Cuckoo Sandbox

File b74ed680f0ede6f0d9d864481aee4f7e12137f25a4ad071524a2ef7e9a61a7ba.exe

Summary
Download Resubmit sample Download yara

Size	4.6MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, InnoSetup self-extracting archive
MD5	`6ff9dd6d1cc447f96c3d71692602f862`
SHA1	`ffe0b0ff1226f4c92e2f5cf4786884c1aa805ec9`
SHA256	`b74ed680f0ede6f0d9d864481aee4f7e12137f25a4ad071524a2ef7e9a61a7ba`
SHA512	`78f03801e1ef4f1774d3314c70aa4c2b68cc1198df70680a6141f0846bc5c2b24de4769f6494d5af620e80ce6958874ba300381d43128350eead4fb9aa2bc203`
CRC32	`BBD060C6`
ssdeep	`None`
Yara	escalate_priv - Escalade priviledges win_registry - Affect system registries win_token - Affect system token win_files_operation - Affect private profile

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Sept. 16, 2025, 6:51 a.m.	Sept. 16, 2025, 6:58 a.m.	455 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-09-16 06:41:12,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpqnr2dk
2025-09-16 06:41:12,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\SwlZpbvxRvRaxuWrzy
2025-09-16 06:41:12,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\MArZFVoXwYmnYuziClSqiihbOHbueq
2025-09-16 06:41:12,233 [analyzer] DEBUG: Started auxiliary module Curtain
2025-09-16 06:41:12,233 [analyzer] DEBUG: Started auxiliary module DbgView
2025-09-16 06:41:12,625 [analyzer] DEBUG: Started auxiliary module Disguise
2025-09-16 06:41:12,842 [analyzer] DEBUG: Loaded monitor into process with pid 504
2025-09-16 06:41:12,842 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-09-16 06:41:12,842 [analyzer] DEBUG: Started auxiliary module Human
2025-09-16 06:41:12,842 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-09-16 06:41:12,842 [analyzer] DEBUG: Started auxiliary module Reboot
2025-09-16 06:41:12,921 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-09-16 06:41:12,921 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-09-16 06:41:12,921 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-09-16 06:41:12,921 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-09-16 06:41:13,125 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\b74ed680f0ede6f0d9d864481aee4f7e12137f25a4ad071524a2ef7e9a61a7ba.exe' with arguments '' and pid 2768
2025-09-16 06:41:13,437 [analyzer] DEBUG: Loaded monitor into process with pid 2768
2025-09-16 06:41:13,765 [analyzer] INFO: Added new file to list with pid 2768 and path C:\Users\Administrator\AppData\Local\Temp\is-LOH8V.tmp\is-8CHHA.tmp
2025-09-16 06:41:13,875 [analyzer] INFO: Injected into process with pid 2652 and name u'is-8CHHA.tmp'
2025-09-16 06:41:14,078 [analyzer] DEBUG: Loaded monitor into process with pid 2652
2025-09-16 06:41:14,155 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\Temp\is-NM2HJ.tmp\_isetup\_setup64.tmp
2025-09-16 06:41:14,171 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\Temp\is-NM2HJ.tmp\_isetup\_shfoldr.dll
2025-09-16 06:41:14,171 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\Temp\is-NM2HJ.tmp\_iscrypt.dll
2025-09-16 06:41:15,342 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\is-GJM33.tmp
2025-09-16 06:41:15,375 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-VG9FT.tmp
2025-09-16 06:41:15,390 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-07AQ7.tmp
2025-09-16 06:41:15,467 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-1KR13.tmp
2025-09-16 06:41:15,500 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-EN43M.tmp
2025-09-16 06:41:15,515 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-A4HHS.tmp
2025-09-16 06:41:15,546 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-AQSV2.tmp
2025-09-16 06:41:15,562 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-MP706.tmp
2025-09-16 06:41:15,592 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-10M25.tmp
2025-09-16 06:41:15,625 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-PPPP9.tmp
2025-09-16 06:41:15,640 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-BFEF4.tmp
2025-09-16 06:41:15,655 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-OU87K.tmp
2025-09-16 06:41:15,671 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-N8CQ9.tmp
2025-09-16 06:41:15,703 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-LRUGT.tmp
2025-09-16 06:41:15,780 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-Q3508.tmp
2025-09-16 06:41:15,812 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-N8J44.tmp
2025-09-16 06:41:15,842 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-AA6BQ.tmp
2025-09-16 06:41:15,858 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-KEDNF.tmp
2025-09-16 06:41:15,875 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-TTUC3.tmp
2025-09-16 06:41:15,921 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-9HKMF.tmp
2025-09-16 06:41:15,967 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-ATRQF.tmp
2025-09-16 06:41:16,000 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-23SVO.tmp
2025-09-16 06:41:16,015 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-A7UGG.tmp
2025-09-16 06:41:16,030 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-DNOJC.tmp
2025-09-16 06:41:16,046 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-R7VE0.tmp
2025-09-16 06:41:16,171 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-VIVGG.tmp
2025-09-16 06:41:16,187 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-8GTF4.tmp
2025-09-16 06:41:16,233 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-93F3J.tmp
2025-09-16 06:41:16,250 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-QJQI6.tmp
2025-09-16 06:41:16,280 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-QNS4D.tmp
2025-09-16 06:41:16,312 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\lessmsi\is-BOLDP.tmp
2025-09-16 06:41:16,405 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-MHJ3T.tmp
2025-09-16 06:41:16,437 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-J6BMP.tmp
2025-09-16 06:41:16,483 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-GJ3AA.tmp
2025-09-16 06:41:16,500 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-G8GM7.tmp
2025-09-16 06:41:16,530 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\plugins\internal\is-JIG52.tmp
2025-09-16 06:41:16,546 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\plugins\internal\is-0Q4FG.tmp
2025-09-16 06:41:16,562 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-DL54T.tmp
2025-09-16 06:41:16,592 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-JDNM5.tmp
2025-09-16 06:41:16,640 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-5E8BP.tmp
2025-09-16 06:41:16,733 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\bin\x86\is-GK7K3.tmp
2025-09-16 06:41:16,750 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\stuff\is-A77AU.tmp
2025-09-16 06:41:16,765 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\stuff\is-N4UVC.tmp
2025-09-16 06:41:16,765 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\stuff\is-NTQGR.tmp
2025-09-16 06:41:16,780 [analyzer] INFO: Error dumping file from path "C:\Users\Administrator\AppData\Local\IMAP test plugin\stuff\date.txt": [Errno 13] Permission denied: u'C:\\Users\\Administrator\\AppData\\Local\\IMAP test plugin\\stuff\\date.txt'
2025-09-16 06:41:16,780 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\stuff\is-1270B.tmp
2025-09-16 06:41:16,796 [analyzer] INFO: Error dumping file from path "C:\Users\Administrator\AppData\Local\IMAP test plugin\stuff\tagsreplace.txt": [Errno 13] Permission denied: u'C:\\Users\\Administrator\\AppData\\Local\\IMAP test plugin\\stuff\\tagsreplace.txt'
2025-09-16 06:41:16,812 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\is-80R76.tmp
2025-09-16 06:41:17,092 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\IMAP test plugin\unins000.dat
2025-09-16 06:41:17,233 [analyzer] INFO: Injected into process with pid 2416 and name u'imaptestplugin.exe'
2025-09-16 06:41:17,467 [analyzer] DEBUG: Loaded monitor into process with pid 2416
2025-09-16 05:55:47,953 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-09-16 05:55:48,141 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 2768.
2025-09-16 05:55:48,219 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 2652.
2025-09-16 05:55:48,296 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 2416.
2025-09-16 05:55:48,796 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-09-16 05:55:48,796 [lib.api.process] INFO: Successfully terminated process with pid 2768.
2025-09-16 05:55:48,796 [lib.api.process] INFO: Successfully terminated process with pid 2652.
2025-09-16 05:55:48,796 [lib.api.process] INFO: Successfully terminated process with pid 2416.
2025-09-16 05:55:51,484 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-09-16 06:51:20,625 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:21,646 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:22,768 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:25,013 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:26,938 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:28,229 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:29,536 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:30,585 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:32,737 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:34,424 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:35,513 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:36,609 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:38,073 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:39,385 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:41,004 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:42,101 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:43,204 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:44,858 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:45,966 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:47,062 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:48,625 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:50,262 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:51,309 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:52,371 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:53,458 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:54,507 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:55,598 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:56,642 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:51:57,699 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:00,490 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:01,616 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:02,740 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:03,819 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:04,859 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:05,878 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:06,903 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:07,962 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:09,016 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:11,427 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:12,705 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:13,846 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:14,974 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:16,109 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:17,204 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:18,583 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:19,646 [cuckoo.core.scheduler] DEBUG: Task #6972837: no machine available yet
2025-09-16 06:52:20,693 [cuckoo.core.scheduler] INFO: Task #6972837: acquired machine win7x6415 (label=win7x6415)
2025-09-16 06:52:20,694 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.215 for task #6972837
2025-09-16 06:52:21,789 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 423017 (interface=vboxnet0, host=192.168.168.215)
2025-09-16 06:52:25,167 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6415
2025-09-16 06:52:33,297 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6415 to vmcloak
2025-09-16 06:54:59,080 [cuckoo.core.guest] INFO: Starting analysis #6972837 on guest (id=win7x6415, ip=192.168.168.215)
2025-09-16 06:55:00,122 [cuckoo.core.guest] DEBUG: win7x6415: not ready yet
2025-09-16 06:55:05,350 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6415, ip=192.168.168.215)
2025-09-16 06:55:13,241 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6415, ip=192.168.168.215, monitor=latest, size=6660546)
2025-09-16 06:55:18,341 [cuckoo.core.resultserver] DEBUG: Task #6972837: live log analysis.log initialized.
2025-09-16 06:55:18,875 [cuckoo.core.resultserver] DEBUG: Task #6972837 is sending a BSON stream
2025-09-16 06:55:19,551 [cuckoo.core.resultserver] DEBUG: Task #6972837 is sending a BSON stream
2025-09-16 06:55:19,879 [cuckoo.core.resultserver] DEBUG: Task #6972837 is sending a BSON stream
2025-09-16 06:55:19,890 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'shots/0001.jpg'
2025-09-16 06:55:19,933 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 133463
2025-09-16 06:55:23,205 [cuckoo.core.resultserver] DEBUG: Task #6972837 is sending a BSON stream
2025-09-16 06:55:34,640 [cuckoo.core.guest] DEBUG: win7x6415: analysis #6972837 still processing
2025-09-16 06:55:48,728 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'curtain/1757994948.44.curtain.log'
2025-09-16 06:55:48,754 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 36
2025-09-16 06:55:48,761 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'sysmon/1757994948.61.sysmon.xml'
2025-09-16 06:55:48,840 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 1448708
2025-09-16 06:55:48,902 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/08d2876741f4fd5e__setup64.tmp'
2025-09-16 06:55:48,912 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 4608
2025-09-16 06:55:48,916 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/3030e22f4a854e11_bassmix.dll'
2025-09-16 06:55:48,925 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 19008
2025-09-16 06:55:48,931 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/2e7e5e01fa3d18a2_is-8chha.tmp'
2025-09-16 06:55:48,970 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 657408
2025-09-16 06:55:48,977 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/9e35c8e29ca055ce_tagsreplace.txt'
2025-09-16 06:55:48,988 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 1825
2025-09-16 06:55:48,998 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/665d47597146ddaa_lame_enc.dll'
2025-09-16 06:55:49,104 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 967168
2025-09-16 06:55:49,120 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/452eee1e4ef2fe2e_basswv.dll'
2025-09-16 06:55:49,129 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 35588
2025-09-16 06:55:49,140 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/dfd55d0ddd1a7d08_daiso.dll'
2025-09-16 06:55:49,192 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 197646
2025-09-16 06:55:49,202 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/d6b4754bb67bdd08_copying'
2025-09-16 06:55:49,210 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 1059
2025-09-16 06:55:49,218 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/124f210c04c12d8c_pcm2dsd.exe'
2025-09-16 06:55:49,229 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 22542
2025-09-16 06:55:49,233 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/43a9928d6604bf60_libwebp.dll'
2025-09-16 06:55:49,261 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 394752
2025-09-16 06:55:49,789 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/7ae79f834a4b875a_libflac_dynamic.dll'
2025-09-16 06:55:50,071 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 512014
2025-09-16 06:55:50,090 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/edde733a8d2ca65c_bass_ofr.dll'
2025-09-16 06:55:50,115 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 5960
2025-09-16 06:55:50,127 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/b9d5317e10e49aa9_mp3gain.exe'
2025-09-16 06:55:50,181 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 123406
2025-09-16 06:55:50,192 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/8c58bc6c89772d0c_bassmidi.dll'
2025-09-16 06:55:50,208 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 36416
2025-09-16 06:55:50,215 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/b0b56f11549ce55b_ff_helper.dll'
2025-09-16 06:55:50,232 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 62478
2025-09-16 06:55:50,244 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/1580cbf293c8624d_unins000.exe'
2025-09-16 06:55:50,862 [cuckoo.core.guest] DEBUG: win7x6415: analysis #6972837 still processing
2025-09-16 06:55:50,881 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 667914
2025-09-16 06:55:50,919 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/9884e9d1b4f8a873__shfoldr.dll'
2025-09-16 06:55:50,937 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 23312
2025-09-16 06:55:50,944 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/4824a06b819cbe49_bass_fx.dll'
2025-09-16 06:55:50,954 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 34392
2025-09-16 06:55:50,963 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/6b980cadc3e7047c_d_writer.dll'
2025-09-16 06:55:50,971 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 16910
2025-09-16 06:55:50,982 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/7acd537f3be069c7_peak_scanner_plugin_c.dll'
2025-09-16 06:55:50,994 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 15374
2025-09-16 06:55:51,004 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/30bc10bd6e5b2db1_takdec.exe'
2025-09-16 06:55:51,111 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 772608
2025-09-16 06:55:51,125 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/f266dba7b23321bf_bass_tta.dll'
2025-09-16 06:55:51,149 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 7910
2025-09-16 06:55:51,163 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/e487be357a4ed45a_imaptestplugin.exe'
2025-09-16 06:55:51,361 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 2125780
2025-09-16 06:55:51,402 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/7ec9ee07bfd67150_tak_deco_lib.dll'
2025-09-16 06:55:51,426 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 112640
2025-09-16 06:55:51,436 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/d2074b91a63219cf_optimfrog.dll'
2025-09-16 06:55:51,459 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 214016
2025-09-16 06:55:51,465 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/b5942e8096c95118_da.dll'
2025-09-16 06:55:51,474 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 15374
2025-09-16 06:55:51,481 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/2581a6bca6f4b307_rg_ebur128.dll'
2025-09-16 06:55:51,488 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 43520
2025-09-16 06:55:51,499 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/2f6294f9aa09f59a__iscrypt.dll'
2025-09-16 06:55:51,506 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 2560
2025-09-16 06:55:51,513 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/6bad60df9a560fb7_dstt.dll'
2025-09-16 06:55:51,536 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 115712
2025-09-16 06:55:51,541 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/bab8d388ea3af1aa_dsd2pcmt.dll'
2025-09-16 06:55:51,576 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 197120
2025-09-16 06:55:51,592 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/e0234af5f71592c4_bassflac.dll'
2025-09-16 06:55:51,606 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 36752
2025-09-16 06:55:51,618 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/04ab613c895b3504_basscd.dll'
2025-09-16 06:55:51,628 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 18966
2025-09-16 06:55:51,636 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/0afe688b6fca94c6_bassopus.dll'
2025-09-16 06:55:51,659 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 68876
2025-09-16 06:55:51,664 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/9b5a8b323d2d1209_basswma.dll'
2025-09-16 06:55:51,677 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 17472
2025-09-16 06:55:51,706 [cuckoo.core.resultserver] DEBUG: Task #6972837 had connection reset for <Context for LOG>
2025-09-16 06:55:51,741 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/38a75f86db58eb8d_wavpackdll.dll'
2025-09-16 06:55:51,760 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 258560
2025-09-16 06:55:51,773 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/59cbfba941d3ac02_7z.exe'
2025-09-16 06:55:51,821 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 337408
2025-09-16 06:55:51,838 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/dfacc2f208ebf6d6_date.txt'
2025-09-16 06:55:51,857 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 1716
2025-09-16 06:55:51,863 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/6c6fba6846d7fbc9_unins000.dat'
2025-09-16 06:55:51,879 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 7813
2025-09-16 06:55:51,883 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/a87aa800f996902f_libsoxr.dll'
2025-09-16 06:55:51,902 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 227328
2025-09-16 06:55:51,915 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/2f9a9dfd0c0b0cfa_lessmsi-v1.6.91.zip'
2025-09-16 06:55:51,944 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 506871
2025-09-16 06:55:51,957 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/7ac8a8d5679c96d1_dsd2.dll'
2025-09-16 06:55:51,968 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 31936
2025-09-16 06:55:51,974 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/b634ab5640e25856_copying.lgplv2.1'
2025-09-16 06:55:51,982 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 26526
2025-09-16 06:55:51,990 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/cc0b53969670c727_sd.dll'
2025-09-16 06:55:52,028 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 240654
2025-09-16 06:55:52,036 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/e0e11a058c4b0add_gain_analysis.dll'
2025-09-16 06:55:52,049 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 26126
2025-09-16 06:55:52,057 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/d2e374df7122c067_utils.dll'
2025-09-16 06:55:52,076 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 13838
2025-09-16 06:55:52,081 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/de1a9dd251e29718_libwinpthread-1.dll'
2025-09-16 06:55:52,106 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 68042
2025-09-16 06:55:52,114 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/b6e2fa50e0be3191_libdtsdec.dll'
2025-09-16 06:55:52,151 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 126478
2025-09-16 06:55:52,176 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/2a64047f9b9b07f6_raw_decode_plugin_c.dll'
2025-09-16 06:55:52,219 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 25614
2025-09-16 06:55:52,231 [cuckoo.core.resultserver] DEBUG: Task #6972837: File upload for 'files/574595b5fd6223e4_uchardet.dll'
2025-09-16 06:55:52,343 [cuckoo.core.resultserver] DEBUG: Task #6972837 uploaded file length: 294926
2025-09-16 06:55:53,899 [cuckoo.core.guest] INFO: win7x6415: analysis completed successfully
2025-09-16 06:55:53,922 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-09-16 06:55:53,953 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-09-16 06:55:56,523 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6415 to path /srv/cuckoo/cwd/storage/analyses/6972837/memory.dmp
2025-09-16 06:55:56,541 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6415
2025-09-16 06:58:54,444 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.215 for task #6972837
2025-09-16 06:58:55,008 [cuckoo.core.scheduler] DEBUG: Released database task #6972837
2025-09-16 06:58:55,036 [cuckoo.core.scheduler] INFO: Task #6972837: analysis procedure completed

Signatures

Yara rules detected for file (4 events)

description	Escalade priviledges	rule	escalate_priv
description	Affect system registries	rule	win_registry
description	Affect system token	rule	win_token
description	Affect private profile	rule	win_files_operation

Allocates read-write-execute memory (usually to unpack itself) (6 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 16, 2025, 7:41 a.m.	process_identifier: 2768 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 16, 2025, 7:41 a.m.	process_identifier: 2768 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 36864 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 16, 2025, 7:41 a.m.	process_identifier: 2768 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 401408 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040e000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 16, 2025, 7:41 a.m.	process_identifier: 2652 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 16, 2025, 7:41 a.m.	process_identifier: 2652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 16, 2025, 7:41 a.m.	process_identifier: 2416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73871000 process_handle: 0xffffffff	1

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Sept. 16, 2025, 7:41 a.m.	computer_name: JAKANSMU	1	1	0

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 16, 2025, 7:41 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 16, 2025, 7:41 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	CODE
section	DATA
section	BSS

One or more processes crashed (50 out of 63136 events)

Time & API	Arguments	Status
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: is-8chha+0x40672 @ 0x440672 is-8chha+0x424b7 @ 0x4424b7 is-8chha+0x47b24 @ 0x447b24 is-8chha+0x3da85 @ 0x43da85 is-8chha+0x3c9bb @ 0x43c9bb is-8chha+0x874cc @ 0x4874cc is-8chha+0x750c4 @ 0x4750c4 is-8chha+0x8b184 @ 0x48b184 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: 8b 06 c7 45 fc fe ff ff ff 85 db 0f 85 97 34 00 exception.symbol: WNetCloseEnum+0x14 WNetOpenEnumW-0x11c mpr+0x2dea exception.instruction: mov eax, dword ptr [esi] exception.module: mpr.dll exception.exception_code: 0xc0000005 exception.offset: 11754 exception.address: 0x74282dea registers.esp: 1637616 registers.edi: 32281180 registers.eax: 1637644 registers.ebp: 1637660 registers.edx: 44 registers.ebx: 0 registers.esi: 44 registers.ecx: 0	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: is-8chha+0x3d5aa @ 0x43d5aa is-8chha+0x3c9bb @ 0x43c9bb is-8chha+0x874cc @ 0x4874cc is-8chha+0x750c4 @ 0x4750c4 is-8chha+0x8b184 @ 0x48b184 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: f7 37 89 06 e9 dd 07 00 00 8b 06 33 d2 8a 17 8b exception.symbol: is-8chha+0x3a89f exception.instruction: div dword ptr [edi] exception.module: is-8CHHA.tmp exception.exception_code: 0xc0000094 exception.offset: 239775 exception.address: 0x43a89f registers.esp: 1637788 registers.edi: 32276656 registers.eax: 30199838 registers.ebp: 1637868 registers.edx: 0 registers.ebx: 1 registers.esi: 32276648 registers.ecx: 32276656	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134217728 registers.ebp: 1638056 registers.edx: 35 registers.ebx: 0 registers.esi: 134217728 registers.ecx: 2005139984	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134221824 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134221824 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134225920 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134225920 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134230016 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134230016 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134234112 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134234112 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134238208 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134238208 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134242304 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134242304 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134246400 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134246400 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134250496 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134250496 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134254592 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134254592 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134258688 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134258688 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134262784 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134262784 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134266880 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134266880 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134270976 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134270976 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134275072 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134275072 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134279168 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134279168 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134283264 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134283264 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134287360 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134287360 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134291456 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134291456 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134295552 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134295552 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134299648 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134299648 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134303744 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134303744 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134307840 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134307840 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134311936 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134311936 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134316032 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134316032 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134320128 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134320128 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134324224 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134324224 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134328320 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134328320 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134332416 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134332416 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134336512 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134336512 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134340608 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134340608 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134344704 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134344704 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134348800 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134348800 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134352896 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134352896 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134356992 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134356992 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134361088 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134361088 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134365184 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134365184 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134369280 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134369280 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134373376 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134373376 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134377472 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134377472 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134381568 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134381568 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134385664 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134385664 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134389760 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134389760 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134393856 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134393856 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134397952 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134397952 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134402048 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134402048 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134406144 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134406144 registers.ecx: 1638264	1
__exception__ Sept. 16, 2025, 7:41 a.m.	stacktrace: imaptestplugin+0x1b37d9 @ 0x5b37d9 imaptestplugin+0x1de817 @ 0x5de817 imaptestplugin+0x1e7143 @ 0x5e7143 imaptestplugin+0xb355a @ 0x4b355a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76f133aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77869f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77869f45 exception.instruction_r: ff 30 ff 34 24 8b 04 24 83 c4 04 50 89 e0 05 04 exception.symbol: imaptestplugin+0x1ec6d8 exception.instruction: push dword ptr [eax] exception.module: imaptestplugin.exe exception.exception_code: 0xc0000005 exception.offset: 2016984 exception.address: 0x5ec6d8 registers.esp: 1638016 registers.edi: 4369 registers.eax: 134410240 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134410240 registers.ecx: 1638264	1

Creates executable files on the filesystem (3 events)

file	C:\Users\Administrator\AppData\Local\IMAP test plugin\imaptestplugin.exe
file	C:\Users\Administrator\AppData\Local\Temp\is-NM2HJ.tmp\_iscrypt.dll
file	C:\Users\Administrator\AppData\Local\Temp\is-NM2HJ.tmp\_isetup\_shfoldr.dll

Queries for potentially installed applications (4 events)

Time & API	Arguments	Return
RegOpenKeyExA Sept. 16, 2025, 7:41 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IMAP test plugin_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMAP test plugin_is1	2
RegOpenKeyExA Sept. 16, 2025, 7:41 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IMAP test plugin_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMAP test plugin_is1	2
RegOpenKeyExA Sept. 16, 2025, 7:41 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IMAP test plugin_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMAP test plugin_is1	2
RegOpenKeyExA Sept. 16, 2025, 7:41 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IMAP test plugin_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMAP test plugin_is1	2

File has been identified by 10 AntiVirus engine on IRMA as malicious (10 events)

G Data Antivirus (Windows)	Virus: Trojan.GenericKD.76050086 (Engine A)
C4S ClamAV (Linux)	Win.Malware.Munp-10033702-0
eScan Antivirus (Linux)	Trojan.GenericKD.76050086(DB)
ESET Security (Windows)	a variant of Win32/TrojanDropper.Agent.SLC trojan
Sophos Anti-Virus (Linux)	Mal/Generic-S
DrWeb Antivirus (Linux)	Trojan.MulDrop24.48670
ClamAV (Linux)	Win.Malware.Munp-10033702-0
Bitdefender Antivirus (Linux)	Trojan.GenericKD.76050086
Kaspersky Standard (Windows)	UDS:Trojan.Win32.Ekstak.auydl
Emsisoft Commandline Scanner (Windows)	Trojan.GenericKD.76050086 (B)

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Lionic	Trojan.Win32.Ekstak.4!c
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.ObfuscatedPoly.rc
ALYac	Gen:Variant.Cerbu.198828
Cylance	Unsafe
VIPRE	Gen:Variant.Cerbu.198828
Sangfor	Dropper.Win32.Ekstak.V95c
K7AntiVirus	Trojan ( 005722fe1 )
BitDefender	Gen:Variant.Cerbu.198828
K7GW	Trojan ( 005722fe1 )
Cybereason	malicious.d1cc44
Arcabit	Trojan.Cerbu.D308AC
VirIT	Trojan.Win32.Genus.UWP
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/TrojanDropper.Agent.SLC
APEX	Malicious
Avast	FileRepMalware [Adw]
Kaspersky	Trojan.Win32.Ekstak.auydl
Alibaba	TrojanDropper:Win32/Ekstak.4d4a8897
NANO-Antivirus	Trojan.Win32.Ekstak.khguie
MicroWorld-eScan	Gen:Variant.Cerbu.198828
Emsisoft	Gen:Variant.Cerbu.198828 (B)
F-Secure	Trojan.TR/AD.Nekark.exghk
DrWeb	Trojan.MulDrop24.48670
McAfeeD	ti!B74ED680F0ED
FireEye	Gen:Variant.Cerbu.198828
Sophos	Mal/Generic-S
Ikarus	Trojan-Dropper.Win32.Agent
Jiangmin	Trojan.Ekstak.cimi
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/AD.Nekark.exghk
Antiy-AVL	Trojan/Win32.Ekstak
Kingsoft	Win32.Trojan.Ekstak.a
Xcitium	Malware@#3jprlv7z9hspu
Microsoft	Trojan:Win32/ICLoader.JL!MTB
ZoneAlarm	Trojan.Win32.Ekstak.auydl
GData	Win32.Trojan.PSE.SRMNXW
Varist	W32/Trojan.OGIR-2625
AhnLab-V3	Malware/Win.Generic.C5572649
DeepInstinct	MALICIOUS
VBA32	Trojan.ICLoader
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/Agent.AY
Tencent	Win32.Trojan.Ekstak.Fplw
Yandex	Trojan.Ekstak!pUzZJbEPSlY
MAX	malware (ai score=100)
MaxSecure	Trojan.Malware.222866663.susgen
Fortinet	W32/Agent.SLC!tr

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File b74ed680f0ede6f0d9d864481aee4f7e12137f25a4ad071524a2ef7e9a61a7ba.exe

Summary Download Resubmit sample Download yara

Score

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample Download yara