Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 18, 2023, 10:57 a.m.	Dec. 18, 2023, 11:01 a.m.

Size	6.5MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3b84b8056e5652cc5a3492f1e3b6da38`
SHA256	`9a11c6867b4dea79fabc9bb9a8508e926ed7f5707cc49ae926aa62c5f1768771`
CRC32	`676BE72C`
ssdeep	`196608:X+q0KId5KbC7exGV4I5gl8i2iTVDIntwG7fs/XF:OqFIjOG/5glHV0twvt`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format

tuc2.exe "C:\Users\test22\AppData\Local\Temp\tuc2.exe"
1028
- tuc2.tmp "C:\Users\test22\AppData\Local\Temp\is-C4EVP.tmp\tuc2.tmp" /SL5="$30028,6510835,54272,C:\Users\test22\AppData\Local\Temp\tuc2.exe"
  2064
  - kphonelib.exe "C:\Program Files (x86)\KPhoneLib\kphonelib.exe" -i
    2200
  - net.exe "C:\Windows\system32\net.exe" helpmsg 17
    2164
    - net1.exe C:\Windows\system32\net1 helpmsg 17
      2276
  - kphonelib.exe "C:\Program Files (x86)\KPhoneLib\kphonelib.exe" -s
    2444

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Dec. 18, 2023, 10:57 a.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Dec. 18, 2023, 10:57 a.m.			0	0

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Dec. 18, 2023, 10:57 a.m.	buffer: The system cannot move the file to a different disk drive. console_handle: 0x00000007	1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	CODE
section	DATA
section	BSS

One or more processes crashed (50 out of 131073 events)

Time & API	Arguments	Status
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: tuc2+0x3db3a @ 0x43db3a tuc2+0x3cf4b @ 0x43cf4b tuc2+0x932f2 @ 0x4932f2 tuc2+0x7f324 @ 0x47f324 tuc2+0x97216 @ 0x497216 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: f7 37 89 06 e9 dd 07 00 00 8b 06 33 d2 8a 17 8b exception.symbol: tuc2+0x3ae2f exception.instruction: div dword ptr [edi] exception.module: tuc2.tmp exception.exception_code: 0xc0000094 exception.offset: 241199 exception.address: 0x43ae2f registers.esp: 1637776 registers.edi: 31316164 registers.eax: 20513842 registers.ebp: 1637856 registers.edx: 0 registers.ebx: 1 registers.esi: 31316156 registers.ecx: 31316164	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x203412 @ 0x603412 kphonelib+0x14d258 @ 0x54d258 kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638056 registers.edi: 5035240 registers.eax: 1971253248 registers.ebp: 1638096 registers.edx: 7601 registers.ebx: 2130567168 registers.esi: 1971253248 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x203412 @ 0x603412 kphonelib+0x14d258 @ 0x54d258 kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638056 registers.edi: 5035240 registers.eax: 1971249152 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971249152 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x203412 @ 0x603412 kphonelib+0x14d258 @ 0x54d258 kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638056 registers.edi: 5035240 registers.eax: 1971245056 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971245056 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x203412 @ 0x603412 kphonelib+0x14d258 @ 0x54d258 kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638056 registers.edi: 5035240 registers.eax: 1971240960 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971240960 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x203412 @ 0x603412 kphonelib+0x14d258 @ 0x54d258 kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638056 registers.edi: 5035240 registers.eax: 1971236864 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971236864 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x203412 @ 0x603412 kphonelib+0x14d258 @ 0x54d258 kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638056 registers.edi: 5035240 registers.eax: 1971232768 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971232768 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x203412 @ 0x603412 kphonelib+0x14d258 @ 0x54d258 kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638056 registers.edi: 5035240 registers.eax: 1971228672 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971228672 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x203412 @ 0x603412 kphonelib+0x14d258 @ 0x54d258 kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638056 registers.edi: 5035240 registers.eax: 1971224576 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971224576 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x203412 @ 0x603412 kphonelib+0x14d258 @ 0x54d258 kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638056 registers.edi: 5035240 registers.eax: 1971220480 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971220480 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x203412 @ 0x603412 kphonelib+0x14d258 @ 0x54d258 kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638056 registers.edi: 5035240 registers.eax: 1971216384 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971216384 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x203412 @ 0x603412 kphonelib+0x14d258 @ 0x54d258 kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638056 registers.edi: 5035240 registers.eax: 1971212288 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971212288 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x203412 @ 0x603412 kphonelib+0x14d258 @ 0x54d258 kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638056 registers.edi: 5035240 registers.eax: 1971208192 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971208192 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x203412 @ 0x603412 kphonelib+0x14d258 @ 0x54d258 kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638056 registers.edi: 5035240 registers.eax: 1971204096 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971204096 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x203412 @ 0x603412 kphonelib+0x14d258 @ 0x54d258 kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638056 registers.edi: 5035240 registers.eax: 1971200000 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971200000 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x203412 @ 0x603412 kphonelib+0x14d258 @ 0x54d258 kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638056 registers.edi: 5035240 registers.eax: 1971195904 registers.ebp: 1638096 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971195904 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184549376 registers.ebp: 1638072 registers.edx: 3343547436 registers.ebx: 2093322916 registers.esi: 184549376 registers.ecx: 2005598752	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184553472 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184553472 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184557568 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184557568 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184561664 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184561664 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184565760 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184565760 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184569856 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184569856 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184573952 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184573952 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184578048 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184578048 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184582144 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184582144 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184586240 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184586240 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184590336 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184590336 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184594432 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184594432 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184598528 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184598528 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184602624 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184602624 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184606720 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184606720 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184610816 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184610816 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184614912 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184614912 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184619008 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184619008 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184623104 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184623104 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184627200 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184627200 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184631296 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184631296 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184635392 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184635392 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184639488 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184639488 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184643584 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184643584 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184647680 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184647680 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184651776 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184651776 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184655872 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184655872 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184659968 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184659968 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184664064 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184664064 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184668160 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184668160 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184672256 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184672256 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184676352 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184676352 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184680448 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184680448 registers.ecx: 1638264	1
__exception__ Dec. 18, 2023, 10:57 a.m.	stacktrace: kphonelib+0x227993 @ 0x627993 kphonelib+0x22e7ea @ 0x62e7ea kphonelib+0x103f7b @ 0x503f7b kphonelib+0xc3288 @ 0x4c3288 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 51 54 59 81 c1 04 00 00 00 81 exception.symbol: kphonelib+0xf48c8 exception.instruction: push dword ptr [eax] exception.module: kphonelib.exe exception.exception_code: 0xc0000005 exception.offset: 1001672 exception.address: 0x4f48c8 registers.esp: 1638032 registers.edi: 74098 registers.eax: 184684544 registers.ebp: 1638072 registers.edx: 0 registers.ebx: 2093322916 registers.esi: 184684544 registers.ecx: 1638264	1

Allocates read-write-execute memory (usually to unpack itself) (4 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Dec. 18, 2023, 10:57 a.m.	process_identifier: 1028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 18, 2023, 10:57 a.m.	process_identifier: 1028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 40960 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 18, 2023, 10:57 a.m.	process_identifier: 1028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 20480 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040f000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 10:57 a.m.	process_identifier: 2064 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00350000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Creates executable files on the filesystem (4 events)

file	C:\Users\test22\AppData\Local\Temp\is-69REC.tmp\_isetup\_iscrypt.dll
file	C:\Program Files (x86)\KPhoneLib\kphonelib.exe
file	C:\Users\test22\AppData\Local\Temp\is-69REC.tmp\_isetup\_shfoldr.dll
file	C:\Users\test22\AppData\Local\Temp\is-69REC.tmp\_isetup\_isdecmp.dll

Drops an executable to the user AppData folder (5 events)

file	C:\Users\test22\AppData\Local\Temp\is-69REC.tmp\_isetup\_shfoldr.dll
file	C:\Users\test22\AppData\Local\Temp\is-C4EVP.tmp\tuc2.tmp
file	C:\Users\test22\AppData\Local\Temp\is-69REC.tmp\_isetup\_iscrypt.dll
file	C:\Users\test22\AppData\Local\Temp\is-69REC.tmp\_isetup\_isdecmp.dll
file	C:\Users\test22\AppData\Local\Temp\is-69REC.tmp\_isetup\_RegDLL.tmp

Queries for potentially installed applications (4 events)

Time & API	Arguments	Return
RegOpenKeyExA Dec. 18, 2023, 10:57 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\KPhoneLib_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\KPhoneLib_is1	2
RegOpenKeyExA Dec. 18, 2023, 10:57 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\KPhoneLib_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\KPhoneLib_is1	2
RegOpenKeyExA Dec. 18, 2023, 10:57 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\KPhoneLib_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\KPhoneLib_is1	2
RegOpenKeyExA Dec. 18, 2023, 10:57 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\KPhoneLib_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\KPhoneLib_is1	2

Uses Windows utilities for basic Windows functionality (1 event)

cmdline

"C:\Windows\system32\net.exe" helpmsg 17

File has been identified by 13 AntiVirus engines on VirusTotal as malicious (13 events)

Malwarebytes	Malware.AI.1919569286
CrowdStrike	win/grayware_confidence_60% (D)
ESET-NOD32	a variant of Win32/TrojanDropper.Agent.SLC
Cynet	Malicious (score: 99)
Kaspersky	VHO:Trojan.Win32.Ekstak.gen
F-Secure	Heuristic.HEUR/AGEN.1332570
Jiangmin	Trojan.Ekstak.cils
Avira	HEUR/AGEN.1332570
Kingsoft	malware.kb.a.802
Microsoft	Program:Win32/Wacapew.C!ml
ZoneAlarm	VHO:Trojan.Win32.Ekstak.gen
Ikarus	Trojan-Dropper.Win32.Agent
Fortinet	W32/Agent.SLC!tr

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Dec. 18, 2023, 10:57 a.m.	tid: 2204 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

tuc2.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All