popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

minecraft_modpack.exe

UltraVNC
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 18, 2021, 5:57 p.m. March 18, 2021, 5:59 p.m.
Size 205.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 838a874b439653c3fa4e12fb709ef79c
SHA256 67379798051b6c0ecd91e17933944149e6f71455ad6201a1ee69c17169af9427
CRC32 3DD0F50E
ssdeep 3072:3DKW1LgppLRHMY0TBfJvjcTp5XKv5KLaaXsgWFoblq6Z5:3DKW1Lgbdl0TBBvjc/i5KaaXsgWyRq4
PDB Path
Yara
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • UltraVNC_Zero - UltraVNC
  • win_files_operation - Affect private profile
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check

Name Response Post-Analysis Lookup
WHOIS.APNIC.NET
A 172.104.79.63
A 172.104.77.201
172.104.77.201
whois.iana.org
CNAME ianawhois.vip.icann.org
A 192.0.32.59
192.0.32.59
api.ip.sb
CNAME api.ip.sb.cdn.cloudflare.net
A 104.26.13.31
A 104.26.12.31
A 172.67.75.172
172.67.75.172
IP Address Status Action
104.26.13.31 Active Moloch
164.124.101.2 Active Moloch
172.104.79.63 Active Moloch
178.157.91.208 Active Moloch
192.0.32.59 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49202 -> 104.26.13.31:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 178.157.91.208:3214 -> 192.168.56.101:49201 2221010 SURICATA HTTP unable to match response to request Generic Protocol Command Decode

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49202
104.26.13.31:443 		C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com 5e:7d:19:2d:d7:66:0c:63:45:a5:24:8f:b7:db:35:a7:61:6d:89:0e

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004fbbb8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004fbbb8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004fbbf8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004fbbf8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004fbc38
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004fbbb8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004fbbb8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004fbd38
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004fbd38
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004fbef8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x06075e10
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x06075e10
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x06075c50
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
pdb_path
file C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: f3 aa 8b 45 f0 8b 4d 08 8b 55 10 03 c8 2b d0 52
exception.symbol: minecraft_modpack+0xf088
exception.instruction: stosb byte ptr es:[edi], al
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61576
exception.address: 0x40f088
registers.esp: 1636996
registers.edi: 4350244
registers.eax: 0
registers.ebp: 1637012
registers.edx: 0
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 12
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4353968
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 513
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4358064
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 481
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4362160
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 449
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4366256
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 417
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4370352
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 385
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4374448
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 353
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4378544
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 321
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4382640
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 289
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4386736
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 257
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4390832
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 225
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4394928
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 193
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4399024
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 161
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4403120
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 129
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4407216
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 97
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4411312
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 65
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4415408
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 33
1 0 0

__exception__

 stacktrace: 
minecraft_modpack+0xf054 @ 0x40f054
minecraft_modpack+0xf0a0 @ 0x40f0a0
minecraft_modpack+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: minecraft_modpack+0xefff
exception.address: 0x40efff
exception.module: minecraft_modpack.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4419504
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 66
registers.ebx: 0
registers.esi: 32309320
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
0x2476582
0x2472632
0x2471711
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d0 85 c0 75 06 8b 15 2c
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x2476611
registers.esp: 1633944
registers.edi: 40405504
registers.eax: 0
registers.ebp: 1633968
registers.edx: 5151008
registers.ebx: 40405360
registers.esi: 40438444
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x247cc15
0x247cb59
0x247c5b3
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633356
registers.edi: 41076448
registers.eax: 0
registers.ebp: 1633392
registers.edx: 106125936
registers.ebx: 41074588
registers.esi: 41080220
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x247cc15
0x247cb59
0x247c5b3
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633356
registers.edi: 42047988
registers.eax: 0
registers.ebp: 1633392
registers.edx: 106125936
registers.ebx: 42046164
registers.esi: 42051740
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x247cc15
0x247cb59
0x247c5b3
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633356
registers.edi: 43005764
registers.eax: 0
registers.ebp: 1633392
registers.edx: 106125936
registers.ebx: 43003940
registers.esi: 39457484
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f1f36
0x75f1e89
0x247c635
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633340
registers.edi: 40041276
registers.eax: 0
registers.ebp: 1633376
registers.edx: 106125936
registers.ebx: 40039464
registers.esi: 39457560
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f1f36
0x75f1e89
0x247c635
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633340
registers.edi: 39765696
registers.eax: 0
registers.ebp: 1633376
registers.edx: 106125936
registers.ebx: 39763900
registers.esi: 39769448
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f1f36
0x75f1e89
0x247c635
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633340
registers.edi: 40733632
registers.eax: 0
registers.ebp: 1633376
registers.edx: 106125936
registers.ebx: 40731836
registers.esi: 40737384
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f245d
0x75f23a9
0x247c6b7
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633352
registers.edi: 41701644
registers.eax: 0
registers.ebp: 1633388
registers.edx: 106125936
registers.ebx: 41699836
registers.esi: 41705396
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f245d
0x75f23a9
0x247c6b7
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633352
registers.edi: 42742364
registers.eax: 0
registers.ebp: 1633388
registers.edx: 106125936
registers.ebx: 42740556
registers.esi: 42746116
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f245d
0x75f23a9
0x247c6b7
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633352
registers.edi: 43783084
registers.eax: 0
registers.ebp: 1633388
registers.edx: 106125936
registers.ebx: 43781276
registers.esi: 39457620
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f27a7
0x75f26f9
0x247c739
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633352
registers.edi: 40017692
registers.eax: 0
registers.ebp: 1633388
registers.edx: 106125936
registers.ebx: 40015868
registers.esi: 40021444
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f27a7
0x75f26f9
0x247c739
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633352
registers.edi: 41060568
registers.eax: 0
registers.ebp: 1633388
registers.edx: 106125936
registers.ebx: 41058760
registers.esi: 41064320
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f27a7
0x75f26f9
0x247c739
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633352
registers.edi: 42103444
registers.eax: 0
registers.ebp: 1633388
registers.edx: 106125936
registers.ebx: 42101636
registers.esi: 42107196
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x247cc15
0x247cb59
0x247c5b3
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633356
registers.edi: 43150892
registers.eax: 0
registers.ebp: 1633392
registers.edx: 106125936
registers.ebx: 43149068
registers.esi: 43154644
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x247cc15
0x247cb59
0x247c5b3
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633356
registers.edi: 44108380
registers.eax: 0
registers.ebp: 1633392
registers.edx: 106125936
registers.ebx: 44106556
registers.esi: 39457648
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x247cc15
0x247cb59
0x247c5b3
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633356
registers.edi: 39951312
registers.eax: 0
registers.ebp: 1633392
registers.edx: 106125936
registers.ebx: 39949488
registers.esi: 39955064
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f1f36
0x75f1e89
0x247c635
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633340
registers.edi: 40908804
registers.eax: 0
registers.ebp: 1633376
registers.edx: 106125936
registers.ebx: 40907008
registers.esi: 40912556
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f1f36
0x75f1e89
0x247c635
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633340
registers.edi: 41876740
registers.eax: 0
registers.ebp: 1633376
registers.edx: 106125936
registers.ebx: 41874944
registers.esi: 41880492
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f1f36
0x75f1e89
0x247c635
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633340
registers.edi: 42844676
registers.eax: 0
registers.ebp: 1633376
registers.edx: 106125936
registers.ebx: 42842880
registers.esi: 42848428
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f245d
0x75f23a9
0x247c6b7
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633352
registers.edi: 43812656
registers.eax: 0
registers.ebp: 1633388
registers.edx: 106125936
registers.ebx: 43810848
registers.esi: 39457692
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f245d
0x75f23a9
0x247c6b7
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633352
registers.edi: 40110080
registers.eax: 0
registers.ebp: 1633388
registers.edx: 106125936
registers.ebx: 40108272
registers.esi: 40113832
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f245d
0x75f23a9
0x247c6b7
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633352
registers.edi: 41150800
registers.eax: 0
registers.ebp: 1633388
registers.edx: 106125936
registers.ebx: 41148992
registers.esi: 41154552
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f27a7
0x75f26f9
0x247c739
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633352
registers.edi: 42191552
registers.eax: 0
registers.ebp: 1633388
registers.edx: 106125936
registers.ebx: 42189744
registers.esi: 42195304
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f27a7
0x75f26f9
0x247c739
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633352
registers.edi: 43234428
registers.eax: 0
registers.ebp: 1633388
registers.edx: 106125936
registers.ebx: 43232620
registers.esi: 43238180
registers.ecx: 106126608
1 0 0

__exception__

 stacktrace: 
0x75f27a7
0x75f26f9
0x247c739
0x247732f
0x247171b
0x24715a0
0x2470596
0x2470518
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d36ad @ 0x6ff136ad
mscorlib+0x308f2d @ 0x6ff48f2d
0x2470398
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737
mscorlib+0x2d3711 @ 0x6ff13711
mscorlib+0x308f2d @ 0x6ff48f2d
mscorlib+0x3133fd @ 0x6ff533fd
mscorlib+0x9873b1 @ 0x705c73b1
mscorlib+0x97b352 @ 0x705bb352
DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x72742a8e
DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7283cd14
0x4aa062
minecraft_modpack+0x2403 @ 0x402403

exception.instruction_r: 8b 40 04 89 45 dc 0f b6 45 e0 85 c0 74 15 8b ce
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x247ce53
registers.esp: 1633352
registers.edi: 39640232
registers.eax: 0
registers.ebp: 1633388
registers.edx: 106125936
registers.ebx: 39638424
registers.esi: 39457716
registers.ecx: 106126608
1 0 0
suspicious_features GET method with no useragent header suspicious_request GET https://api.ip.sb/geoip
request GET https://api.ip.sb/geoip
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 917504
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01fd0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02070000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 2162688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x020b0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02280000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72741000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72742000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 393216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01e60000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01e80000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x004a2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02281000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02282000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x004aa000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x004ac000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02283000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01dcc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02284000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01deb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01de7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02470000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01de5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01dd6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01dca000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01dda000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01dd7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01ddb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0249f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02490000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01dcd000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02471000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01ddc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01dd8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01ddd000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01dde000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0xfff50000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0xfff50000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0xfff50000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0xfff58000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0xfff40000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0xfff40000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02491000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01ddf000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01dec000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02472000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02473000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02474000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02475000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6aad2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02476000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01dd9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02477000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\test22\AppData\Local\Google\Chrome\User Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file C:\Users\test22\AppData\Local\Chromium\User Data
file C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data
file C:\Users\test22\AppData\Local\Nichrome\User Data
file C:\Users\test22\AppData\Local\Yandex\YandexBrowser\User Data
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 15
family: 0
111 0
section {u'size_of_data': u'0x00011600', u'virtual_address': u'0x00026000', u'entropy': 7.985506676030275, u'name': u'.rsrc', u'virtual_size': u'0x000115fc'} entropy 7.98550667603 description A section with a high entropy has been found
entropy 0.339853300733 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
url http://www.expedia.com/favicon.ico
url http://uk.ask.com/favicon.ico
url http://www.priceminister.com/
url http://crl.identrust.com/DSTROOTCAX3CRL.crl0
url http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
url http://www.iask.com/favicon.ico
url http://www.merlin.com.pl/favicon.ico
url http://www.cnet.com/favicon.ico
url https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
url http://schemas.xmlsoap.org/ws/2004/09/transfer/GetResponseT
url http://search.nifty.com/
url http://ns.adobe.com/exif/1.0/
url http://www.etmall.com.tw/
url http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal
url http://search.goo.ne.jp/
url http://fr.wikipedia.org/favicon.ico
url http://busca.estadao.com.br/favicon.ico
url http://search.hanafos.com/favicon.ico
url http://search.chol.com/favicon.ico
url http://amazon.fr/
url http://download.microsoft.com
url http://www.amazon.co.jp/
url http://www.mtv.com/favicon.ico
url http://busqueda.aol.com.mx/
url http://search.live.com/results.aspx?FORM=SOLTDF
url http://msdn.microsoft.com/
url http://www.sogou.com/favicon.ico
url http://www.sify.com/favicon.ico
url http://yellowpages.superpages.com/
url http://suche.freenet.de/
url http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson
url http://search.aol.com/
url http://browse.guardian.co.uk/
url http://www.mercadolibre.com.mx/
url http://www.auction.co.kr/auction.ico
url http://www.facebook.com/
url http://si.wikipedia.org/favicon.ico
url http://tempuri.org/IConnectionRegister/ValidateUriRouteResponse
url http://ocsp.digicert.com0
url http://www.rtl.de/favicon.ico
url https://www.google.com/favicon.ico
url http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal
url http://search.msn.com/results.aspx?q=
url http://www.microsoft.com/pki/certs/MicrosoftWinPCA.crt0
url http://search.naver.com/favicon.ico
url https://www.verisign.com/repository/verisignlogo.gif0D
url http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/RenewT
url http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/IssueT
url http://isrg.trustid.ocsp.identrust.com0
url http://en.wikipedia.org/favicon.ico
description Hijack network configuration rule hijack_network
description Create a windows service rule create_service
description Listen for incoming communication rule network_tcp_listen
description Communications smtp rule network_smtp_dotNet
description Communications over RAW socket rule network_tcp_socket
description Communications use DNS rule network_dns
description Communication using dga rule network_dga
description Escalade priviledges rule escalate_priv
description Take screenshot rule screenshot
description Run a keylogger rule keylogger
description Steal credential rule cred_local
description APC queue tasks migration rule migrate_apc
description Create or check mutex rule win_mutex
description Affect system registries rule win_registry
description Affect system token rule win_token
description Affect private profile rule win_files_operation
description Match Winsock 2 API library declaration rule Str_Win32_Winsock2_Library
description Match Windows Inet API library declaration rule Str_Win32_Wininet_Library
description Match Windows Http API call rule Str_Win32_Http_API
description (no description) rule ldpreload
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerException__SetConsoleCtrl
description Possibly employs anti-virtualization techniques rule vmdetect
description Detection of Virtual Appliances through the use of WMI for use of evasion. rule WMI_VM_Detect
description Checks if being debugged rule anti_dbg
description Following Rule is referenced from AlienVault's Yara rule repository.This rule contains additional processes and driver names. rule vmdetect_misc
Time & API Arguments Status Return Repeated

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000002
key_handle: 0x00000840
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0

RegOpenKeyExW

 regkey_r: AddressBook
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExW

 regkey_r: Connection Manager
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExW

 regkey_r: DirectDrawEx
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExW

 regkey_r: EditPlus
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExW

 regkey_r: ENTERPRISE
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE
1 0 0

RegOpenKeyExW

 regkey_r: Fontcore
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExW

 regkey_r: Google Chrome
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: Haansoft HWord 80 Korean
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExW

 regkey_r: IE40
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExW

 regkey_r: IE4Data
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0

RegOpenKeyExW

 regkey_r: IE5BAKEX
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0

RegOpenKeyExW

 regkey_r: IEData
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0

RegOpenKeyExW

 regkey_r: MobileOptionPack
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0

RegOpenKeyExW

 regkey_r: SchedulingAgent
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0

RegOpenKeyExW

 regkey_r: WIC
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0

RegOpenKeyExW

 regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
1 0 0

RegOpenKeyExW

 regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
1 0 0

RegOpenKeyExW

 regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0015-0412-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0016-0412-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0018-0412-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0019-0412-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-001A-0412-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-001B-0412-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-001F-0409-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-001F-0412-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0028-0412-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-002C-0412-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0030-0000-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0044-0412-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-006E-0409-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-006E-0412-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-00A1-0412-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-00BA-0409-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0114-0412-0000-0000000FF1CE}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}
1 0 0

RegOpenKeyExW

 regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}
1 0 0

RegOpenKeyExW

 regkey_r: {d992c12e-cab2-426f-bde3-fb8c53950b0d}
base_handle: 0x00000840
key_handle: 0x00000844
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}
1 0 0
wmi SELECT * FROM Win32_Processor
host 178.157.91.208
file C:\Users\test22\AppData\Roaming\Electrum\wallets
file C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml
wmi SELECT * FROM Win32_VideoController
wmi SELECT * FROM AntivirusProduct
wmi SELECT * FROM Win32_OperatingSystem
wmi SELECT * FROM Win32_Process Where SessionId='1'
wmi SELECT * FROM AntiSpyWareProuct
wmi SELECT * FROM FirewallProduct
wmi SELECT * FROM Win32_DiskDrive
wmi SELECT * FROM Win32_Processor
file C:\Users\test22\AppData\Roaming\.purple\accounts.xml
Time & API Arguments Status Return Repeated

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Enterprise 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: HttpWatch Professional 9.3.39
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Google Update Helper
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Access MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Excel MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office PowerPoint MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Publisher MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Outlook MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Word MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office IME (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Enterprise 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office InfoPath MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OneNote MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Groove MUI (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 ActiveX
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 NPAPI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000844
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName
1 0 0
file C:\Users\test22\AppData\Roaming\Exodus\exodus.wallet
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Bulz.363132
FireEye Generic.mg.838a874b439653c3
CAT-QuickHeal Trojanpws.Msil
McAfee RDN/Generic PWS.y
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Alibaba TrojanPSW:MSIL/RedLine.32d211dd
K7GW Spyware ( 00576cc11 )
K7AntiVirus Spyware ( 00576cc11 )
Arcabit Trojan.Bulz.D58A7C
BitDefenderTheta Gen:NN.ZexaF.34608.mq0@aCGscf
Cyren W32/Trojan.DAN.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:TrojanX-gen [Trj]
Kaspersky HEUR:Trojan-PSW.MSIL.Reline.vho
BitDefender Gen:Variant.Bulz.363132
NANO-Antivirus Trojan.Win32.Reline.inklfg
Paloalto generic.ml
Ad-Aware Gen:Variant.Bulz.363132
TACHYON Trojan/W32.Blocker.210432
Emsisoft Trojan-Spy.Agent (A)
F-Secure Trojan.TR/AD.RedLineSteal.mcfke
DrWeb Trojan.PWS.Siggen2.61925
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0DBQ21
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
Sophos Mal/Generic-S
Ikarus Trojan.MSIL.CoinMiner
Avira TR/AD.RedLineSteal.mcfke
Microsoft PWS:MSIL/RedLine.GG!MTB
ZoneAlarm HEUR:Trojan-PSW.MSIL.Reline.vho
GData Gen:Variant.Bulz.363132
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C4348900
Acronis suspicious
ALYac Gen:Variant.Bulz.363132
MAX malware (ai score=88)
Malwarebytes Trojan.MalPack
ESET-NOD32 a variant of MSIL/Spy.Agent.DCX
TrendMicro-HouseCall TROJ_GEN.R002C0DBQ21
Rising Spyware.Agent!8.C6 (CLOUD)
Yandex TrojanSpy.Agent!AF2gPzmieL4
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_97%
Fortinet W32/Reline.DCX!tr.pws
MaxSecure Trojan.Malware.300983.susgen