?]

The following is the available information on WinZip_Keygen.myegy.exe:

PropertyValue
Product nameWinzip_Keygen_By_DeltaFoX/TeamURET
Company nameDeFconX
File descriptionWinzip_Keygen_By_DeltaFoX/TeamURET
Internal nameWinZip_Keygen_By_DFoX.exe
Original filenameWinZip_Keygen_By_DFoX.exe
CommentsKeygen and Factor for Winzip all Version and all Edition
Legal copyrightCopyright © 2017
Legal trademarkDeltaFoX
Product version2.9.0.0
File version2.9.0.0

Here's a screenshot of the file properties when displayed by Windows Explorer:

Product nameWinzip_Keygen_By_DeltaFoX/TeamURET
Company nameDeFconX
File descriptionWinzip_Keygen_By_DeltaFoX/TeamURET
Internal nameWinZip_Keygen_By_DFoX.exe
Original filenameWinZip_Keygen_By_DFoX.exe
CommentsKeygen and Factor for Winzip all Ver..
Legal copyrightCopyright © 2017
Legal trademarkDeltaFoX
Product version2.9.0.0
File version2.9.0.0

Digital signatures [?]

WinZip_Keygen.myegy.exe is not signed.

VirusTotal report

42 of the 71 anti-virus programs at VirusTotal detected the WinZip_Keygen.myegy.exe file. That's a 59% detection rate.

ScannerDetection Name
Acronis suspicious
AegisLab Trojan.Win32.Generic.4!c
AhnLab-V3 Malware/Win32.Generic.C2798453
Antiy-AVL Trojan/Win32.TSGeneric
Avast Win32:Malware-gen
AVG Win32:Malware-gen
Avira HEUR/AGEN.1023554
Bkav W32.HfsAutoB.
CAT-QuickHeal Worm.Generic
Comodo Malware@#oluzwdkod5a7
CrowdStrike win/malicious_confidence_70% (W)
Cybereason malicious.872bd6
Cylance Unsafe
Cyren W32/Trojan.YPXN-6116
Endgame malicious (high confidence)
ESET-NOD32 a variant of MSIL/HackTool.Crack.V potentially unsafe
F-Secure Heuristic.HEUR/AGEN.1023554
FireEye Generic.mg.db73fbb0648aa054
Fortinet W32/Crack.V!tr
GData Win32.Trojan.Agent.0LWL9T
Ikarus PUA.MSIL.Hacktool
Invincea heuristic
K7AntiVirus Unwanted-Program ( 0050b6021 )
K7GW Unwanted-Program ( 0050b6021 )
Malwarebytes HackTool.Agent
MAX malware (ai score=99)
McAfee Generic-FAWW!DB73FBB0648A
McAfee-GW-Edition BehavesLike.Win32.Dropper.dc
Microsoft Trojan:Win32/Tiggre!rfn
NANO-Antivirus Trojan.Win32.Crack.fdtudi
Paloalto generic.ml
Panda Trj/CI.A
Rising Virus.Virut!8.44 (CLOUD)
SentinelOne DFI - Malicious PE
Sophos Mal/EncPk-ANL
Symantec ML.Attribute.HighConfidence
Trapmine malicious.moderate.ml.score
TrendMicro TROJ_GEN.R002C0PBB19
TrendMicro-HouseCall TROJ_GEN.R002C0PBB19
Webroot W32.Trojan.Genkd
Yandex PUP.Crack!
Zillya Tool.Crack.Win32.1711
42 of the 71 anti-virus programs detected the WinZip_Keygen.myegy.exe file.

Sandbox Report

The following information was gathered by executing the file inside Cuckoo Sandbox.

Summary

Successfully executed process in sandbox.

Summary

{
    "file_created": [
        "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}\\000005E8.obs"
    ],
    "directory_created": [
        "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\",
        "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}"
    ],
    "dll_loaded": [
        "dwmapi.dll",
        "ADVAPI32.dll",
        "psapi.dll",
        "SHLWAPI.dll",
        "C:\\Windows\\system32\\uxtheme.dll"
    ],
    "file_failed": [
        "\\??\\VBoxGuest",
        "\\??\\SICE",
        "\\??\\NTICE",
        "C:\\Users\\cuck\\AppData\\Local\\Temp\\381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin.config",
        "\\??\\NTFIRE"
    ],
    "regkey_opened": [
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\Upgrades",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\Upgrades",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework\\Policy\\Standards",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\Standards\\v4.0.30319",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework\\Policy\\Upgrades",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\Standards",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\AppPatch",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\v2.0",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\Standards"
    ],
    "file_exists": [
        "C:\\Windows\\System32\\mscoree.dll.local"
    ],
    "mutex": [
        "{87EE6C4F-6B0F0419-23A5F32C-A653477D}"
    ],
    "file_opened": [
        "C:\\Users\\cuck\\AppData\\Local\\Temp\\381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin"
    ],
    "file_read": [
        "C:\\Users\\cuck\\AppData\\Local\\Temp\\381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin"
    ],
    "regkey_read": [
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\RegisteredOwner",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\InstallRoot",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\CLRLoadLogDir",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\OnlyUseLatestCLR"
    ],
    "directory_enumerated": [
        "C:\\Windows\\Microsoft.NET\\Framework\\Upgrades.2.0.50727\\mscoreei.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscoreei.dll",
        "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}\\*.obs",
        "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorwks.dll"
    ]
}

Generic

[
    {
        "process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin",
        "process_name": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin",
        "pid": 1512,
        "summary": {
            "file_created": [
                "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}\\000005E8.obs"
            ],
            "directory_created": [
                "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\",
                "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}"
            ],
            "dll_loaded": [
                "dwmapi.dll",
                "ADVAPI32.dll",
                "psapi.dll",
                "SHLWAPI.dll",
                "C:\\Windows\\system32\\uxtheme.dll"
            ],
            "file_failed": [
                "\\??\\VBoxGuest",
                "\\??\\SICE",
                "\\??\\NTICE",
                "C:\\Users\\cuck\\AppData\\Local\\Temp\\381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin.config",
                "\\??\\NTFIRE"
            ],
            "regkey_opened": [
                "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\Upgrades",
                "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
                "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\Upgrades",
                "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework\\Policy\\Standards",
                "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\Standards\\v4.0.30319",
                "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework",
                "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework\\Policy\\Upgrades",
                "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\",
                "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\Standards",
                "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\AppPatch",
                "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\Policy\\v2.0",
                "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\Standards"
            ],
            "file_exists": [
                "C:\\Windows\\System32\\mscoree.dll.local"
            ],
            "mutex": [
                "{87EE6C4F-6B0F0419-23A5F32C-A653477D}"
            ],
            "file_opened": [
                "C:\\Users\\cuck\\AppData\\Local\\Temp\\381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin"
            ],
            "file_read": [
                "C:\\Users\\cuck\\AppData\\Local\\Temp\\381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin"
            ],
            "regkey_read": [
                "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\RegisteredOwner",
                "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
                "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\InstallRoot",
                "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
                "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\CLRLoadLogDir",
                "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
                "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\OnlyUseLatestCLR"
            ],
            "directory_enumerated": [
                "C:\\Windows\\Microsoft.NET\\Framework\\Upgrades.2.0.50727\\mscoreei.dll",
                "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscoreei.dll",
                "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}\\*.obs",
                "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorwks.dll"
            ]
        },
        "first_seen": 1567057986.75,
        "ppid": 1564
    },
    {
        "process_path": "C:\\Windows\\System32\\lsass.exe",
        "process_name": "lsass.exe",
        "pid": 476,
        "summary": {},
        "first_seen": 1567057986.5469,
        "ppid": 376
    }
]

Signatures

[
    {
        "markcount": 1,
        "families": [],
        "description": "Queries for the computername",
        "severity": 1,
        "marks": [
            {
                "call": {
                    "category": "misc",
                    "status": 1,
                    "stacktrace": [],
                    "api": "GetComputerNameA",
                    "return_value": 1,
                    "arguments": {
                        "computer_name": "CUCKPC"
                    },
                    "time": 1567057986.922,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 299
            }
        ],
        "references": [],
        "name": "antivm_queries_computername"
    },
    {
        "markcount": 2,
        "families": [],
        "description": "Checks if process is being debugged by a debugger",
        "severity": 1,
        "marks": [
            {
                "call": {
                    "category": "system",
                    "status": 0,
                    "stacktrace": [],
                    "last_error": 0,
                    "nt_status": -1073741816,
                    "api": "IsDebuggerPresent",
                    "return_value": 0,
                    "arguments": {},
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 87
            },
            {
                "call": {
                    "category": "system",
                    "status": 0,
                    "stacktrace": [],
                    "last_error": 18,
                    "nt_status": -1073741772,
                    "api": "IsDebuggerPresent",
                    "return_value": 0,
                    "arguments": {},
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 257
            }
        ],
        "references": [],
        "name": "checks_debugger"
    },
    {
        "markcount": 1,
        "families": [],
        "description": "The executable contains unknown PE section names indicative of a packer (could be a false positive)",
        "severity": 1,
        "marks": [
            {
                "category": "section",
                "ioc": "",
                "type": "ioc",
                "description": null
            }
        ],
        "references": [],
        "name": "pe_features"
    },
    {
        "markcount": 54,
        "families": [],
        "description": "One or more processes crashed",
        "severity": 1,
        "marks": [
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "R\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
                        "registers": {
                            "esp": 1638272,
                            "edi": 0,
                            "eax": 0,
                            "ebp": 1638292,
                            "edx": 5148672,
                            "ebx": 4294828032,
                            "esi": 0,
                            "ecx": 0
                        },
                        "exception": {
                            "instruction_r": "8b 10 eb 04 dc b1 38 3a 64 8f 00 eb 01 0d 83 c4",
                            "symbol": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26+0xe905c",
                            "instruction": "mov edx, dword ptr [eax]",
                            "module": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin",
                            "exception_code": "0xc0000005",
                            "offset": 954460,
                            "address": "0x4e905c"
                        }
                    },
                    "time": 1567057986.859,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 0
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "R\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
                        "registers": {
                            "esp": 1638240,
                            "edi": 0,
                            "eax": 0,
                            "ebp": 1638292,
                            "edx": 0,
                            "ebx": 4294828032,
                            "esi": 0,
                            "ecx": 0
                        },
                        "exception": {
                            "instruction_r": "8b 00 eb 03 dd a4 7b 64 8f 00 eb 01 c1 83 c4 04",
                            "symbol": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26+0xea244",
                            "instruction": "mov eax, dword ptr [eax]",
                            "module": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin",
                            "exception_code": "0xc0000005",
                            "offset": 959044,
                            "address": "0x4ea244"
                        }
                    },
                    "time": 1567057986.859,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 1
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "",
                        "registers": {
                            "esp": 1638232,
                            "edi": 5243377,
                            "eax": 0,
                            "ebp": 4282126712,
                            "edx": 0,
                            "ebx": 5150328,
                            "esi": 5150328,
                            "ecx": 5243634
                        },
                        "exception": {
                            "instruction_r": "cd 01 40 40 eb 03 a2 24 ff 85 c0 73 05 03 2d db",
                            "symbol": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26+0x10028d",
                            "instruction": "int 1",
                            "module": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin",
                            "exception_code": "0xc0000005",
                            "offset": 1049229,
                            "address": "0x50028d"
                        }
                    },
                    "time": 1567057986.875,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 9
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "",
                        "registers": {
                            "esp": 1638240,
                            "edi": 5235197,
                            "eax": 0,
                            "ebp": 4282132466,
                            "edx": 0,
                            "ebx": 30539776,
                            "esi": 5150328,
                            "ecx": 877
                        },
                        "exception": {
                            "instruction_r": "89 0a eb 02 dc 77 e9 f0 fb ff ff eb 03 33 92 5b",
                            "symbol": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26+0xebc6d",
                            "instruction": "mov dword ptr [edx], ecx",
                            "module": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin",
                            "exception_code": "0xc0000005",
                            "offset": 965741,
                            "address": "0x4ebc6d"
                        }
                    },
                    "time": 1567057986.875,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 18
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "",
                        "registers": {
                            "esp": 1638240,
                            "edi": 31260672,
                            "eax": 3339275212,
                            "ebp": 4282132466,
                            "edx": 5237109,
                            "ebx": 30539776,
                            "esi": 31260856,
                            "ecx": 0
                        },
                        "exception": {
                            "instruction_r": "0f 0b eb 03 89 b4 0e 0f 0b eb 02 02 97 e9 bf 04",
                            "symbol": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26+0xeb833",
                            "instruction": "ud2",
                            "module": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin",
                            "exception_code": "0xc000001d",
                            "offset": 964659,
                            "address": "0x4eb833"
                        }
                    },
                    "time": 1567057986.875,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 20
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\nb\nd\n2\n7\n \n@\n \n0\nx\n4\ne\nb\nd\n2\n7",
                        "registers": {
                            "esp": 1637904,
                            "edi": 30543592,
                            "eax": 0,
                            "ebp": 1638220,
                            "edx": 5158672,
                            "ebx": 31260856,
                            "esi": 4282199045,
                            "ecx": 235
                        },
                        "exception": {
                            "instruction_r": "0f 0b eb 01 d2 0f 0b eb 01 f2 eb 02 3e 66 eb 03",
                            "instruction": "ud2",
                            "exception_code": "0xc000001d",
                            "symbol": "",
                            "address": "0x1dd0cea"
                        }
                    },
                    "time": 1567057986.875,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 29
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "R\nt\nl\nD\no\ns\nS\ne\na\nr\nc\nh\nP\na\nt\nh\n_\nU\ns\nt\nr\n+\n0\nx\na\nd\na\n \nR\nt\nl\nC\na\np\nt\nu\nr\ne\nC\no\nn\nt\ne\nx\nt\n-\n0\nx\n7\n2\n \nn\nt\nd\nl\nl\n+\n0\nx\n4\n6\na\nb\n9\n \n@\n \n0\nx\n7\n7\nb\nd\n6\na\nb\n9\n\n\nR\nt\nl\nD\no\ns\nS\ne\na\nr\nc\nh\nP\na\nt\nh\n_\nU\ns\nt\nr\n+\n0\nx\na\na\nc\n \nR\nt\nl\nC\na\np\nt\nu\nr\ne\nC\no\nn\nt\ne\nx\nt\n-\n0\nx\na\n0\n \nn\nt\nd\nl\nl\n+\n0\nx\n4\n6\na\n8\nb\n \n@\n \n0\nx\n7\n7\nb\nd\n6\na\n8\nb\n\n\nN\ne\nw\n_\nn\nt\nd\nl\nl\n_\nR\nt\nl\nD\ni\ns\np\na\nt\nc\nh\nE\nx\nc\ne\np\nt\ni\no\nn\n@\n8\n+\n0\nx\nf\n7\n \nN\ne\nw\n_\nn\nt\nd\nl\nl\n_\nR\nt\nl\nR\ne\nm\no\nv\ne\nV\ne\nc\nt\no\nr\ne\nd\nC\no\nn\nt\ni\nn\nu\ne\nH\na\nn\nd\nl\ne\nr\n@\n4\n-\n0\nx\n2\n3\n \n@\n \n0\nx\n6\n3\nd\ne\n4\na\n5\n9\n\n\nK\ni\nU\ns\ne\nr\nE\nx\nc\ne\np\nt\ni\no\nn\nD\ni\ns\np\na\nt\nc\nh\ne\nr\n+\n0\nx\nf\n \nK\ni\nR\na\ni\ns\ne\nU\ns\ne\nr\nE\nx\nc\ne\np\nt\ni\no\nn\nD\ni\ns\np\na\nt\nc\nh\ne\nr\n-\n0\nx\n4\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n1\n0\n1\n4\n3\n \n@\n \n0\nx\n7\n7\nb\na\n0\n1\n4\n3\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\nb\nd\n2\n7\n \n@\n \n0\nx\n4\ne\nb\nd\n2\n7",
                        "registers": {
                            "esp": 1636112,
                            "edi": 0,
                            "eax": 0,
                            "ebp": 1636128,
                            "edx": 5158672,
                            "ebx": 31264255,
                            "esi": 0,
                            "ecx": 1636780
                        },
                        "exception": {
                            "instruction_r": "f7 f0 eb 01 83 eb 03 23 84 3a eb 05 dd 96 cf fd",
                            "instruction": "div eax",
                            "exception_code": "0xc0000094",
                            "symbol": "",
                            "address": "0x1dd0e6b"
                        }
                    },
                    "time": 1567057986.875,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 30
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "0\nx\n1\nd\nd\n5\na\n5\n5\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\nb\nd\n2\n7\n \n@\n \n0\nx\n4\ne\nb\nd\n2\n7",
                        "registers": {
                            "esp": 1637880,
                            "edi": 30567976,
                            "eax": 1,
                            "ebp": 1637892,
                            "edx": 5158672,
                            "ebx": 31260856,
                            "esi": 4282199045,
                            "ecx": 2020557398
                        },
                        "exception": {
                            "instruction_r": "0f 3f 07 0b c7 45 fc ff ff ff ff 33 c0 33 d2 39",
                            "exception_code": "0xc000001d",
                            "symbol": "",
                            "address": "0x1dd5bc4"
                        }
                    },
                    "time": 1567057986.875,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 73
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\nb\nd\n2\n7\n \n@\n \n0\nx\n4\ne\nb\nd\n2\n7",
                        "registers": {
                            "esp": 1637904,
                            "edi": 30567976,
                            "eax": 0,
                            "ebp": 1638220,
                            "edx": 2,
                            "ebx": 31260856,
                            "esi": 4282199045,
                            "ecx": 4294823936
                        },
                        "exception": {
                            "instruction_r": "8b 00 90 90 f8 eb 01 65 73 48 eb 05 ea e9 8f 69",
                            "instruction": "mov eax, dword ptr [eax]",
                            "exception_code": "0xc0000005",
                            "symbol": "",
                            "address": "0x1dd5a7d"
                        }
                    },
                    "time": 1567057986.875,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 75
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\nb\nd\n2\n7\n \n@\n \n0\nx\n4\ne\nb\nd\n2\n7",
                        "registers": {
                            "esp": 1637904,
                            "edi": 30567976,
                            "eax": 0,
                            "ebp": 1638220,
                            "edx": 2,
                            "ebx": 31260856,
                            "esi": 4282199045,
                            "ecx": 4294823936
                        },
                        "exception": {
                            "instruction_r": "90 f8 eb 01 65 73 48 eb 05 ea e9 8f 69 62 eb 03",
                            "instruction": "nop",
                            "exception_code": "0x80000004",
                            "symbol": "",
                            "address": "0x1dd5a80"
                        }
                    },
                    "time": 1567057986.875,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 76
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\nb\nd\n2\n7\n \n@\n \n0\nx\n4\ne\nb\nd\n2\n7",
                        "registers": {
                            "esp": 1637900,
                            "edi": 30569668,
                            "eax": 0,
                            "ebp": 1638220,
                            "edx": 5158672,
                            "ebx": 31260856,
                            "esi": 1637900,
                            "ecx": 150
                        },
                        "exception": {
                            "instruction_r": "cc eb 01 8b 8b 83 20 02 00 00 eb 03 a3 64 2c c7",
                            "instruction": "int3",
                            "exception_code": "0x80000003",
                            "symbol": "",
                            "address": "0x1dd5ab3"
                        }
                    },
                    "time": 1567057986.875,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 78
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\nb\nd\n2\n7\n \n@\n \n0\nx\n4\ne\nb\nd\n2\n7",
                        "registers": {
                            "esp": 1637904,
                            "edi": 30570200,
                            "eax": 0,
                            "ebp": 1638220,
                            "edx": 31284153,
                            "ebx": 31260856,
                            "esi": 4282199045,
                            "ecx": 5158672
                        },
                        "exception": {
                            "instruction_r": "cd 01 40 40 eb 01 2b 85 c0 eb 05 82 cb 05 0e d5",
                            "instruction": "int 1",
                            "exception_code": "0xc0000005",
                            "symbol": "",
                            "address": "0x1dd5ac9"
                        }
                    },
                    "time": 1567057986.875,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 79
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "",
                        "registers": {
                            "esp": 1638240,
                            "edi": 30588896,
                            "eax": 92,
                            "ebp": 4282138865,
                            "edx": 5167569,
                            "ebx": 30539776,
                            "esi": 31260856,
                            "ecx": 0
                        },
                        "exception": {
                            "instruction_r": "0f 0b eb 03 a0 a8 70 0f 0b eb 03 63 9e 62 eb a1",
                            "symbol": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26+0xedea2",
                            "instruction": "ud2",
                            "module": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin",
                            "exception_code": "0xc000001d",
                            "offset": 974498,
                            "address": "0x4edea2"
                        }
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 135
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "",
                        "registers": {
                            "esp": 1638240,
                            "edi": 31029764,
                            "eax": 31029764,
                            "ebp": 4282138865,
                            "edx": 0,
                            "ebx": 30539776,
                            "esi": 31260856,
                            "ecx": 3351183360
                        },
                        "exception": {
                            "instruction_r": "89 0a eb 03 c1 a3 10 e9 8a fd ff ff eb 01 86 55",
                            "symbol": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26+0xedf2e",
                            "instruction": "mov dword ptr [edx], ecx",
                            "module": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin",
                            "exception_code": "0xc0000005",
                            "offset": 974638,
                            "address": "0x4edf2e"
                        }
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 139
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637904,
                            "edi": 31076140,
                            "eax": 0,
                            "ebp": 1638220,
                            "edx": 5158672,
                            "ebx": 31260856,
                            "esi": 4282199045,
                            "ecx": 235
                        },
                        "exception": {
                            "instruction_r": "0f 0b eb 01 d2 0f 0b eb 01 f2 eb 02 3e 66 eb 03",
                            "instruction": "ud2",
                            "exception_code": "0xc000001d",
                            "symbol": "",
                            "address": "0x1de47b2"
                        }
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 151
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "R\nt\nl\nD\no\ns\nS\ne\na\nr\nc\nh\nP\na\nt\nh\n_\nU\ns\nt\nr\n+\n0\nx\na\nd\na\n \nR\nt\nl\nC\na\np\nt\nu\nr\ne\nC\no\nn\nt\ne\nx\nt\n-\n0\nx\n7\n2\n \nn\nt\nd\nl\nl\n+\n0\nx\n4\n6\na\nb\n9\n \n@\n \n0\nx\n7\n7\nb\nd\n6\na\nb\n9\n\n\nR\nt\nl\nD\no\ns\nS\ne\na\nr\nc\nh\nP\na\nt\nh\n_\nU\ns\nt\nr\n+\n0\nx\na\na\nc\n \nR\nt\nl\nC\na\np\nt\nu\nr\ne\nC\no\nn\nt\ne\nx\nt\n-\n0\nx\na\n0\n \nn\nt\nd\nl\nl\n+\n0\nx\n4\n6\na\n8\nb\n \n@\n \n0\nx\n7\n7\nb\nd\n6\na\n8\nb\n\n\nN\ne\nw\n_\nn\nt\nd\nl\nl\n_\nR\nt\nl\nD\ni\ns\np\na\nt\nc\nh\nE\nx\nc\ne\np\nt\ni\no\nn\n@\n8\n+\n0\nx\nf\n7\n \nN\ne\nw\n_\nn\nt\nd\nl\nl\n_\nR\nt\nl\nR\ne\nm\no\nv\ne\nV\ne\nc\nt\no\nr\ne\nd\nC\no\nn\nt\ni\nn\nu\ne\nH\na\nn\nd\nl\ne\nr\n@\n4\n-\n0\nx\n2\n3\n \n@\n \n0\nx\n6\n3\nd\ne\n4\na\n5\n9\n\n\nK\ni\nU\ns\ne\nr\nE\nx\nc\ne\np\nt\ni\no\nn\nD\ni\ns\np\na\nt\nc\nh\ne\nr\n+\n0\nx\nf\n \nK\ni\nR\na\ni\ns\ne\nU\ns\ne\nr\nE\nx\nc\ne\np\nt\ni\no\nn\nD\ni\ns\np\na\nt\nc\nh\ne\nr\n-\n0\nx\n4\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n1\n0\n1\n4\n3\n \n@\n \n0\nx\n7\n7\nb\na\n0\n1\n4\n3\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1636112,
                            "edi": 0,
                            "eax": 0,
                            "ebp": 1636128,
                            "edx": 5158672,
                            "ebx": 31344839,
                            "esi": 0,
                            "ecx": 1636780
                        },
                        "exception": {
                            "instruction_r": "f7 f0 eb 01 83 eb 03 23 84 3a eb 05 dd 96 cf fd",
                            "instruction": "div eax",
                            "exception_code": "0xc0000094",
                            "symbol": "",
                            "address": "0x1de4933"
                        }
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 152
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637888,
                            "edi": 31260856,
                            "eax": 0,
                            "ebp": 1637916,
                            "edx": 1637908,
                            "ebx": 12144792,
                            "esi": 4282199045,
                            "ecx": 94
                        },
                        "exception": {
                            "instruction_r": "0f b7 53 06 eb 03 a9 b2 72 c1 e2 10 eb 01 83 66",
                            "instruction": "movzx edx, word ptr [ebx + 6]",
                            "exception_code": "0xc0000005",
                            "symbol": "",
                            "address": "0x1de4aed"
                        }
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 158
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637892,
                            "edi": 31079196,
                            "eax": 0,
                            "ebp": 1637916,
                            "edx": 5237109,
                            "ebx": 31260856,
                            "esi": 31345244,
                            "ecx": 1
                        },
                        "exception": {
                            "instruction_r": "0f 0b 0f 0b eb b6 eb 01 b4 eb 01 a2 33 d2 71 03",
                            "instruction": "ud2",
                            "exception_code": "0xc000001d",
                            "symbol": "",
                            "address": "0x1de4c36"
                        }
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 159
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637892,
                            "edi": 31079196,
                            "eax": 0,
                            "ebp": 1637916,
                            "edx": 5237109,
                            "ebx": 31260856,
                            "esi": 31345244,
                            "ecx": 0
                        },
                        "exception": {
                            "instruction_r": "0f 0b 0f 0b eb b6 eb 01 b4 eb 01 a2 33 d2 71 03",
                            "instruction": "ud2",
                            "exception_code": "0xc000001d",
                            "symbol": "",
                            "address": "0x1de4c36"
                        }
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 160
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637892,
                            "edi": 31079196,
                            "eax": 0,
                            "ebp": 1637916,
                            "edx": 5237109,
                            "ebx": 31260856,
                            "esi": 31345244,
                            "ecx": 1
                        },
                        "exception": {
                            "instruction_r": "8b c2 eb 03 bb 35 1f 55 8b 60 83 6c 24 20 05 8b",
                            "instruction": "mov eax, edx",
                            "exception_code": "0x80000004",
                            "symbol": "",
                            "address": "0x1de4cc3"
                        }
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 161
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637892,
                            "edi": 31079196,
                            "eax": 0,
                            "ebp": 1637916,
                            "edx": 5237109,
                            "ebx": 31260856,
                            "esi": 31345244,
                            "ecx": 0
                        },
                        "exception": {
                            "instruction_r": "8b c2 eb 03 bb 35 1f 55 8b 60 83 6c 24 20 05 8b",
                            "instruction": "mov eax, edx",
                            "exception_code": "0x80000004",
                            "symbol": "",
                            "address": "0x1de4cc3"
                        }
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 162
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637892,
                            "edi": 31079196,
                            "eax": 0,
                            "ebp": 1637916,
                            "edx": 5237109,
                            "ebx": 31260856,
                            "esi": 31345244,
                            "ecx": 1
                        },
                        "exception": {
                            "instruction_r": "8b c2 eb 03 bb 35 1f 55 8b 60 83 6c 24 20 05 8b",
                            "instruction": "mov eax, edx",
                            "exception_code": "0x80000004",
                            "symbol": "",
                            "address": "0x1de4cc3"
                        }
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 163
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637892,
                            "edi": 31079196,
                            "eax": 5237110,
                            "ebp": 1637916,
                            "edx": 5237109,
                            "ebx": 31260856,
                            "esi": 31345244,
                            "ecx": 0
                        },
                        "exception": {
                            "instruction_r": "cc eb 02 80 26 5e 5b 8b e5 5d c3 eb 04 03 bb ba",
                            "instruction": "int3",
                            "exception_code": "0x80000003",
                            "symbol": "",
                            "address": "0x1de4c09"
                        }
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 164
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637892,
                            "edi": 31079196,
                            "eax": 0,
                            "ebp": 1637916,
                            "edx": 5237109,
                            "ebx": 31260856,
                            "esi": 31345244,
                            "ecx": 1
                        },
                        "exception": {
                            "instruction_r": "8b c2 eb 03 bb 35 1f 55 8b 60 83 6c 24 20 05 8b",
                            "instruction": "mov eax, edx",
                            "exception_code": "0x80000004",
                            "symbol": "",
                            "address": "0x1de4cc3"
                        }
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 165
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637892,
                            "edi": 31079196,
                            "eax": 0,
                            "ebp": 1637916,
                            "edx": 5237109,
                            "ebx": 31260856,
                            "esi": 31345244,
                            "ecx": 0
                        },
                        "exception": {
                            "instruction_r": "8b c2 eb 03 bb 35 1f 55 8b 60 83 6c 24 20 05 8b",
                            "instruction": "mov eax, edx",
                            "exception_code": "0x80000004",
                            "symbol": "",
                            "address": "0x1de4cc3"
                        }
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 166
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "0\nx\n1\nd\ne\n4\na\nf\n5\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637880,
                            "edi": 31079968,
                            "eax": 1,
                            "ebp": 1637892,
                            "edx": 5158672,
                            "ebx": 31260856,
                            "esi": 4282199045,
                            "ecx": 2020557398
                        },
                        "exception": {
                            "instruction_r": "0f 3f 07 0b c7 45 fc ff ff ff ff 33 c0 33 d2 39",
                            "exception_code": "0xc000001d",
                            "symbol": "",
                            "address": "0x1de4c64"
                        }
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 167
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637904,
                            "edi": 31079968,
                            "eax": 0,
                            "ebp": 1638220,
                            "edx": 2,
                            "ebx": 31260856,
                            "esi": 4282199045,
                            "ecx": 4294823936
                        },
                        "exception": {
                            "instruction_r": "8b 00 90 90 f8 eb 01 65 73 48 eb 05 ea e9 8f 69",
                            "instruction": "mov eax, dword ptr [eax]",
                            "exception_code": "0xc0000005",
                            "symbol": "",
                            "address": "0x1de4b1d"
                        }
                    },
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 169
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637904,
                            "edi": 31079968,
                            "eax": 0,
                            "ebp": 1638220,
                            "edx": 2,
                            "ebx": 31260856,
                            "esi": 4282199045,
                            "ecx": 4294823936
                        },
                        "exception": {
                            "instruction_r": "90 f8 eb 01 65 73 48 eb 05 ea e9 8f 69 62 eb 03",
                            "instruction": "nop",
                            "exception_code": "0x80000004",
                            "symbol": "",
                            "address": "0x1de4b20"
                        }
                    },
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 170
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637904,
                            "edi": 31081108,
                            "eax": 17152,
                            "ebp": 1638220,
                            "edx": 5158672,
                            "ebx": 31260856,
                            "esi": 4282199045,
                            "ecx": 62
                        },
                        "exception": {
                            "instruction_r": "cd 68 eb 02 c1 4c 66 3d 86 f3 eb 04 ea 0d bf ea",
                            "instruction": "int 0x68",
                            "exception_code": "0xc0000005",
                            "symbol": "",
                            "address": "0x1de4ad0"
                        }
                    },
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 171
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637904,
                            "edi": 31086160,
                            "eax": 0,
                            "ebp": 1638220,
                            "edx": 31348637,
                            "ebx": 31260856,
                            "esi": 4282199045,
                            "ecx": 5158672
                        },
                        "exception": {
                            "instruction_r": "cd 01 40 40 eb 01 2b 85 c0 eb 05 82 cb 05 0e d5",
                            "instruction": "int 1",
                            "exception_code": "0xc0000005",
                            "symbol": "",
                            "address": "0x1de56ad"
                        }
                    },
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 176
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "",
                        "registers": {
                            "esp": 1637900,
                            "edi": 31091840,
                            "eax": 4,
                            "ebp": 1111705675,
                            "edx": 5158672,
                            "ebx": 31260856,
                            "esi": 4282199045,
                            "ecx": 0
                        },
                        "exception": {
                            "instruction_r": "cc eb 04 33 15 e8 cf 3c 04 eb 03 30 8e 94 75 49",
                            "instruction": "int3",
                            "exception_code": "0x80000003",
                            "symbol": "",
                            "address": "0x1de692b"
                        }
                    },
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 258
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637892,
                            "edi": 31092388,
                            "eax": 0,
                            "ebp": 1637916,
                            "edx": 5237109,
                            "ebx": 31260856,
                            "esi": 31353004,
                            "ecx": 0
                        },
                        "exception": {
                            "instruction_r": "cc eb 02 80 26 5e 5b 8b e5 5d c3 eb 04 03 bb ba",
                            "instruction": "int3",
                            "exception_code": "0x80000003",
                            "symbol": "",
                            "address": "0x1de6a59"
                        }
                    },
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 259
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637892,
                            "edi": 31092388,
                            "eax": 0,
                            "ebp": 1637916,
                            "edx": 5237109,
                            "ebx": 31260856,
                            "esi": 31353004,
                            "ecx": 1
                        },
                        "exception": {
                            "instruction_r": "8b c2 eb 03 bb 35 1f 55 8b 60 83 6c 24 20 05 8b",
                            "instruction": "mov eax, edx",
                            "exception_code": "0x80000004",
                            "symbol": "",
                            "address": "0x1de6b13"
                        }
                    },
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 260
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637892,
                            "edi": 31092388,
                            "eax": 0,
                            "ebp": 1637916,
                            "edx": 5237109,
                            "ebx": 31260856,
                            "esi": 31353004,
                            "ecx": 0
                        },
                        "exception": {
                            "instruction_r": "8b c2 eb 03 bb 35 1f 55 8b 60 83 6c 24 20 05 8b",
                            "instruction": "mov eax, edx",
                            "exception_code": "0x80000004",
                            "symbol": "",
                            "address": "0x1de6b13"
                        }
                    },
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 261
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637892,
                            "edi": 31092388,
                            "eax": 5237110,
                            "ebp": 1637916,
                            "edx": 5237109,
                            "ebx": 31260856,
                            "esi": 31353004,
                            "ecx": 1
                        },
                        "exception": {
                            "instruction_r": "cc eb 02 80 26 5e 5b 8b e5 5d c3 eb 04 03 bb ba",
                            "instruction": "int3",
                            "exception_code": "0x80000003",
                            "symbol": "",
                            "address": "0x1de6a59"
                        }
                    },
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 262
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637892,
                            "edi": 31092388,
                            "eax": 0,
                            "ebp": 1637916,
                            "edx": 5237109,
                            "ebx": 31260856,
                            "esi": 31353004,
                            "ecx": 0
                        },
                        "exception": {
                            "instruction_r": "cc eb 02 80 26 5e 5b 8b e5 5d c3 eb 04 03 bb ba",
                            "instruction": "int3",
                            "exception_code": "0x80000003",
                            "symbol": "",
                            "address": "0x1de6a59"
                        }
                    },
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 263
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637892,
                            "edi": 31092388,
                            "eax": 0,
                            "ebp": 1637916,
                            "edx": 0,
                            "ebx": 31260856,
                            "esi": 31353004,
                            "ecx": 1
                        },
                        "exception": {
                            "symbol": "",
                            "exception_code": "0xc0000005",
                            "address": "0x0"
                        }
                    },
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 264
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637892,
                            "edi": 31092388,
                            "eax": 5237110,
                            "ebp": 1637916,
                            "edx": 5237109,
                            "ebx": 31260856,
                            "esi": 31353004,
                            "ecx": 0
                        },
                        "exception": {
                            "instruction_r": "cc eb 02 80 26 5e 5b 8b e5 5d c3 eb 04 03 bb ba",
                            "instruction": "int3",
                            "exception_code": "0x80000003",
                            "symbol": "",
                            "address": "0x1de6a59"
                        }
                    },
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 265
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "0\nx\n1\nd\ne\n6\n8\nb\n4\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637552,
                            "edi": 31096864,
                            "eax": 0,
                            "ebp": 1637904,
                            "edx": 31318796,
                            "ebx": 31260856,
                            "esi": 31318796,
                            "ecx": 31260856
                        },
                        "exception": {
                            "instruction_r": "f7 f0 eb 03 9a 1e 07 eb 16 eb 02 35 5b eb 02 0f",
                            "instruction": "div eax",
                            "exception_code": "0xc0000094",
                            "symbol": "",
                            "address": "0x1dde3b5"
                        }
                    },
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 275
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "0\nx\n1\nd\ne\n6\n9\na\na\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637528,
                            "edi": 31353268,
                            "eax": 0,
                            "ebp": 1637884,
                            "edx": 1637600,
                            "ebx": 31260856,
                            "esi": 31321790,
                            "ecx": 31260856
                        },
                        "exception": {
                            "instruction_r": "0f 0b 0f 0b eb 04 82 64 19 05 eb 01 28 f7 f0 eb",
                            "instruction": "ud2",
                            "exception_code": "0xc000001d",
                            "symbol": "",
                            "address": "0x1ddef51"
                        }
                    },
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 277
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "0\nx\n1\nd\ne\n7\n2\n8\nc\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637552,
                            "edi": 31099416,
                            "eax": 0,
                            "ebp": 1637904,
                            "edx": 31318796,
                            "ebx": 31260856,
                            "esi": 31318796,
                            "ecx": 31260856
                        },
                        "exception": {
                            "instruction_r": "f7 f0 eb 03 9a 1e 07 eb 16 eb 02 35 5b eb 02 0f",
                            "instruction": "div eax",
                            "exception_code": "0xc0000094",
                            "symbol": "",
                            "address": "0x1dde3b5"
                        }
                    },
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 278
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "0\nx\n1\nd\ne\n7\nd\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637540,
                            "edi": 31099416,
                            "eax": 0,
                            "ebp": 1637892,
                            "edx": 31318796,
                            "ebx": 31260856,
                            "esi": 31318796,
                            "ecx": 31260856
                        },
                        "exception": {
                            "instruction_r": "f7 f0 eb 03 9a 1e 07 eb 16 eb 02 35 5b eb 02 0f",
                            "instruction": "div eax",
                            "exception_code": "0xc0000094",
                            "symbol": "",
                            "address": "0x1dde3b5"
                        }
                    },
                    "time": 1567057986.906,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 282
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "0\nx\n1\nd\ne\n8\n0\n5\n3\n\n\n0\nx\n1\nd\ne\n7\n8\n4\nd\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637128,
                            "edi": 31099416,
                            "eax": 0,
                            "ebp": 1637484,
                            "edx": 1637508,
                            "ebx": 31260856,
                            "esi": 31321790,
                            "ecx": 31260856
                        },
                        "exception": {
                            "instruction_r": "0f 0b 0f 0b eb 04 82 64 19 05 eb 01 28 f7 f0 eb",
                            "instruction": "ud2",
                            "exception_code": "0xc000001d",
                            "symbol": "",
                            "address": "0x1ddef51"
                        }
                    },
                    "time": 1567057986.922,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 284
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "0\nx\n1\nd\ne\nb\nd\nf\n8\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637532,
                            "edi": 31099416,
                            "eax": 0,
                            "ebp": 1637884,
                            "edx": 31318796,
                            "ebx": 31260856,
                            "esi": 31318796,
                            "ecx": 31260856
                        },
                        "exception": {
                            "instruction_r": "f7 f0 eb 03 9a 1e 07 eb 16 eb 02 35 5b eb 02 0f",
                            "instruction": "div eax",
                            "exception_code": "0xc0000094",
                            "symbol": "",
                            "address": "0x1dde3b5"
                        }
                    },
                    "time": 1567057986.922,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 285
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "0\nx\n1\nd\ne\nc\na\nd\na\n\n\n0\nx\n1\nd\ne\n7\n8\nf\nc\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637412,
                            "edi": 31099416,
                            "eax": 0,
                            "ebp": 1637768,
                            "edx": 4294967295,
                            "ebx": 31260856,
                            "esi": 31321790,
                            "ecx": 31260856
                        },
                        "exception": {
                            "instruction_r": "f7 f0 eb 02 2b 99 eb 06 eb 04 81 a5 9b 38 eb 03",
                            "instruction": "div eax",
                            "exception_code": "0xc0000094",
                            "symbol": "",
                            "address": "0x1ddef5e"
                        }
                    },
                    "time": 1567057986.922,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 287
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "0\nx\n1\nd\ne\n7\n9\n4\n5\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637540,
                            "edi": 31099416,
                            "eax": 0,
                            "ebp": 1637896,
                            "edx": 2902880718,
                            "ebx": 31260856,
                            "esi": 31321790,
                            "ecx": 31260856
                        },
                        "exception": {
                            "instruction_r": "0f 0b 0f 0b eb 04 82 64 19 05 eb 01 28 f7 f0 eb",
                            "instruction": "ud2",
                            "exception_code": "0xc000001d",
                            "symbol": "",
                            "address": "0x1ddef51"
                        }
                    },
                    "time": 1567057986.922,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 288
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "0\nx\n1\nd\ne\n9\n1\n6\n3\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1637244,
                            "edi": 5144772,
                            "eax": 0,
                            "ebp": 1637596,
                            "edx": 31318796,
                            "ebx": 31260856,
                            "esi": 31318796,
                            "ecx": 31260856
                        },
                        "exception": {
                            "instruction_r": "f7 f0 eb 03 9a 1e 07 eb 16 eb 02 35 5b eb 02 0f",
                            "instruction": "div eax",
                            "exception_code": "0xc0000094",
                            "symbol": "",
                            "address": "0x1dde3b5"
                        }
                    },
                    "time": 1567057986.922,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 303
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "0\nx\n1\nd\ne\n9\n8\nd\na\n\n\n0\nx\n1\nd\ne\ne\n6\ne\n5\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1636964,
                            "edi": 5144772,
                            "eax": 0,
                            "ebp": 1637316,
                            "edx": 31318796,
                            "ebx": 31260856,
                            "esi": 31318796,
                            "ecx": 31260856
                        },
                        "exception": {
                            "instruction_r": "f7 f0 eb 03 9a 1e 07 eb 16 eb 02 35 5b eb 02 0f",
                            "instruction": "div eax",
                            "exception_code": "0xc0000094",
                            "symbol": "",
                            "address": "0x1dde3b5"
                        }
                    },
                    "time": 1567057986.922,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 305
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "0\nx\n1\nd\nd\nf\na\nc\n4\n\n\n0\nx\n1\nd\ne\n9\n1\n7\nd\n\n\n0\nx\n1\nd\ne\ne\n6\ne\n5\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1636932,
                            "edi": 5144772,
                            "eax": 0,
                            "ebp": 1637284,
                            "edx": 31318796,
                            "ebx": 31260856,
                            "esi": 31318796,
                            "ecx": 31260856
                        },
                        "exception": {
                            "instruction_r": "f7 f0 eb 03 9a 1e 07 eb 16 eb 02 35 5b eb 02 0f",
                            "instruction": "div eax",
                            "exception_code": "0xc0000094",
                            "symbol": "",
                            "address": "0x1dde3b5"
                        }
                    },
                    "time": 1567057986.922,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 309
            },
            {
                "call": {
                    "category": "__notification__",
                    "status": 1,
                    "stacktrace": [],
                    "raw": [
                        "stacktrace"
                    ],
                    "api": "__exception__",
                    "return_value": 0,
                    "arguments": {
                        "stacktrace": "0\nx\n1\nd\nd\nf\nb\na\n8\n\n\n0\nx\n1\nd\ne\n9\n9\n4\n1\n\n\n0\nx\n1\nd\ne\n9\n1\n7\nd\n\n\n0\nx\n1\nd\ne\ne\n6\ne\n5\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\n1\n0\n2\n7\n5\n0\n \n@\n \n0\nx\n5\n0\n2\n7\n5\n0\n\n\n3\n8\n1\nf\nf\n8\n0\n4\n2\n6\n7\nb\n9\n5\n4\n2\n7\n2\n0\nf\n5\nd\n5\nf\n7\n6\nf\nb\n7\n1\nd\n1\n6\n0\n4\n2\nb\n4\n1\n8\nb\nf\n9\n4\n4\n9\n8\n0\n6\na\nb\nd\n3\n3\nf\nf\n0\n6\n5\nb\n5\nb\n2\n6\n+\n0\nx\ne\ne\nf\na\n8\n \n@\n \n0\nx\n4\ne\ne\nf\na\n8",
                        "registers": {
                            "esp": 1636920,
                            "edi": 5144772,
                            "eax": 0,
                            "ebp": 1637276,
                            "edx": 0,
                            "ebx": 14834580,
                            "esi": 31321790,
                            "ecx": 31260856
                        },
                        "exception": {
                            "instruction_r": "0f 0b 0f 0b eb 04 82 64 19 05 eb 01 28 f7 f0 eb",
                            "instruction": "ud2",
                            "exception_code": "0xc000001d",
                            "symbol": "",
                            "address": "0x1ddef51"
                        }
                    },
                    "time": 1567057986.922,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 311
            }
        ],
        "references": [],
        "name": "raises_exception"
    },
    {
        "markcount": 12,
        "families": [],
        "description": "Allocates read-write-execute memory (usually to unpack itself)",
        "severity": 2,
        "marks": [
            {
                "call": {
                    "category": "process",
                    "status": 1,
                    "stacktrace": [],
                    "api": "NtAllocateVirtualMemory",
                    "return_value": 0,
                    "arguments": {
                        "process_identifier": 1512,
                        "region_size": 593920,
                        "stack_dep_bypass": 0,
                        "stack_pivoted": 0,
                        "heap_dep_bypass": 0,
                        "protection": 64,
                        "process_handle": "0xffffffff",
                        "allocation_type": 12288,
                        "base_address": "0x01d20000"
                    },
                    "time": 1567057986.875,
                    "tid": 2732,
                    "flags": {
                        "protection": "PAGE_EXECUTE_READWRITE",
                        "allocation_type": "MEM_COMMIT|MEM_RESERVE"
                    }
                },
                "pid": 1512,
                "type": "call",
                "cid": 13
            },
            {
                "call": {
                    "category": "process",
                    "status": 1,
                    "stacktrace": [],
                    "api": "NtAllocateVirtualMemory",
                    "return_value": 0,
                    "arguments": {
                        "process_identifier": 1512,
                        "region_size": 278528,
                        "stack_dep_bypass": 0,
                        "stack_pivoted": 0,
                        "heap_dep_bypass": 0,
                        "protection": 64,
                        "process_handle": "0xffffffff",
                        "allocation_type": 12288,
                        "base_address": "0x01dd0000"
                    },
                    "time": 1567057986.875,
                    "tid": 2732,
                    "flags": {
                        "protection": "PAGE_EXECUTE_READWRITE",
                        "allocation_type": "MEM_COMMIT|MEM_RESERVE"
                    }
                },
                "pid": 1512,
                "type": "call",
                "cid": 19
            },
            {
                "call": {
                    "category": "process",
                    "status": 1,
                    "stacktrace": [],
                    "api": "NtProtectVirtualMemory",
                    "return_value": 0,
                    "arguments": {
                        "process_identifier": 1512,
                        "stack_dep_bypass": 0,
                        "stack_pivoted": 0,
                        "heap_dep_bypass": 0,
                        "length": 262144,
                        "protection": 64,
                        "process_handle": "0xffffffff",
                        "base_address": "0x75181000"
                    },
                    "time": 1567057986.875,
                    "tid": 2732,
                    "flags": {
                        "protection": "PAGE_EXECUTE_READWRITE"
                    }
                },
                "pid": 1512,
                "type": "call",
                "cid": 58
            },
            {
                "call": {
                    "category": "process",
                    "status": 1,
                    "stacktrace": [],
                    "api": "NtProtectVirtualMemory",
                    "return_value": 0,
                    "arguments": {
                        "process_identifier": 1512,
                        "stack_dep_bypass": 0,
                        "stack_pivoted": 0,
                        "heap_dep_bypass": 0,
                        "length": 4096,
                        "protection": 64,
                        "process_handle": "0xffffffff",
                        "base_address": "0x77ba0000"
                    },
                    "time": 1567057986.875,
                    "tid": 2732,
                    "flags": {
                        "protection": "PAGE_EXECUTE_READWRITE"
                    }
                },
                "pid": 1512,
                "type": "call",
                "cid": 66
            },
            {
                "call": {
                    "category": "process",
                    "status": 1,
                    "stacktrace": [],
                    "api": "NtProtectVirtualMemory",
                    "return_value": 0,
                    "arguments": {
                        "process_identifier": 1512,
                        "stack_dep_bypass": 0,
                        "stack_pivoted": 0,
                        "heap_dep_bypass": 0,
                        "length": 442368,
                        "protection": 64,
                        "process_handle": "0xffffffff",
                        "base_address": "0x00402000"
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {
                        "protection": "PAGE_EXECUTE_READWRITE"
                    }
                },
                "pid": 1512,
                "type": "call",
                "cid": 137
            },
            {
                "call": {
                    "category": "process",
                    "status": 1,
                    "stacktrace": [],
                    "api": "NtProtectVirtualMemory",
                    "return_value": 0,
                    "arguments": {
                        "process_identifier": 1512,
                        "stack_dep_bypass": 0,
                        "stack_pivoted": 0,
                        "heap_dep_bypass": 0,
                        "length": 442368,
                        "protection": 64,
                        "process_handle": "0xffffffff",
                        "base_address": "0x00402000"
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {
                        "protection": "PAGE_EXECUTE_READWRITE"
                    }
                },
                "pid": 1512,
                "type": "call",
                "cid": 138
            },
            {
                "call": {
                    "category": "process",
                    "status": 1,
                    "stacktrace": [],
                    "api": "NtProtectVirtualMemory",
                    "return_value": 0,
                    "arguments": {
                        "process_identifier": 1512,
                        "stack_dep_bypass": 0,
                        "stack_pivoted": 0,
                        "heap_dep_bypass": 0,
                        "length": 4096,
                        "protection": 64,
                        "process_handle": "0xffffffff",
                        "base_address": "0x00402000"
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {
                        "protection": "PAGE_EXECUTE_READWRITE"
                    }
                },
                "pid": 1512,
                "type": "call",
                "cid": 146
            },
            {
                "call": {
                    "category": "process",
                    "status": 1,
                    "stacktrace": [],
                    "api": "NtAllocateVirtualMemory",
                    "return_value": 0,
                    "arguments": {
                        "process_identifier": 1512,
                        "region_size": 4096,
                        "stack_dep_bypass": 0,
                        "stack_pivoted": 0,
                        "heap_dep_bypass": 0,
                        "protection": 64,
                        "process_handle": "0xffffffff",
                        "allocation_type": 12288,
                        "base_address": "0x01f30000"
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {
                        "protection": "PAGE_EXECUTE_READWRITE",
                        "allocation_type": "MEM_COMMIT|MEM_RESERVE"
                    }
                },
                "pid": 1512,
                "type": "call",
                "cid": 150
            },
            {
                "call": {
                    "category": "process",
                    "status": 1,
                    "stacktrace": [],
                    "api": "NtProtectVirtualMemory",
                    "return_value": 0,
                    "arguments": {
                        "process_identifier": 1512,
                        "stack_dep_bypass": 0,
                        "stack_pivoted": 0,
                        "heap_dep_bypass": 0,
                        "length": 331776,
                        "protection": 64,
                        "process_handle": "0xffffffff",
                        "base_address": "0x77571000"
                    },
                    "time": 1567057986.922,
                    "tid": 2732,
                    "flags": {
                        "protection": "PAGE_EXECUTE_READWRITE"
                    }
                },
                "pid": 1512,
                "type": "call",
                "cid": 378
            },
            {
                "call": {
                    "category": "process",
                    "status": 1,
                    "stacktrace": [],
                    "api": "NtProtectVirtualMemory",
                    "return_value": 0,
                    "arguments": {
                        "process_identifier": 1512,
                        "stack_dep_bypass": 0,
                        "stack_pivoted": 0,
                        "heap_dep_bypass": 0,
                        "length": 299008,
                        "protection": 64,
                        "process_handle": "0xffffffff",
                        "base_address": "0x76310000"
                    },
                    "time": 1567057986.922,
                    "tid": 2732,
                    "flags": {
                        "protection": "PAGE_EXECUTE_READWRITE"
                    }
                },
                "pid": 1512,
                "type": "call",
                "cid": 382
            },
            {
                "call": {
                    "category": "process",
                    "status": 1,
                    "stacktrace": [],
                    "api": "NtProtectVirtualMemory",
                    "return_value": 0,
                    "arguments": {
                        "process_identifier": 1512,
                        "stack_dep_bypass": 0,
                        "stack_pivoted": 0,
                        "heap_dep_bypass": 0,
                        "length": 651264,
                        "protection": 64,
                        "process_handle": "0xffffffff",
                        "base_address": "0x76531000"
                    },
                    "time": 1567057986.922,
                    "tid": 2732,
                    "flags": {
                        "protection": "PAGE_EXECUTE_READWRITE"
                    }
                },
                "pid": 1512,
                "type": "call",
                "cid": 391
            },
            {
                "call": {
                    "category": "process",
                    "status": 1,
                    "stacktrace": [],
                    "api": "NtProtectVirtualMemory",
                    "return_value": 0,
                    "arguments": {
                        "process_identifier": 1512,
                        "stack_dep_bypass": 0,
                        "stack_pivoted": 0,
                        "heap_dep_bypass": 0,
                        "length": 258048,
                        "protection": 64,
                        "process_handle": "0xffffffff",
                        "base_address": "0x75db1000"
                    },
                    "time": 1567057986.922,
                    "tid": 2732,
                    "flags": {
                        "protection": "PAGE_EXECUTE_READWRITE"
                    }
                },
                "pid": 1512,
                "type": "call",
                "cid": 397
            }
        ],
        "references": [],
        "name": "allocates_rwx"
    },
    {
        "markcount": 2,
        "families": [],
        "description": "Creates hidden or system file",
        "severity": 2,
        "marks": [
            {
                "call": {
                    "category": "file",
                    "status": 1,
                    "stacktrace": [],
                    "api": "SetFileAttributesW",
                    "return_value": 1,
                    "arguments": {
                        "file_attributes": 2,
                        "filepath_r": "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}",
                        "filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}"
                    },
                    "time": 1567057986.922,
                    "tid": 2732,
                    "flags": {
                        "file_attributes": "FILE_ATTRIBUTE_HIDDEN"
                    }
                },
                "pid": 1512,
                "type": "call",
                "cid": 294
            },
            {
                "call": {
                    "category": "file",
                    "status": 1,
                    "stacktrace": [],
                    "api": "NtCreateFile",
                    "return_value": 0,
                    "arguments": {
                        "create_disposition": 5,
                        "file_handle": "0x0000011c",
                        "filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}\\000005E8.obs",
                        "desired_access": "0xc0110080",
                        "file_attributes": 2,
                        "filepath_r": "\\??\\C:\\Users\\cuck\\AppData\\Roaming\\Obsidium\\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}\\000005E8.obs",
                        "create_options": 4192,
                        "status_info": 2,
                        "share_access": 0
                    },
                    "time": 1567057986.922,
                    "tid": 2732,
                    "flags": {
                        "create_disposition": "FILE_OVERWRITE_IF",
                        "desired_access": "FILE_READ_ATTRIBUTES|DELETE|SYNCHRONIZE|GENERIC_WRITE",
                        "create_options": "FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_DELETE_ON_CLOSE",
                        "file_attributes": "FILE_ATTRIBUTE_HIDDEN",
                        "status_info": "FILE_CREATED",
                        "share_access": ""
                    }
                },
                "pid": 1512,
                "type": "call",
                "cid": 296
            }
        ],
        "references": [],
        "name": "creates_hidden_file"
    },
    {
        "markcount": 1,
        "families": [],
        "description": "Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)",
        "severity": 2,
        "marks": [
            {
                "call": {
                    "category": "process",
                    "status": 1,
                    "stacktrace": [],
                    "api": "NtProtectVirtualMemory",
                    "return_value": 0,
                    "arguments": {
                        "process_identifier": 1512,
                        "stack_dep_bypass": 0,
                        "stack_pivoted": 0,
                        "heap_dep_bypass": 1,
                        "length": 4096,
                        "protection": 32,
                        "process_handle": "0xffffffff",
                        "base_address": "0x01e30000"
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {
                        "protection": "PAGE_EXECUTE_READ"
                    }
                },
                "pid": 1512,
                "type": "call",
                "cid": 149
            }
        ],
        "references": [],
        "name": "protection_rx"
    },
    {
        "markcount": 3,
        "families": [],
        "description": "The binary likely contains encrypted or compressed data indicative of a packer",
        "severity": 2,
        "marks": [
            {
                "entropy": 6.9836991716041,
                "section": {
                    "size_of_data": "0x0003b1c4",
                    "virtual_address": "0x000ad000",
                    "entropy": 6.9836991716041,
                    "name": ".rsrc",
                    "virtual_size": "0x0003b1c4"
                },
                "type": "generic",
                "description": "A section with a high entropy has been found"
            },
            {
                "entropy": 7.9971440267011,
                "section": {
                    "size_of_data": "0x00019e59",
                    "virtual_address": "0x000e9000",
                    "entropy": 7.9971440267011,
                    "name": "",
                    "virtual_size": "0x0001a000"
                },
                "type": "generic",
                "description": "A section with a high entropy has been found"
            },
            {
                "entropy": 0.99853169334186,
                "type": "generic",
                "description": "Overall entropy of this PE file is high"
            }
        ],
        "references": [
            "http:\/\/www.forensickb.com\/2013\/03\/file-entropy-explained.html",
            "http:\/\/virii.es\/U\/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf"
        ],
        "name": "packer_entropy"
    },
    {
        "markcount": 1,
        "families": [],
        "description": "Expresses interest in specific running processes",
        "severity": 2,
        "marks": [
            {
                "category": "process",
                "ioc": "381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26.bin",
                "type": "ioc",
                "description": null
            }
        ],
        "references": [],
        "name": "process_interest"
    },
    {
        "markcount": 2,
        "families": [],
        "description": "Checks for the presence of known devices from debuggers and forensic tools",
        "severity": 3,
        "marks": [
            {
                "category": "file",
                "ioc": "\\??\\SICE",
                "type": "ioc",
                "description": null
            },
            {
                "category": "file",
                "ioc": "\\??\\NTICE",
                "type": "ioc",
                "description": null
            }
        ],
        "references": [],
        "name": "antidbg_devices"
    },
    {
        "markcount": 3,
        "families": [],
        "description": "Checks for the presence of known windows from debuggers and forensic tools",
        "severity": 3,
        "marks": [
            {
                "call": {
                    "category": "ui",
                    "status": 0,
                    "stacktrace": [],
                    "last_error": 0,
                    "nt_status": -1073741772,
                    "api": "FindWindowW",
                    "return_value": 0,
                    "arguments": {
                        "class_name": "WinDbgFrameClass",
                        "window_name": ""
                    },
                    "time": 1567057986.875,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 25
            },
            {
                "call": {
                    "category": "ui",
                    "status": 0,
                    "stacktrace": [],
                    "last_error": 0,
                    "nt_status": -1073741772,
                    "api": "FindWindowW",
                    "return_value": 0,
                    "arguments": {
                        "class_name": "OLLYDBG",
                        "window_name": ""
                    },
                    "time": 1567057986.875,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 27
            },
            {
                "call": {
                    "category": "ui",
                    "status": 1,
                    "stacktrace": [],
                    "api": "FindWindowExW",
                    "return_value": 1639142,
                    "arguments": {
                        "class_name": "OLLYDBG",
                        "parent_hwnd": "0x00000000",
                        "child_after_hwnd": "0x00000000",
                        "window_name": "OllyDBg"
                    },
                    "time": 1567057986.89,
                    "tid": 2732,
                    "flags": {}
                },
                "pid": 1512,
                "type": "call",
                "cid": 112
            }
        ],
        "references": [],
        "name": "antidbg_windows"
    },
    {
        "markcount": 1,
        "families": [],
        "description": "Detects VirtualBox through the presence of a device",
        "severity": 3,
        "marks": [
            {
                "category": "file",
                "ioc": "\\??\\VBoxGuest",
                "type": "ioc",
                "description": null
            }
        ],
        "references": [],
        "name": "antivm_vbox_devices"
    }
]

Yara

The Yara rules did not detect anything in the file.

Network

{
    "tls": [],
    "udp": [
        {
            "src": "192.168.56.101",
            "dst": "192.168.56.255",
            "offset": 546,
            "time": 3.0789890289307,
            "dport": 137,
            "sport": 137
        },
        {
            "src": "192.168.56.101",
            "dst": "224.0.0.252",
            "offset": 3346,
            "time": 3.0361969470978,
            "dport": 5355,
            "sport": 51001
        },
        {
            "src": "192.168.56.101",
            "dst": "224.0.0.252",
            "offset": 3674,
            "time": 1.0161118507385,
            "dport": 5355,
            "sport": 53595
        },
        {
            "src": "192.168.56.101",
            "dst": "224.0.0.252",
            "offset": 4002,
            "time": 3.0474109649658,
            "dport": 5355,
            "sport": 53848
        },
        {
            "src": "192.168.56.101",
            "dst": "224.0.0.252",
            "offset": 4330,
            "time": 1.653284072876,
            "dport": 5355,
            "sport": 54255
        },
        {
            "src": "192.168.56.101",
            "dst": "224.0.0.252",
            "offset": 4658,
            "time": -0.091340065002441,
            "dport": 5355,
            "sport": 55314
        },
        {
            "src": "192.168.56.101",
            "dst": "239.255.255.250",
            "offset": 4986,
            "time": 1.0807118415833,
            "dport": 1900,
            "sport": 1900
        },
        {
            "src": "192.168.56.101",
            "dst": "239.255.255.250",
            "offset": 12604,
            "time": 1.046660900116,
            "dport": 3702,
            "sport": 49152
        },
        {
            "src": "192.168.56.101",
            "dst": "239.255.255.250",
            "offset": 16796,
            "time": 3.1246619224548,
            "dport": 1900,
            "sport": 53598
        }
    ],
    "dns_servers": [],
    "http": [],
    "icmp": [],
    "smtp": [],
    "tcp": [],
    "smtp_ex": [],
    "mitm": [],
    "hosts": [],
    "pcap_sha256": "a35f66c213cca721bd9ffcff86704f3dba9a29dc803b10bae5ee8f440be21287",
    "dns": [],
    "http_ex": [],
    "domains": [],
    "dead_hosts": [],
    "sorted_pcap_sha256": "172ecb0696026be728785d4a09ad657de4c51ad8ec498bdbb15ad2fc5a500aa9",
    "irc": [],
    "https_ex": []
}

Screenshots

Screenshot from the sandbox

WinZip_Keygen.myegy.exe removal instructions

The instructions below shows how to remove WinZip_Keygen.myegy.exe with help from the FreeFixer removal tool. Basically, you install FreeFixer, scan your computer, check the WinZip_Keygen.myegy.exe file for removal, restart your computer and scan it again to verify that WinZip_Keygen.myegy.exe has been successfully removed. Here are the removal instructions in more detail:

  1. Download and install FreeFixer: http://www.freefixer.com/download.html
  2. Start FreeFixer and press the Start Scan button. The scan will finish in approximately five minutes.
    Screenshot of Start Scan button
  3. When the scan is finished, locate WinZip_Keygen.myegy.exe in the scan result and tick the checkbox next to the WinZip_Keygen.myegy.exe file. Do not check any other file for removal unless you are 100% sure you want to delete it. Tip: Press CTRL-F to open up FreeFixer's search dialog to quickly locate WinZip_Keygen.myegy.exe in the scan result.
    Red arrow point on the unwanted file
    c:\downloads\WinZip_Keygen.myegy.exe
  4. Scroll down to the bottom of the scan result and press the Fix button. FreeFixer will now delete the WinZip_Keygen.myegy.exe file.
    Screenshot of Fix button
  5. Restart your computer.
  6. Start FreeFixer and scan your computer again. If WinZip_Keygen.myegy.exe still remains in the scan result, proceed with the next step. If WinZip_Keygen.myegy.exe is gone from the scan result you're done.
  7. If WinZip_Keygen.myegy.exe still remains in the scan result, check its checkbox again in the scan result and click Fix.
  8. Restart your computer.
  9. Start FreeFixer and scan your computer again. Verify that WinZip_Keygen.myegy.exe no longer appear in the scan result.
Please select the option that best describe your thoughts on the removal instructions given above








Free Questionnaires

Hashes [?]

PropertyValue
MD5db73fbb0648aa054a6dd0e3979c77f04
SHA256381ff804267b9542720f5d5f76fb71d16042b418bf9449806abd33ff065b5b26

Error Messages

These are some of the error messages that can appear related to winzip_keygen.myegy.exe:

winzip_keygen.myegy.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

winzip_keygen.myegy.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.

Winzip_Keygen_By_DeltaFoX/TeamURET has stopped working.

End Program - winzip_keygen.myegy.exe. This program is not responding.

winzip_keygen.myegy.exe is not a valid Win32 application.

winzip_keygen.myegy.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.

What will you do with the file?

To help other users, please let us know what you will do with the file:



Comments

Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.

I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.

No comments posted yet.

Leave a reply