Calls
Process tree
Screenshots
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\DownloadManager","DesiredAccess":"0xf003f","KeyHandle":"0x190","TitleIndex":"0x0","CreateDisposition":"0x12ea88","Class":"0x12ed60"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0xf003f","hKey":"HKEY_LOCAL_MACHINE","dwOptions":"0x0","phkResult":"","lpClass":"0x0","lpSubKey":"Software\\Microsoft\\DownloadManager"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x190","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x190"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7fefead2a60","lpcbData":"0x12e114","lpType":"0","lpValueName":"CreateUriCacheSize"}
Returned value:
0x2
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x194","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x198","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x198"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7fefead2a60","lpcbData":"0x12e114","lpType":"0","lpValueName":"CreateUriCacheSize"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x19c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x19c"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7fefead2a60","lpcbData":"0x12e114","lpType":"0","lpValueName":"CreateUriCacheSize"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1a0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x1a0"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7fefead2a60","lpcbData":"0x12e114","lpType":"0","lpValueName":"CreateUriCacheSize"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7fefead29d0","lpcbData":"0x12dd44","lpType":"0","lpValueName":"EnablePunycode"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7fefead29d0","lpcbData":"0x12dd44","lpType":"0","lpValueName":"EnablePunycode"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7fefead29d0","lpcbData":"0x12dd44","lpType":"0","lpValueName":"EnablePunycode"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1a4","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1a4","objectName":"Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","phkResult":"0x1a4"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1a8","objectName":"Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","phkResult":"0x1a8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_MIME_HANDLING","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_MIME_HANDLING","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1ac","objectName":"FEATURE_MIME_HANDLING","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_MIME_HANDLING","phkResult":"0x1ac"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\api-ms-win-downlevel-shlwapi-l2-1-0.dll"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\api-ms-win-downlevel-shlwapi-l2-1-0.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x1b0","objectName":"\\??\\C:\\Windows\\system32\\api-ms-win-downlevel-shlwapi-l2-1-0.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-shlwapi-l2-1-0.dll"}
Returned value:
0x7fef72a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-shlwapi-l2-1-0.dll"}
Returned value:
0x7fef72a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"IUnknown_QueryService","hModule":"shlwapi.dll"}
Returned value:
0x7feff341c28
KernelBase.dll! OpenProcess #process (#3028) EncryptFlag.exe
Arguments:
{"dwProcessId":3028}
Returned value:
0x1b0
KernelBase.dll! OpenProcess #process (#3028) EncryptFlag.exe
Arguments:
{"dwProcessId":3028}
Returned value:
0x1b4
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x1b0","objectName":"\\??\\C:"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1b0","objectName":"Software\\Microsoft\\Internet Explorer\\Main","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Internet Explorer\\Main","phkResult":"0x1b0"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12d2a0","lpcbData":"0x12d294","lpType":"0","lpValueName":"FrameTabWindow"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1b4","objectName":"Software\\Microsoft\\Internet Explorer\\Main","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Internet Explorer\\Main","phkResult":"0x1b4"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12d2a0","lpcbData":"0x12d294","lpType":"0","lpValueName":"FrameTabWindow"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12d2a0","lpcbData":"0x12d294","lpType":"0","lpValueName":"FrameMerging"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12d2a0","lpcbData":"0x12d294","lpType":"0","lpValueName":"FrameMerging"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12d2a0","lpcbData":"0x12d294","lpType":"0","lpValueName":"SessionMerging"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12d2a0","lpcbData":"0x12d294","lpType":"0","lpValueName":"SessionMerging"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12d2a0","lpcbData":"0x12d294","lpType":"0","lpValueName":"AdminTabProcs"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12d2a0","lpcbData":"0x12d294","lpType":"0","lpValueName":"AdminTabProcs"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Internet Explorer\\Main","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Policies\\Microsoft\\Internet Explorer\\Main","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Internet Explorer\\Main","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Policies\\Microsoft\\Internet Explorer\\Main","phkResult":"0x0"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12de60","lpcbData":"0x12d294","lpType":"0","lpValueName":"TabProcGrowth"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12de60","lpcbData":"0x12d294","lpType":"0","lpValueName":"TabProcGrowth"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12de04","lpcbData":"0x12d294","lpType":"0","lpValueName":"TabProcGrowth"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12de04","lpcbData":"0x12d294","lpType":"0","lpValueName":"TabProcGrowth"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1b8","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PROTOCOLS\\Name-Space Handler\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"\\Registry\\Machine\\Software\\Classes\\PROTOCOLS\\Name-Space Handler","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CLASSES_ROOT","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"PROTOCOLS\\Name-Space Handler\\","phkResult":"0x1be"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PROTOCOLS\\Name-Space Handler\\https\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\Registry\\Machine\\Software\\Classes\\PROTOCOLS\\Name-Space Handler\\https","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CLASSES_ROOT","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"PROTOCOLS\\Name-Space Handler\\https\\","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PROTOCOLS\\Name-Space Handler\\*\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\Registry\\Machine\\Software\\Classes\\PROTOCOLS\\Name-Space Handler\\*","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CLASSES_ROOT","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"PROTOCOLS\\Name-Space Handler\\*\\","phkResult":"0x0"}
Returned value:
0x2
KernelBase.dll! GetTickCount #highlight (#3028) EncryptFlag.exe
Arguments:
{}
Returned value:
0x29ddc
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SOFTWARE\\Microsoft\\OLEAUT","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SOFTWARE\\Microsoft\\OLEAUT","DesiredAccess":"0x1"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"OLEAUT32.dll"}
Returned value:
0x7feff3c0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"OLEAUT32.dll"}
Returned value:
0x7feff3c0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x6","hModule":null}
Returned value:
0x7feff3c11b0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"Software\\Microsoft\\Ole","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"FEATURE_BROWSER_EMULATION","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_BROWSER_EMULATION","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"FEATURE_BROWSER_EMULATION","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_BROWSER_EMULATION","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c4","objectName":"Software\\Policies","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Policies","phkResult":"0x1c4"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c8","objectName":"Software\\Policies","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Policies","phkResult":"0x1c8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1cc","objectName":"Software","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software","phkResult":"0x1cc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d0","objectName":"Software","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software","phkResult":"0x1d0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d4","objectName":"\\REGISTRY\\MACHINE\\Software\\Wow6432Node","DesiredAccess":"0x20219"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20219","lpSubKey":"Software","phkResult":"0x1d4"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x1c0"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetTokenInformation","hModule":"KernelBase.dll"}
Returned value:
0x7feff4bd8a0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\Secur32.dll"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\Secur32.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x1d8","objectName":"\\??\\C:\\Windows\\system32\\Secur32.dll"}
Returned value:
0x0
KernelBase.dll! GetTickCount #highlight (#3028) EncryptFlag.exe
Arguments:
{}
Returned value:
0x29dfb
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"Secur32.dll"}
Returned value:
0x7fefc9f0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"Secur32.dll"}
Returned value:
0x7fefc9f0000
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\SSPICLI.DLL"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\SSPICLI.DLL"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x1d8","objectName":"\\??\\C:\\Windows\\system32\\SSPICLI.DLL"}
Returned value:
0x0
KernelBase.dll! GetTickCount #highlight (#3028) EncryptFlag.exe
Arguments:
{}
Returned value:
0x29dfb
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetUserNameExA","hModule":"sspicli.dll"}
Returned value:
0x7fefcbb1640
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetSidSubAuthorityCount","hModule":"KernelBase.dll"}
Returned value:
0x7feff4b3b84
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetSidSubAuthority","hModule":"KernelBase.dll"}
Returned value:
0x7feff4b3b98
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegCreateKeyExA","hModule":"kernel32.dll"}
Returned value:
0x7feff4b4390
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x2001f","KeyHandle":"0x1ec","TitleIndex":"0x0","CreateDisposition":"0x12d988","Class":"0x12dc60"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x7fe0002001f","hKey":"HKEY_CURRENT_USER","dwOptions":"0x0","phkResult":"","lpClass":"0x0","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegQueryValueExA","hModule":"kernel32.dll"}
Returned value:
0x7feff4c4060
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegOpenKeyExW","hModule":"kernel32.dll"}
Returned value:
0x7feff4c4210
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1f0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","DesiredAccess":"0x9"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x9","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","phkResult":"0x1f0"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegGetValueW","hModule":"kernel32.dll"}
Returned value:
0x7feff4b3bd0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegCloseKey","hModule":"kernel32.dll"}
Returned value:
0x7feff4c4240
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"SHELL32.dll"}
Returned value:
0x7fefd270000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"SHELL32.dll"}
Returned value:
0x7fefd270000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SHGetKnownFolderPath","hModule":"shell32.dll"}
Returned value:
0x7fefd314bf0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1f4","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ole32.dll"}
Returned value:
0x7fefe1d0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ole32.dll"}
Returned value:
0x7fefe1d0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"StringFromGUID2","hModule":"ole32.dll"}
Returned value:
0x7fefe1eede0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1f8","objectName":"{352481E8-33BE-4251-BA85-6007CAEDCF9D}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PropertyBag","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ADVAPI32.dll"}
Returned value:
0x7feff4a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ADVAPI32.dll"}
Returned value:
0x7feff4a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"OpenThreadToken","hModule":"KernelBase.dll"}
Returned value:
0x7feff4be168
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1f8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1f4","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"KnownFolders","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1f4","objectName":"\\REGISTRY\\USER","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1fc","objectName":".DEFAULT","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x200","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"profapi.dll"}
Returned value:
0x7fefcdf0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"profapi.dll"}
Returned value:
0x7fefcdf0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x68","hModule":null}
Returned value:
0x7fefcdf10b0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1fc","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemAlloc","hModule":"ole32.dll"}
Returned value:
0x7fefe1f37d0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x200","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"KnownFolders","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x200","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x200","samDesired":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1fc","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files"}
Returned value:
0x2016
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CopySid","hModule":"KernelBase.dll"}
Returned value:
0x7feff4b3b7c
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\api-ms-win-downlevel-advapi32-l2-1-0.dll"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\api-ms-win-downlevel-advapi32-l2-1-0.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x200","objectName":"\\??\\C:\\Windows\\system32\\api-ms-win-downlevel-advapi32-l2-1-0.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-advapi32-l2-1-0.dll"}
Returned value:
0x7fef8dd0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-advapi32-l2-1-0.dll"}
Returned value:
0x7fef8dd0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertSidToStringSidW","hModule":"sechost.dll"}
Returned value:
0x7feff4bd6d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertStringSecurityDescriptorToSecurityDescriptorW","hModule":"sechost.dll"}
Returned value:
0x7feff4b4750
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x1fc","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat"}
Returned value:
0x0
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x12dd88","dwCreationDisposition":"0x4","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat","dwDesiredAccess":"0xc0000000","dwShareMode":"0x3"}
Returned value:
0x1fc
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-ole32-l1-1-0.dll"}
Returned value:
0x7fefcf10000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-ole32-l1-1-0.dll"}
Returned value:
0x7fefcf10000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemFree","hModule":"ole32.dll"}
Returned value:
0x7fefe1f3780
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"EventRegister","hModule":"api-ms-win-eventing-provider-l1-1-0.dll"}
Returned value:
0x772a6da0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegGetValueA","hModule":"kernel32.dll"}
Returned value:
0x7feff4aa7e0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x2bd","hModule":null}
Returned value:
0x7fefe8872d0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_HTTP_USERNAME_PASSWORD_DISABLE","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_HTTP_USERNAME_PASSWORD_DISABLE","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"FEATURE_HTTP_USERNAME_PASSWORD_DISABLE","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_HTTP_USERNAME_PASSWORD_DISABLE","phkResult":"0x20c"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x2bf","hModule":null}
Returned value:
0x7fefe873230
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","phkResult":"0x20c"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","phkResult":"0x210"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7feff0f1668","lpcbData":"0x12de74","lpType":"0","lpValueName":"FEATURE_CLIENTAUTHCERTFILTER"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7feff0f1668","lpcbData":"0x12de74","lpType":"0","lpValueName":"FEATURE_CLIENTAUTHCERTFILTER"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"RETRY_HEADERONLYPOST_ONCONNECTIONRESET","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"RETRY_HEADERONLYPOST_ONCONNECTIONRESET","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"RETRY_HEADERONLYPOST_ONCONNECTIONRESET","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"RETRY_HEADERONLYPOST_ONCONNECTIONRESET","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_INCLUDE_PORT_IN_SPN_KB908209","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_INCLUDE_PORT_IN_SPN_KB908209","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_INCLUDE_PORT_IN_SPN_KB908209","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_INCLUDE_PORT_IN_SPN_KB908209","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_BUFFERBREAKING_818408","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_BUFFERBREAKING_818408","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_BUFFERBREAKING_818408","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_BUFFERBREAKING_818408","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_USE_CNAME_FOR_SPN_KB911149","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_USE_CNAME_FOR_SPN_KB911149","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_USE_CNAME_FOR_SPN_KB911149","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_USE_CNAME_FOR_SPN_KB911149","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DIGEST_NO_EXTRAS_IN_URI","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DIGEST_NO_EXTRAS_IN_URI","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DIGEST_NO_EXTRAS_IN_URI","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DIGEST_NO_EXTRAS_IN_URI","phkResult":"0x0"}
Returned value:
0x2
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x2be","hModule":null}
Returned value:
0x7fefe873420
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228","phkResult":"0x0"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7feff0f070c","lpcbData":"0x12d424","lpType":"0","lpValueName":"SecureProtocols"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7feff0f070c","lpcbData":"0x12d424","lpType":"0","lpValueName":"SecureProtocols"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7feff0f070c","lpcbData":"0x12d424","lpType":"0","lpValueName":"SecureProtocols"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Internet Explorer","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Policies\\Microsoft\\Internet Explorer","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x12d430","lpcbData":"0x12d424","lpType":"0","lpValueName":"EnableHttp1_1"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x12d430","lpcbData":"0x12d424","lpType":"0","lpValueName":"EnableHttp1_1"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x12d430","lpcbData":"0x12d424","lpType":"0","lpValueName":"EnableHttp1_1"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x12d430","lpcbData":"0x12d424","lpType":"0","lpValueName":"ProxyHttp1.1"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x12d430","lpcbData":"0x12d424","lpType":"0","lpValueName":"ProxyHttp1.1"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x12d430","lpcbData":"0x12d424","lpType":"0","lpValueName":"ProxyHttp1.1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegOpenKeyExA","hModule":"kernel32.dll"}
Returned value:
0x7feff4bd6b0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","phkResult":"0x20c"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x214","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","phkResult":"0x214"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x214","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x214","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x214","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x214","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x214","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_SCH_SEND_AUX_RECORD_KB_2618444","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_SCH_SEND_AUX_RECORD_KB_2618444","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_SCH_SEND_AUX_RECORD_KB_2618444","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_SCH_SEND_AUX_RECORD_KB_2618444","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x214","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x214"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x214","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x214"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemAlloc","hModule":"ole32.dll"}
Returned value:
0x7fefe1f37d0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x210"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"WS2_32.dll"}
Returned value:
0x7fefd1a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"WS2_32.dll"}
Returned value:
0x7fefd1a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x73","hModule":null}
Returned value:
0x7fefd1a4ae0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x6f","hModule":null}
Returned value:
0x7fefd1a1290
KernelBase.dll! GetTickCount64 #highlight (#3028) EncryptFlag.exe
Arguments:
{}
Returned value:
0x29e1a
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\winhttp.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x218","objectName":"\\??\\C:\\Windows\\system32\\winhttp.dll"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\webio.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x218","objectName":"\\??\\C:\\Windows\\system32\\webio.dll"}
Returned value:
0x0
KernelBase.dll! GetTickCount #highlight (#3028) EncryptFlag.exe
Arguments:
{}
Returned value:
0x29e1a
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"winhttp.dll"}
Returned value:
0x7fef9c00000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpCreateProxyResolver","hModule":null}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x218","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WinHttp","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WinHttp","phkResult":"0x218"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x317","hModule":null}
Returned value:
0x7fefe876340
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x21c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad","phkResult":"0x21c"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegQueryValueExW","hModule":"kernel32.dll"}
Returned value:
0x7feff4be6f0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad","lpData":"0x12def8","lpcbData":"0x12df00","lpType":"0","lpValueName":"WpadOverride"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x220","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x220"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_MAXCONNECTIONSPERSERVER","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_MAXCONNECTIONSPERSERVER","phkResult":"0x0"}
Returned value:
0x2
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x17","hModule":null}
Returned value:
0x7fefd1ad910
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x220","objectName":"FEATURE_MAXCONNECTIONSPERSERVER","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_MAXCONNECTIONSPERSERVER","phkResult":"0x220"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_MAXCONNECTIONSPER1_0SERVER","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_MAXCONNECTIONSPER1_0SERVER","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x220","objectName":"FEATURE_MAXCONNECTIONSPER1_0SERVER","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_MAXCONNECTIONSPER1_0SERVER","phkResult":"0x220"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\mswsock.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x1bc","objectName":"\\??\\C:\\Windows\\system32\\mswsock.dll"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"EventActivityIdControl","hModule":"api-ms-win-eventing-provider-l1-1-0.dll"}
Returned value:
0x772e2a60
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\PeerDist\\Service","DesiredAccess":"0x20119"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20119","lpSubKey":"Software\\Policies\\Microsoft\\PeerDist\\Service","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","DesiredAccess":"0x20119"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20119","lpSubKey":"Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","phkResult":"0x1bc"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\mswsock.dll"}
Returned value:
0x7fefc520000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSPStartup","hModule":"vsocklib.dll"}
Returned value:
0x7fefc528d60
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x220","objectName":"\\Registry\\Machine\\Software\\Policies\\Microsoft\\SQMClient\\Windows","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x224","objectName":"\\Registry\\Machine\\Software\\Microsoft\\SQMClient\\Windows","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x224","objectName":"SYSTEM\\CurrentControlSet\\Services\\Winsock\\Parameters","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x224","objectName":"System\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Winsock","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x224","objectName":"SYSTEM\\CurrentControlSet\\Services\\Winsock\\Setup Migration\\Providers","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x220","objectName":"Tcpip6","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x224","objectName":"System\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Winsock","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\wship6.dll"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_URLMON_IQDA_SIZE","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_URLMON_IQDA_SIZE","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_URLMON_IQDA_SIZE","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_URLMON_IQDA_SIZE","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x220","objectName":"\\??\\C:\\Windows\\System32\\wship6.dll"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_BLOCK_WEAK_ENCRYPTION","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_BLOCK_WEAK_ENCRYPTION","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_BLOCK_WEAK_ENCRYPTION","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_BLOCK_WEAK_ENCRYPTION","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DISABLE_HSTS","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DISABLE_HSTS","phkResult":"0x0"}
Returned value:
0x2
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\wship6.dll"}
Returned value:
0x7fefc510000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHOpenSocket","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc511850
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHOpenSocket2","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc5111f0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHJoinLeaf","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc511ac8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHNotify","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc511890
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHGetSocketInformation","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc5111a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHSetSocketInformation","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc511560
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHGetSockaddrType","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc511138
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DISABLE_HSTS","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DISABLE_HSTS","phkResult":"0x0"}
Returned value:
0x2
wininet.dll! InternetConnectW #network (#3028) EncryptFlag.exe
Arguments:
{"lpszUrl":"p"}
Returned value:
null
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHGetWildcardSockaddr","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc5113d8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHGetBroadcastSockaddr","hModule":"WSHTCPIP.DLL"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHAddressToString","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc511010
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHStringToAddress","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc5110a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHIoctl","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc511c98
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x224","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x15","hModule":null}
Returned value:
0x7fefd1ad7b0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSAIoctl","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1ad150
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x3","hModule":null}
Returned value:
0x7fefd1a18e0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x74","hModule":null}
Returned value:
0x7fefd1a4e20
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"NotifyIpInterfaceChange","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e93c0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegCreateKeyExW","hModule":"kernel32.dll"}
Returned value:
0x7feff4bd5f0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1","KeyHandle":"0x234","TitleIndex":"0x0","CreateDisposition":"0x12d8e8","Class":"0x12dbc0"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x1","hKey":"HKEY_CURRENT_USER","dwOptions":"0x0","phkResult":"","lpClass":"0x7fefed3ecf0","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","lpData":"","lpcbData":"0x12ddfc","lpType":"0","lpValueName":"DefaultConnectionSettings"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","lpData":"","lpcbData":"0x12dd88","lpType":"0","lpValueName":"DefaultConnectionSettings"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UrlMon Settings","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UrlMon Settings","phkResult":"0x0"}
Returned value:
0x2
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CRYPT32.dll"}
Returned value:
0x7fefcf90000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CRYPT32.dll"}
Returned value:
0x7fefcf90000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CertOpenStore","hModule":"crypt32.dll"}
Returned value:
0x7fefcf99de0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x238","objectName":"SYSTEM\\CurrentControlSet\\Services\\crypt32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x238","objectName":"SYSTEM\\CurrentControlSet\\Services\\crypt32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x250","objectName":"Software\\Microsoft\\Cryptography\\OID","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x254","objectName":"EncodingType 0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x258","objectName":"CertDllOpenStoreProv","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x25c","objectName":"#16","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x25c","objectName":"Ldap","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x254","objectName":"EncodingType 1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CertDllOpenStoreProv","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x250","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\my\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x250","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x254","objectName":"Software\\Microsoft\\SystemCertificates\\my","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"USERENV.dll"}
Returned value:
0x7fefd170000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"USERENV.dll"}
Returned value:
0x7fefd170000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetUserProfileDirectoryW","hModule":"userenv.dll"}
Returned value:
0x7fefd171c00
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-SDDL-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-SDDL-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertSidToStringSidW","hModule":"sechost.dll"}
Returned value:
0x7fefe40d128
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x250","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x254","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x250","objectName":"Software\\Microsoft\\SystemCertificates\\my","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x254","objectName":"0x12c860","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x258","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x260","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x260","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x250","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"ZoneMap\\Ranges\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"ZoneMap\\Ranges\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"ZoneMap\\Ranges\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x2001f","KeyHandle":"0x264","TitleIndex":"0x0","CreateDisposition":"0x12ccf8","Class":"0x12cfd0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x268","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Internet Explorer","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Policies\\Microsoft\\Internet Explorer","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x26c","objectName":"Microsoft\\Internet Explorer\\Security","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Internet Explorer\\Security","phkResult":"0x26c"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Security","lpData":"0x12cf70","lpcbData":"0x12cc44","lpType":"0","lpValueName":"DisableSecuritySettingsCheck"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x26c","objectName":"Microsoft\\Internet Explorer\\Security","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Internet Explorer\\Security","phkResult":"0x26c"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Security","lpData":"0x12cf70","lpcbData":"0x12cc44","lpType":"0","lpValueName":"DisableSecuritySettingsCheck"}
Returned value:
0x2
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"Secur32.dll"}
Returned value:
0x7fefc9f0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"Secur32.dll"}
Returned value:
0x7fefc9f0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetUserNameExW","hModule":"sspicli.dll"}
Returned value:
0x7fefcbb1118
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x270","objectName":"System\\Setup","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"System\\Setup","phkResult":"0x270"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","lpData":"","lpcbData":"0x12cca0","lpType":"0","lpValueName":"SystemSetupInProgress"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x270","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\","phkResult":"0x270"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x274","objectName":"0","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"0","phkResult":"0x274"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x274","objectName":"1","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"1","phkResult":"0x274"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x274","objectName":"2","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"2","phkResult":"0x274"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x274","objectName":"3","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"3","phkResult":"0x274"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x274","objectName":"4","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"4","phkResult":"0x274"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x270","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateMutant #native (#3028) EncryptFlag.exe
Arguments:
{"DesiredAccess":"0x1f0001","objectName":"Local\\ZonesCacheCounterMutex","MutantHandle":"0x12c418"}
Returned value:
0x40000000
KernelBase.dll! CreateMutexA #mutex (#3028) EncryptFlag.exe
Arguments:
{"lpName":"Local\\ZonesCacheCounterMutex"}
Returned value:
0x274
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x278","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x27c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x278","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x280","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x284","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x288","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x278","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x280","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x278","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x280","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x278","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x28c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x270","objectName":"FEATURE_LOCALMACHINE_LOCKDOWN","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_LOCALMACHINE_LOCKDOWN","phkResult":"0x270"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"NotifyUnicastIpAddressChange","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e6c14
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x270","objectName":"FEATURE_LOCALMACHINE_LOCKDOWN","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_LOCALMACHINE_LOCKDOWN","phkResult":"0x270"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x270","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateMutant #native (#3028) EncryptFlag.exe
Arguments:
{"DesiredAccess":"0x1f0001","objectName":"Local\\ZonesLockedCacheCounterMutex","MutantHandle":"0x12c418"}
Returned value:
0x40000000
KernelBase.dll! CreateMutexA #mutex (#3028) EncryptFlag.exe
Arguments:
{"lpName":"Local\\ZonesLockedCacheCounterMutex"}
Returned value:
0x298
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x29c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetBestInterfaceEx","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e11c4
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x228","objectName":"\\??\\Nsi"}
Returned value:
0x0
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x7fe00000003","dwFlagsAndAttributes":"0x7fe40000000","lpFileName":"\\\\.\\Nsi","dwDesiredAccess":"0x0","dwShareMode":"0x3"}
Returned value:
0x228
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2a8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x29c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetIfEntry2","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e5850
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ac","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2b0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2b4","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x29c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ac","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x29c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ac","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x29c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ac","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2a8","objectName":"System\\Setup","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"System\\Setup","phkResult":"0x2a8"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-shlwapi-l2-1-0.dll"}
Returned value:
0x7fef72a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-shlwapi-l2-1-0.dll"}
Returned value:
0x7fef72a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SHGetValueA","hModule":"shlwapi.dll"}
Returned value:
0x7feff334e50
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2a8","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2a8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x2a8"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cc00","lpType":"0","lpValueName":"ProxyEnable"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cc00","lpType":"0","lpValueName":"ProxyServer"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cc00","lpType":"0","lpValueName":"ProxyOverride"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cc00","lpType":"0","lpValueName":"AutoConfigURL"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"0x12cc08","lpcbData":"0x12cc00","lpType":"0","lpValueName":"AutoDetect"}
Returned value:
0x2
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1","KeyHandle":"0x2a8","TitleIndex":"0x0","CreateDisposition":"0x12c688","Class":"0x12c960"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x1","hKey":"HKEY_CURRENT_USER","dwOptions":"0x0","phkResult":"","lpClass":"0x7fefed3ecf0","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cb9c","lpType":"0","lpValueName":"SavedLegacySettings"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cb28","lpType":"0","lpValueName":"SavedLegacySettings"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1","KeyHandle":"0x2a8","TitleIndex":"0x0","CreateDisposition":"0x12c8e8","Class":"0x12cbc0"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x1","hKey":"HKEY_CURRENT_USER","dwOptions":"0x0","phkResult":"","lpClass":"0x7fefed3ecf0","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cdfc","lpType":"0","lpValueName":"DefaultConnectionSettings"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cd88","lpType":"0","lpValueName":"DefaultConnectionSettings"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x20006","KeyHandle":"0x2a8","TitleIndex":"0x0","CreateDisposition":"0x12c988","Class":"0x12cc60"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x20006","hKey":"HKEY_CURRENT_USER","dwOptions":"0x0","phkResult":"","lpClass":"0x7fefed3ecf0","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegSetValueExW","hModule":"kernel32.dll"}
Returned value:
0x7feff4b4490
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"0","cbData":"0x4","dwType":"4","lpValueName":"ProxyEnable"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegDeleteValueW","hModule":"kernel32.dll"}
Returned value:
0x7feff4aafd0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1","KeyHandle":"0x2a8","TitleIndex":"0x0","CreateDisposition":"0x12c928","Class":"0x12cc00"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x1","hKey":"HKEY_CURRENT_USER","dwOptions":"0x0","phkResult":"","lpClass":"0x7fefed3ecf0","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12ce14","lpType":"0","lpValueName":"SavedLegacySettings"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cdc8","lpType":"0","lpValueName":"SavedLegacySettings"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x2","KeyHandle":"0x29c","TitleIndex":"0x0","CreateDisposition":"0x12c888","Class":"0x12cb60"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x2","hKey":"HKEY_CURRENT_USER","dwOptions":"0x0","phkResult":"","lpClass":"0x7fefed3ecf0","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
Returned value:
0x0
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","lpData":"F","cbData":"0xb8","dwType":"3","lpValueName":"SavedLegacySettings"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"AcquireSRWLockExclusive","hModule":"KernelBase.dll"}
Returned value:
0x772ab920
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ReleaseSRWLockExclusive","hModule":"KernelBase.dll"}
Returned value:
0x772ab8e0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"OLEAUT32.dll"}
Returned value:
0x7feff3c0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"OLEAUT32.dll"}
Returned value:
0x7feff3c0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x4","hModule":null}
Returned value:
0x7feff3c1040
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x7","hModule":null}
Returned value:
0x7feff3c1020
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2a8","objectName":"Domains\\","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"DNSAPI.dll"}
Returned value:
0x7fefc3a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"DNSAPI.dll"}
Returned value:
0x7fefc3a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DnsGetProxyInformation","hModule":"dnsapi.dll"}
Returned value:
0x7fefc3a5f40
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"RPCRT4.dll"}
Returned value:
0x7fefe630000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"RPCRT4.dll"}
Returned value:
0x7fefe630000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"NdrClientCall3","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe70cc90
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcStringBindingComposeW","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe666e40
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcBindingFromStringBindingW","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe667450
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcStringFreeW","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe665830
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcBindingFree","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe6780c0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2a8","objectName":"ProtocolDefaults\\","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ac","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x2ac"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-advapi32-l2-1-0.dll"}
Returned value:
0x7fef8dd0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-advapi32-l2-1-0.dll"}
Returned value:
0x7fef8dd0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertSidToStringSidW","hModule":"sechost.dll"}
Returned value:
0x7feff4bd6d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoInitializeEx","hModule":"ole32.dll"}
Returned value:
0x7fefe1ee5d0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Parental Controls\\users\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x101"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x101","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Parental Controls\\users\\S-1-5-21-4270068108-2931534202-3907561125-1001","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\rpcss.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2ac","objectName":"\\??\\C:\\Windows\\system32\\rpcss.dll"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\rpcss.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2ac","objectName":"\\??\\C:\\Windows\\system32\\rpcss.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CRYPTBASE.dll"}
Returned value:
0x7fefcc40000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CRYPTBASE.dll"}
Returned value:
0x7fefcc40000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SystemFunction036","hModule":"cryptbase.dll"}
Returned value:
0x7fefcc41658
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"EventWrite","hModule":"api-ms-win-eventing-provider-l1-1-0.dll"}
Returned value:
0x772db0f0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2c4","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoCreateInstance","hModule":"ole32.dll"}
Returned value:
0x7fefe1f23a0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2cc","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","DesiredAccess":"0xf"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0xf","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","phkResult":"0x2cc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d0","objectName":"Content","DesiredAccess":"0xf"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","ulOptions":"0x0","samDesired":"0xf","lpSubKey":"Content","phkResult":"0x2d0"}
Returned value:
0x0
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","lpData":"","cbData":"0x2","dwType":"1","lpValueName":"CachePrefix"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\Explorer","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\Explorer","DesiredAccess":"0x1"}
Returned value:
0xc0000034
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CLSIDFromOle1Class","hModule":"ole32.dll"}
Returned value:
0x7fefe1e6d18
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2dc","objectName":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x2de","dwOptions":"0x0","samDesired":"0x2000000","hToken":"0x2d4"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2e0","objectName":"{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"Software\\Microsoft\\COM3","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PropertyBag","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"KnownFolders","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x2d8","samDesired":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2e0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CLBCatQ.DLL"}
Returned value:
0x7fefe130000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CLBCatQ.DLL"}
Returned value:
0x7fefe130000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetCatalogObject","hModule":"clbcatq.dll"}
Returned value:
0x7fefe132294
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetCatalogObject2","hModule":"clbcatq.dll"}
Returned value:
0x7fefe13238c
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2e8","objectName":"{5E6C858F-0E22-4760-9AFE-EA3317B67173}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PropertyBag","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\TreatAs","DesiredAccess":"0x1"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-SDDL-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-SDDL-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertSidToStringSidW","hModule":"sechost.dll"}
Returned value:
0x7fefe40d128
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ec","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemFree","hModule":"ole32.dll"}
Returned value:
0x7fefe1f3780
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\??\\C:\\Users\\azure"}
Returned value:
0xc0000035
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"TreatAs","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\azure"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\azure"}
Returned value:
0x10
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\Progid","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Progid","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_CLASSES\\Wow6432Node\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x20219"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x170a027b002c0046","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local"}
Returned value:
0xc0000035
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Local"}
Returned value:
0x2010
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2e8","objectName":"\\Registry\\Machine\\Software\\Classes\\Wow6432Node\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x20219"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x187b00ca0009","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files"}
Returned value:
0xc0000035
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Wow6432Node\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\Progid","DesiredAccess":"0x201"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Progid","DesiredAccess":"0x201"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files"}
Returned value:
0x2016
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\InprocServer32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2e8","objectName":"InprocServer32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\"}
Returned value:
0x2016
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2e8","objectName":"Cookies","DesiredAccess":"0xf"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","ulOptions":"0x0","samDesired":"0xf","lpSubKey":"Cookies","phkResult":"0x2e8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\InprocHandler32","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History","lpData":"Cookie:","cbData":"0x7fe00000010","dwType":"1","lpValueName":"CachePrefix"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ec","objectName":"{2B0F765D-C0E9-4171-908E-08A611B84FF6}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PropertyBag","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ec","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"KnownFolders","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocHandler32","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\InprocHandler","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocHandler","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"Software\\Microsoft\\OLE","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x2d8","samDesired":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d0","objectName":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x2d2","dwOptions":"0x0","samDesired":"0x2000000","hToken":"0x2ec"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2f0","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\TreatAs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"TreatAs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2f0","objectName":"{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\netprofm.dll"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PropertyBag","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2f0","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2d8","objectName":"\\??\\C:\\Windows\\System32\\netprofm.dll"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"KnownFolders","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2f0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x2f0","samDesired":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\??\\C:\\Users\\azure"}
Returned value:
0xc0000035
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\azure"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\azure"}
Returned value:
0x10
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\nlaapi.dll"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x170a02f50050003a","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming"}
Returned value:
0xc0000035
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Roaming"}
Returned value:
0x2010
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2d8","objectName":"\\??\\C:\\Windows\\System32\\nlaapi.dll"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x19de00de0003","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Cookies"}
Returned value:
0xc0000035
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Cookies"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Cookies"}
Returned value:
0x2016
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\"}
Returned value:
0x2016
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2e8","objectName":"History","DesiredAccess":"0xf"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","ulOptions":"0x0","samDesired":"0xf","lpSubKey":"History","phkResult":"0x2e8"}
Returned value:
0x0
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History","lpData":"Visited:","cbData":"0x7fe00000012","dwType":"1","lpValueName":"CachePrefix"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2f0","objectName":"{D9DC8A3B-B784-432E-A781-5A1130A75963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PropertyBag","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"KnownFolders","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\netprofm.dll"}
Returned value:
0x7fef8de0000
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x2d8","samDesired":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DllGetClassObject","hModule":"zipfldr.dll"}
Returned value:
0x7fef8de7770
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DllCanUnloadNow","hModule":"zipfldr.dll"}
Returned value:
0x7fef8de11b0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ole32.dll"}
Returned value:
0x7fefe1d0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ole32.dll"}
Returned value:
0x7fefe1d0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoCreateInstance","hModule":"ole32.dll"}
Returned value:
0x7fefe1f23a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetAdaptersAddresses","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e2ab4
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x7fefe3a61a0","KeyHandle":"0x2fc","objectName":"\\REGISTRY\\MACHINE\\Software\\Microsoft\\Rpc\\Extensions","DesiredAccess":"0x20019"}
Returned value:
0x0
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"NdrOleInitializeExtension","hModule":"ole32.dll"}
Returned value:
0x7fefe1e58f8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoGetClassObject","hModule":"ole32.dll"}
Returned value:
0x7fefe1fb460
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoGetMarshalSizeMax","hModule":"ole32.dll"}
Returned value:
0x7fefe1f883c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoMarshalInterface","hModule":"ole32.dll"}
Returned value:
0x7fefe1f8358
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoUnmarshalInterface","hModule":"ole32.dll"}
Returned value:
0x7fefe1f7f5c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"StringFromIID","hModule":"ole32.dll"}
Returned value:
0x7fefe2cf7a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoGetPSClsid","hModule":"ole32.dll"}
Returned value:
0x7fefe2fab40
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemAlloc","hModule":"ole32.dll"}
Returned value:
0x7fefe1f37d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemFree","hModule":"ole32.dll"}
Returned value:
0x7fefe1f3780
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoCreateInstance","hModule":"ole32.dll"}
Returned value:
0x7fefe1f23a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoReleaseMarshalData","hModule":"ole32.dll"}
Returned value:
0x7fefe1d5540
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DcomChannelSetHResult","hModule":"ole32.dll"}
Returned value:
0x7fefe1f4bb8
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2f8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2f8","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}\\TreatAs","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"TreatAs","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}\\Progid","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Progid","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\dhcpcsvc6.DLL"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_CLASSES\\Wow6432Node\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}","DesiredAccess":"0x20219"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\dhcpcsvc6.DLL"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"\\Registry\\Machine\\Software\\Classes\\Wow6432Node\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}","DesiredAccess":"0x20219"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2fc","objectName":"\\??\\C:\\Windows\\system32\\dhcpcsvc6.DLL"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Wow6432Node\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}\\Progid","DesiredAccess":"0x201"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Progid","DesiredAccess":"0x201"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"dhcpcsvc6.DLL"}
Returned value:
0x7fefa720000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"dhcpcsvc6.DLL"}
Returned value:
0x7fefa720000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"Dhcpv6QueryLeaseInfo","hModule":"dhcpcsvc6.dll"}
Returned value:
0x7fefa721120
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertInterfaceNameToLuidW","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e1ad0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x200000000","objectName":"\\??\\C:\\Users\\azure"}
Returned value:
0xc0000035
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}\\InprocServer32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocServer32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\azure"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\azure"}
Returned value:
0x10
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x170a03870077002d","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local"}
Returned value:
0xc0000035
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}\\InprocHandler32","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Local"}
Returned value:
0x2010
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x1b4dffff0000","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\History"}
Returned value:
0xc0000035
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\History"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\History"}
Returned value:
0x2016
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocHandler32","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}\\InprocHandler","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\"}
Returned value:
0x2016
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocHandler","DesiredAccess":"0x1"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-LSALookup-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-LSALookup-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"LookupAccountNameLocalW","hModule":"sechost.dll"}
Returned value:
0x7fefe413d8c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetAddrInfoW","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1a23c0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\mswsock.dll"}
Returned value:
0x7fefc520000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSPStartup","hModule":"vsocklib.dll"}
Returned value:
0x7fefc528d60
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x314","objectName":"SYSTEM\\CurrentControlSet\\Services\\Winsock\\Parameters","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x314","objectName":"System\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Winsock","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x314","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Winsock","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x314","objectName":"SYSTEM\\CurrentControlSet\\Services\\Winsock\\Setup Migration\\Providers","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x318","objectName":"Tcpip","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x314","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Winsock","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\wshtcpip.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x318","objectName":"\\??\\C:\\Windows\\System32\\wshtcpip.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\wshtcpip.dll"}
Returned value:
0x7fefbf90000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHOpenSocket","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91814
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHOpenSocket2","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf911d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHJoinLeaf","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91a80
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHNotify","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91850
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHGetSocketInformation","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91180
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHSetSocketInformation","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf9115c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHGetSockaddrType","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91090
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHGetWildcardSockaddr","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91120
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHGetBroadcastSockaddr","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91760
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHAddressToString","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91010
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHStringToAddress","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91420
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHIoctl","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91c10
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x314","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x314","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\mswsock.dll"}
Returned value:
0x7fefc520000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"NSPStartup","hModule":"wshbth.dll"}
Returned value:
0x7fefc546f40
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"DNSAPI.dll"}
Returned value:
0x7fefc3a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"DNSAPI.dll"}
Returned value:
0x7fefc3a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DnsQueryConfigAllocEx","hModule":"dnsapi.dll"}
Returned value:
0x7fefc3a5e98
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters","DesiredAccess":"0x20019","KeyHandle":"0x314","TitleIndex":"0x0","CreateDisposition":"0x3a8dea8","Class":"0x3a8e180"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x318","objectName":"System\\CurrentControlSet\\Services\\DnsCache\\Parameters","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows NT\\DnsClient","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters","DesiredAccess":"0x20019","KeyHandle":"0x318","TitleIndex":"0x0","CreateDisposition":"0x3a8dc78","Class":"0x3a8df50"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x314","objectName":"System\\CurrentControlSet\\Services\\DnsCache\\Parameters","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows NT\\DnsClient","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters","DesiredAccess":"0x20019","KeyHandle":"0x314","TitleIndex":"0x0","CreateDisposition":"0x3a8dc78","Class":"0x3a8df50"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x318","objectName":"System\\CurrentControlSet\\Services\\DnsCache\\Parameters","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows NT\\DnsClient","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\System\\DNSClient","DesiredAccess":"0x1"}
Returned value:
0xc0000034
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DnsNameCompare_W","hModule":"dnsapi.dll"}
Returned value:
0x7fefc3a1090
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DnsApiAlloc","hModule":"dnsapi.dll"}
Returned value:
0x7fefc3a1408
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DnsQueryExW","hModule":"dnsapi.dll"}
Returned value:
0x7fefc3a217c
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetCurrentThreadCompartmentId","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e1098
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x31c","objectName":"System\\CurrentControlSet\\Services\\WinSock2\\Parameters","DesiredAccess":"0xf003f"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\rasadhlp.dll"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\rasadhlp.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x31c","objectName":"\\??\\C:\\Windows\\system32\\rasadhlp.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"rasadhlp.dll"}
Returned value:
0x7fef8bf0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"rasadhlp.dll"}
Returned value:
0x7fef8bf0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSAttemptAutodialAddr","hModule":"rasadhlp.dll"}
Returned value:
0x7fef8bf1c6c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSAttemptAutodialName","hModule":"rasadhlp.dll"}
Returned value:
0x7fef8bf1020
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSNoteSuccessfulHostentLookup","hModule":"rasadhlp.dll"}
Returned value:
0x7fef8bf1ce4
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2081f1aa1","objectName":"\\Device\\RasAcd"}
Returned value:
0xc0000034
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DnsApiFree","hModule":"dnsapi.dll"}
Returned value:
0x7fefc3a13a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"Dhcpv6FreeLeaseInfo","hModule":"dhcpcsvc6.dll"}
Returned value:
0x7fefa72136c
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\dhcpcsvc.DLL"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\dhcpcsvc.DLL"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x31c","objectName":"\\??\\C:\\Windows\\system32\\dhcpcsvc.DLL"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"dhcpcsvc.DLL"}
Returned value:
0x7fefa660000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"dhcpcsvc.DLL"}
Returned value:
0x7fefa660000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DhcpIsEnabled","hModule":"dhcpcsvc.dll"}
Returned value:
0x7fefa6610b0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertInterfaceNameToLuidW","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e1ad0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x320","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x324","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DhcpQueryLeaseInfo","hModule":"dhcpcsvc.dll"}
Returned value:
0x7fefa6614dc
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x328","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"KnownFolders","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x328","objectName":".DEFAULT","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x32c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x328","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DhcpFreeLeaseInfo","hModule":"dhcpcsvc.dll"}
Returned value:
0x7fefa661458
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x308","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x308","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x308","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x308","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x32c","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x32c","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x37af3b0","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x32c","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x32c","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Linkage","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"dhcpcsvc.DLL"}
Returned value:
0x7fefa660000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"dhcpcsvc.DLL"}
Returned value:
0x7fefa660000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DhcpRequestParams","hModule":"dhcpcsvc.dll"}
Returned value:
0x7fefa661608
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertInterfaceGuidToLuid","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e492c
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x328","objectName":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x32a","dwOptions":"0x0","samDesired":"0x2000000","hToken":"0x308"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"AppID\\EncryptFlag.exe","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\Registry\\Machine\\Software\\Classes\\AppID\\EncryptFlag.exe","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"AppID\\EncryptFlag.exe","DesiredAccess":"0x20219"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\Registry\\Machine\\Software\\Classes\\AppID\\EncryptFlag.exe","DesiredAccess":"0x20219"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x328","objectName":"Software\\Microsoft\\OLE\\AppCompat","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x328","objectName":"SOFTWARE\\Microsoft\\OLE","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ADVAPI32.dll"}
Returned value:
0x7feff4a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ADVAPI32.dll"}
Returned value:
0x7feff4a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"LookupAccountSidW","hModule":"advapi32.dll"}
Returned value:
0x7feff4bdad8
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-LSALookup-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-LSALookup-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"LookupAccountSidLocalW","hModule":"sechost.dll"}
Returned value:
0x7fefe41424c
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\CRYPTSP.dll"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\CRYPTSP.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x334","objectName":"\\??\\C:\\Windows\\system32\\CRYPTSP.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CRYPTSP.dll"}
Returned value:
0x7fefc580000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CRYPTSP.dll"}
Returned value:
0x7fefc580000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CryptAcquireContextW","hModule":"cryptsp.dll"}
Returned value:
0x7fefc583b98
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x334","objectName":"SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Strong Cryptographic Provider","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"urlmon.dll"}
Returned value:
0x7fefeb10000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"urlmon.dll"}
Returned value:
0x7fefeb10000
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\rsaenh.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x338","objectName":"\\??\\C:\\Windows\\system32\\rsaenh.dll"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\rsaenh.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x338","objectName":"\\??\\C:\\Windows\\system32\\rsaenh.dll"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\rsaenh.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x338","objectName":"\\??\\C:\\Windows\\system32\\rsaenh.dll"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\rsaenh.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x338","objectName":"\\??\\C:\\Windows\\system32\\rsaenh.dll"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\rsaenh.dll"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x194","hModule":null}
Returned value:
0x7fefeb11ec0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x338","objectName":"\\??\\C:\\Windows\\system32\\rsaenh.dll"}
Returned value:
0x0
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x80","lpFileName":"C:\\Windows\\system32\\rsaenh.dll","dwDesiredAccess":"0x80000000","dwShareMode":"0x1"}
Returned value:
0x338
KernelBase.dll! GetFileSize #file (#3028) EncryptFlag.exe
Arguments:
{"hFile":"0x338"}
Returned value:
0x44aa8
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\rsaenh.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x338","objectName":"\\??\\C:\\Windows\\system32\\rsaenh.dll"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x773c2ee0","KeyHandle":"0x338","objectName":"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x32ed980","KeyHandle":"0x33c","objectName":"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x32ed980","KeyHandle":"0x0","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration","DesiredAccess":"0x1"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\rsaenh.dll"}
Returned value:
0x7fefc280000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\rsaenh.dll"}
Returned value:
0x7fefc280000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPAcquireContext","hModule":"rsaenh.dll"}
Returned value:
0x7fefc28230c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPReleaseContext","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2833c8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGenKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc289a80
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDeriveKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29dbc8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDestroyKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc285530
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPSetKeyParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29f838
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGetKeyParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29fc68
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPExportKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2859e8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPImportKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc285658
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPEncrypt","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29c64c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDecrypt","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29cc1c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPCreateHash","hModule":"rsaenh.dll"}
Returned value:
0x7fefc283a80
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPHashData","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2838b0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPHashSessionKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29d430
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDestroyHash","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2837b0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPSignHash","hModule":"rsaenh.dll"}
Returned value:
0x7fefc288b48
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPVerifySignature","hModule":"rsaenh.dll"}
Returned value:
0x7fefc28701c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGenRandom","hModule":"rsaenh.dll"}
Returned value:
0x7fefc281d3c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGetUserKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2890d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPSetProvParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2a0078
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGetProvParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2a0230
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPSetHashParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc285be8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGetHashParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc283c7c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDuplicateKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2a0a28
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDuplicateHash","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29d948
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x338","objectName":"Software\\Policies\\Microsoft\\Cryptography","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x338","objectName":"Software\\Microsoft\\Cryptography","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Cryptography\\Offload","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ADVAPI32.dll"}
Returned value:
0x7feff4a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ADVAPI32.dll"}
Returned value:
0x7feff4a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"OpenThreadToken","hModule":"KernelBase.dll"}
Returned value:
0x7feff4be168
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"OpenProcessToken","hModule":"KernelBase.dll"}
Returned value:
0x7feff4bd8c0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetTokenInformation","hModule":"KernelBase.dll"}
Returned value:
0x7feff4bd8a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"AllocateAndInitializeSid","hModule":"KernelBase.dll"}
Returned value:
0x7feff4bd83c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"EqualSid","hModule":"KernelBase.dll"}
Returned value:
0x7feff4bda68
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"FreeSid","hModule":"KernelBase.dll"}
Returned value:
0x7feff4bda60
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CRYPTBASE.dll"}
Returned value:
0x7fefcc40000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CRYPTBASE.dll"}
Returned value:
0x7fefcc40000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SystemFunction036","hModule":"cryptbase.dll"}
Returned value:
0x7fefcc41658
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CryptGenRandom","hModule":"cryptsp.dll"}
Returned value:
0x7fefc5853cc
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x338","objectName":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x33a","dwOptions":"0x0","samDesired":"0x2000000","hToken":"0x334"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Interface\\{00000134-0000-0000-C000-000000000046}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x334","objectName":"\\Registry\\Machine\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x338","objectName":"ProxyStubClsid32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x334","objectName":"Software\\Microsoft\\Rpc\\Extensions","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\RpcRtRemote.dll"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\RpcRtRemote.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x334","objectName":"\\??\\C:\\Windows\\system32\\RpcRtRemote.dll"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"I_RpcInitFwImports","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe672bd0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"I_RpcInitImports","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe672840
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"I_RpcVerifierCorruptionExpected","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe6b7190
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"RpcRtRemote.dll"}
Returned value:
0x7fefcd30000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"I_RpcExtInitializeExtensionPoint","hModule":"RpcRtRemote.dll"}
Returned value:
0x7fefcd31460
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x334","objectName":"SYSTEM\\CurrentControlSet\\Services\\BFE","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x45","KeyHandle":"0x334","objectName":"\\Registry\\Machine\\Software\\Microsoft\\SQMClient\\Windows\\DisabledProcesses\\","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0xff","KeyHandle":"0x334","objectName":"\\Registry\\Machine\\Software\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x334","objectName":"\\Registry\\Machine\\Software\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PROTOCOLS\\Name-Space Handler\\","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x344","objectName":"\\Registry\\Machine\\Software\\Classes\\PROTOCOLS\\Name-Space Handler","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CLASSES_ROOT","ulOptions":"0x0","samDesired":"0x2000000","lpSubKey":"PROTOCOLS\\Name-Space Handler\\","phkResult":"0x346"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\PROTOCOLS\\Name-Space Handler","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoGetMarshalSizeMax","hModule":"ole32.dll"}
Returned value:
0x7fefe1f883c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoMarshalInterface","hModule":"ole32.dll"}
Returned value:
0x7fefe1f8358
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoUnmarshalInterface","hModule":"ole32.dll"}
Returned value:
0x7fefe1f7f5c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoReleaseMarshalData","hModule":"ole32.dll"}
Returned value:
0x7fefe1d5540
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoGetClassObject","hModule":"ole32.dll"}
Returned value:
0x7fefe1fb460
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoGetMarshalSizeMax","hModule":"ole32.dll"}
Returned value:
0x7fefe1f883c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoMarshalInterface","hModule":"ole32.dll"}
Returned value:
0x7fefe1f8358
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoUnmarshalInterface","hModule":"ole32.dll"}
Returned value:
0x7fefe1f7f5c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"StringFromIID","hModule":"ole32.dll"}
Returned value:
0x7fefe2cf7a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoGetPSClsid","hModule":"ole32.dll"}
Returned value:
0x7fefe2fab40
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemAlloc","hModule":"ole32.dll"}
Returned value:
0x7fefe1f37d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemFree","hModule":"ole32.dll"}
Returned value:
0x7fefe1f3780
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoCreateInstance","hModule":"ole32.dll"}
Returned value:
0x7fefe1f23a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoReleaseMarshalData","hModule":"ole32.dll"}
Returned value:
0x7fefe1d5540
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DcomChannelSetHResult","hModule":"ole32.dll"}
Returned value:
0x7fefe1f4bb8
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x354","objectName":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x356","dwOptions":"0x0","samDesired":"0x2000000","hToken":"0x350"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Interface\\{D0074FFD-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x350","objectName":"\\Registry\\Machine\\Software\\Classes\\Interface\\{D0074FFD-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Interface\\{D0074FFD-570F-4A9B-8D69-199FDBA5723B}\\ProxyStubClsid32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x354","objectName":"ProxyStubClsid32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Interface\\{D0074FFD-570F-4A9B-8D69-199FDBA5723B}\\ProxyStubClsid32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x358","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\TreatAs","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"TreatAs","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\Progid","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Progid","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_CLASSES\\Wow6432Node\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}","DesiredAccess":"0x20219"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x350","objectName":"\\Registry\\Machine\\Software\\Classes\\Wow6432Node\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}","DesiredAccess":"0x20219"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Wow6432Node\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\Progid","DesiredAccess":"0x201"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Progid","DesiredAccess":"0x201"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocServer32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x350","objectName":"InprocServer32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler32","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocHandler32","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\InprocHandler","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocHandler","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x350","objectName":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x352","dwOptions":"0x0","samDesired":"0x2000000","hToken":"0x358"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x358","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\\TreatAs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"TreatAs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\npmproxy.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2ec","objectName":"\\??\\C:\\Windows\\System32\\npmproxy.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\npmproxy.dll"}
Returned value:
0x7fef7e00000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DllGetClassObject","hModule":"zipfldr.dll"}
Returned value:
0x7fef7e05b24
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DllCanUnloadNow","hModule":"zipfldr.dll"}
Returned value:
0x7fef7e05b6c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoInternetCreateSecurityManager","hModule":"urlmon.dll"}
Returned value:
0x7fefeb12680
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoInternetCreateZoneManager","hModule":"urlmon.dll"}
Returned value:
0x7fefeb11f00
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x358","objectName":"Microsoft\\Internet Explorer\\Security","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Internet Explorer\\Security","phkResult":"0x358"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Security","lpData":"0x3c0ed00","lpcbData":"0x3c0e9d4","lpType":"0","lpValueName":"DisableSecuritySettingsCheck"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x358","objectName":"Microsoft\\Internet Explorer\\Security","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Internet Explorer\\Security","phkResult":"0x358"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Security","lpData":"0x3c0ed00","lpcbData":"0x3c0e9d4","lpType":"0","lpValueName":"DisableSecuritySettingsCheck"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x354","objectName":"Microsoft\\Internet Explorer\\Security","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Internet Explorer\\Security","phkResult":"0x354"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"\\Registry\\Machine\\Software\\Classes\\Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}","lpData":"0x3c0ecc0","lpcbData":"0x3c0e994","lpType":"0","lpValueName":"DisableSecuritySettingsCheck"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x354","objectName":"Microsoft\\Internet Explorer\\Security","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Internet Explorer\\Security","phkResult":"0x354"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"\\Registry\\Machine\\Software\\Classes\\Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}","lpData":"0x3c0ecc0","lpcbData":"0x3c0e994","lpType":"0","lpValueName":"DisableSecuritySettingsCheck"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x354","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x308","objectName":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x30a","dwOptions":"0x0","samDesired":"0x2000000","hToken":"0x354"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Interface\\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x354","objectName":"\\Registry\\Machine\\Software\\Classes\\Interface\\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Interface\\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\\ProxyStubClsid32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x308","objectName":"ProxyStubClsid32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Interface\\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\\ProxyStubClsid32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x308","objectName":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x30a","dwOptions":"0x0","samDesired":"0x2000000","hToken":"0x354"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x354","objectName":"\\Registry\\Machine\\Software\\Classes\\Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\\ProxyStubClsid32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x308","objectName":"ProxyStubClsid32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\\ProxyStubClsid32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"OLEAUT32.dll"}
Returned value:
0x7feff3c0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"OLEAUT32.dll"}
Returned value:
0x7feff3c0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x8","hModule":null}
Returned value:
0x7feff3c11e0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x9","hModule":null}
Returned value:
0x7feff3c1180
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetAddrInfoExW","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1abe40
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x35c","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x35c","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x360","objectName":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x362","dwOptions":"0x0","samDesired":"0x2000000","hToken":"0x35c"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Interface\\{55272A00-42CB-11CE-8135-00AA004BB851}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x35c","objectName":"\\Device\\RasAcd"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x35c","objectName":"\\Registry\\Machine\\Software\\Classes\\Interface\\{55272A00-42CB-11CE-8135-00AA004BB851}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Interface\\{55272A00-42CB-11CE-8135-00AA004BB851}\\ProxyStubClsid32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x360","objectName":"ProxyStubClsid32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Interface\\{55272A00-42CB-11CE-8135-00AA004BB851}\\ProxyStubClsid32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x35c","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\TreatAs","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"TreatAs","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\Progid","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Progid","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_CLASSES\\Wow6432Node\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}","DesiredAccess":"0x20219"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x360","objectName":"\\Registry\\Machine\\Software\\Classes\\Wow6432Node\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}","DesiredAccess":"0x20219"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Wow6432Node\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\Progid","DesiredAccess":"0x201"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Progid","DesiredAccess":"0x201"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\InprocServer32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x360","objectName":"InprocServer32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\InprocServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\InprocServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\InprocServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\InprocServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\InprocHandler32","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocHandler32","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\InprocHandler","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocHandler","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x360","objectName":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x362","dwOptions":"0x0","samDesired":"0x2000000","hToken":"0x35c"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x35c","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\TreatAs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"TreatAs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\oleaut32.dll"}
Returned value:
0x7feff3c0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DllGetClassObject","hModule":"zipfldr.dll"}
Returned value:
0x7feff41c310
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DllCanUnloadNow","hModule":"zipfldr.dll"}
Returned value:
0x7feff3c1230
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ADVAPI32.dll"}
Returned value:
0x7feff4a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ADVAPI32.dll"}
Returned value:
0x7feff4a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegOpenKeyW","hModule":"advapi32.dll"}
Returned value:
0x7feff4b55a0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\OleAut","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
advapi32.dll! RegOpenKeyW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","lpSubKey":"Software\\Microsoft\\OleAut","phkResult":"0x0"}
Returned value:
0x2
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DnsFree","hModule":"dnsapi.dll"}
Returned value:
0x7fefc3a1e80
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\fwpuclnt.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x35c","objectName":"\\??\\C:\\Windows\\System32\\fwpuclnt.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\fwpuclnt.dll"}
Returned value:
0x7fefa770000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"NamespaceCallout","hModule":"FWPUCLNT.DLL"}
Returned value:
0x7fefa7711f0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x36c","objectName":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x36e","dwOptions":"0x0","samDesired":"0x2000000","hToken":"0x368"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Interface\\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x368","objectName":"\\Registry\\Machine\\Software\\Classes\\Interface\\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Interface\\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\\ProxyStubClsid32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x370","objectName":"ProxyStubClsid32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Interface\\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\\ProxyStubClsid32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2ec","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ec","objectName":"\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2ec","objectName":"\\??\\C:\\Windows\\system32\\WININET.dll"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x368","objectName":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x36a","dwOptions":"0x0","samDesired":"0x2000000","hToken":"0x36c"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Interface\\{2A1C9EB2-DF62-4154-B800-63278FCB8037}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x36c","objectName":"\\Registry\\Machine\\Software\\Classes\\Interface\\{2A1C9EB2-DF62-4154-B800-63278FCB8037}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Interface\\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\\ProxyStubClsid32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x368","objectName":"ProxyStubClsid32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Interface\\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\\ProxyStubClsid32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertInterfaceGuidToLuid","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e492c
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x28c0000","KeyHandle":"0x0","objectName":"\\Registry\\Machine\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\AssemblyStorageRoots","DesiredAccess":"0x8"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\EncryptFlag.exe.Local\\"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_e372d88f30fbb845"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2ec","objectName":"\\??\\C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_e372d88f30fbb845"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_e372d88f30fbb845\\Comctl32.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x368","objectName":"\\??\\C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_e372d88f30fbb845\\Comctl32.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x36c","objectName":"\\??\\C:\\Windows\\WindowsShell.Manifest"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x378","objectName":"\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"LpkEditControl","hModule":"lpk.dll"}
Returned value:
0x7feff3ba050
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"Comctl32.dll"}
Returned value:
0x7fefb450000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetIpForwardTable2","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e61b4
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\ws2_32"}
Returned value:
0x7fefd1a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\ws2_32"}
Returned value:
0x7fefd1a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"getaddrinfo","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1a2720
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"getaddrinfo","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1a2720
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetIpNetEntry2","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e62d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"getnameinfo","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1ae250
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"freeaddrinfo","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1a2640
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x70","hModule":null}
Returned value:
0x7fefd1ad040
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x9","hModule":null}
Returned value:
0x7fefd1a1250
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0xf","hModule":null}
Returned value:
0x7fefd1a1250
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSASocketA","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1a2010
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x374","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x7","hModule":null}
Returned value:
0x7fefd1ce190
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"FreeMibTable","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e5710
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\wshtcpip.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\wshtcpip.dll"}
Returned value:
0x7fefbf90000
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x36c","objectName":"\\Registry\\Machine\\Software\\Microsoft\\Windows\\Windows Error Reporting\\WMR","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\wshtcpip.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\wshtcpip.dll"}
Returned value:
0x7fefbf90000
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\wshtcpip.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\wshtcpip.dll"}
Returned value:
0x7fefbf90000
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\wship6.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\wship6.dll"}
Returned value:
0x7fefc510000
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\wship6.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\wship6.dll"}
Returned value:
0x7fefc510000
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\wship6.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\wship6.dll"}
Returned value:
0x7fefc510000
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\wshqos.dll"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x36c","objectName":"\\??\\C:\\Windows\\System32\\wshqos.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\wshqos.dll"}
Returned value:
0x7fef4530002
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\wshqos.dll"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x36c","objectName":"\\??\\C:\\Windows\\System32\\wshqos.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\wshqos.dll"}
Returned value:
0x7fef41b0002
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\wshqos.dll"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x36c","objectName":"\\??\\C:\\Windows\\System32\\wshqos.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\wshqos.dll"}
Returned value:
0x7fef4530002
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\wshqos.dll"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x36c","objectName":"\\??\\C:\\Windows\\System32\\wshqos.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\wshqos.dll"}
Returned value:
0x7fef41b0002
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x2","hModule":null}
Returned value:
0x7fefd1a1f00
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x6","hModule":null}
Returned value:
0x7fefd1a9150
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"StringFromIID","hModule":"ole32.dll"}
Returned value:
0x7fefe2cf7a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x5","hModule":null}
Returned value:
0x7fefd1ce3e0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"EnumerateSecurityPackagesA","hModule":"sspicli.dll"}
Returned value:
0x7fefcbc57c0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoUninitialize","hModule":"ole32.dll"}
Returned value:
0x7fefe1ecfc8
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad","DesiredAccess":"0x2001f","KeyHandle":"0x36c","TitleIndex":"0x0","CreateDisposition":"0x32eee58","Class":"0x32ef130"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x2001f","hKey":"HKEY_CURRENT_USER","dwOptions":"0x0","phkResult":"","lpClass":"0x0","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{2B41894A-B8B7-4E14-A86A-FAD06E822145}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"{2B41894A-B8B7-4E14-A86A-FAD06E822145}","phkResult":"0x0"}
Returned value:
0x2
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"OLEAUT32.dll"}
Returned value:
0x7feff3c0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"OLEAUT32.dll"}
Returned value:
0x7feff3c0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x1f4","hModule":null}
Returned value:
0x7feff3c3530
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x378","objectName":"System\\CurrentControlSet\\Control\\LsaExtensionConfig\\SspiCli","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"cryptsp.dll"}
Returned value:
0x7fefc580000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"cryptsp.dll"}
Returned value:
0x7fefc580000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SystemFunction035","hModule":"cryptsp.dll"}
Returned value:
0x7fefc588958
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x380","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CLSID\\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x380","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\\TreatAs","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"TreatAs","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\\Progid","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x384","objectName":"Progid","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\\ProgID","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\\Progid","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x384","objectName":"Progid","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\\ProgID","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\\InprocServer32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x384","objectName":"InprocServer32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\\InprocServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\\InprocServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\\InprocServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\\InprocServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\\InprocHandler32","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocHandler32","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\\InprocHandler","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocHandler","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x388","objectName":"System\\CurrentControlSet\\Control\\SecurityProviders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\credssp.dll"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\credssp.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x388","objectName":"\\??\\C:\\Windows\\system32\\credssp.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"credssp.dll"}
Returned value:
0x7fefc1d0000
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x388","objectName":"System\\CurrentControlSet\\Control\\Lsa\\SspiCache","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x38c","objectName":"credssp.dll","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x38c","objectName":"System\\CurrentControlSet\\Control\\SecurityProviders\\SaslProfiles","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"AcquireCredentialsHandleA","hModule":"sspicli.dll"}
Returned value:
0x7fefcbc5444
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\schannel.DLL"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x38c","objectName":"\\??\\C:\\Windows\\system32\\schannel.DLL"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\schannel.DLL"}
Returned value:
0x7fefc310000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SpUserModeInitialize","hModule":"wdigest.dll"}
Returned value:
0x7fefc3164a0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ADVAPI32.dll"}
Returned value:
0x7feff4a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ADVAPI32.dll"}
Returned value:
0x7feff4a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegCreateKeyExW","hModule":"kernel32.dll"}
Returned value:
0x7feff4bd5f0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"System\\CurrentControlSet\\Control\\SecurityProviders\\Schannel","DesiredAccess":"0x20019","KeyHandle":"0x394","TitleIndex":"0x0","CreateDisposition":"0x3c0e438","Class":"0x3c0e710"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x7fe00020019","hKey":"HKEY_LOCAL_MACHINE","dwOptions":"0x7fe00000000","phkResult":"","lpClass":"0x7fefc355060","lpSubKey":"System\\CurrentControlSet\\Control\\SecurityProviders\\Schannel"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegQueryValueExW","hModule":"kernel32.dll"}
Returned value:
0x7feff4be6f0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"System\\CurrentControlSet\\Control\\SecurityProviders\\Schannel","lpData":"0x3c0e8f0","lpcbData":"0x3c0e8e0","lpType":"0","lpValueName":"UserContextLockCount"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"System\\CurrentControlSet\\Control\\SecurityProviders\\Schannel","lpData":"0x3c0e8f8","lpcbData":"0x3c0e8e0","lpType":"0","lpValueName":"UserContextListCount"}
Returned value:
0x2
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegCloseKey","hModule":"kernel32.dll"}
Returned value:
0x7feff4c4240
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"FreeContextBuffer","hModule":"sspicli.dll"}
Returned value:
0x7fefcbb1a90
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CertDuplicateStore","hModule":"crypt32.dll"}
Returned value:
0x7fefcfb1660
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CertControlStore","hModule":"crypt32.dll"}
Returned value:
0x7fefcfa86e8
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x3dc","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x3e0","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x3e0","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x3e0","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CertCloseStore","hModule":"crypt32.dll"}
Returned value:
0x7fefcf99290
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"InitializeSecurityContextA","hModule":"sspicli.dll"}
Returned value:
0x7fefcbc56e0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSASend","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1a13b0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSARecv","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1a2200
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3e4","objectName":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x3e6","dwOptions":"0x0","samDesired":"0x2000000","hToken":"0x3e0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Interface\\{B06B0CE5-689B-4AFD-B326-0A08A1A647AF}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3e0","objectName":"\\Registry\\Machine\\Software\\Classes\\Interface\\{B06B0CE5-689B-4AFD-B326-0A08A1A647AF}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Interface\\{B06B0CE5-689B-4AFD-B326-0A08A1A647AF}\\ProxyStubClsid32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3e4","objectName":"ProxyStubClsid32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Interface\\{B06B0CE5-689B-4AFD-B326-0A08A1A647AF}\\ProxyStubClsid32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3e0","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\TreatAs","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"TreatAs","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\Progid","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Progid","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_CLASSES\\Wow6432Node\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}","DesiredAccess":"0x20219"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3e4","objectName":"\\Registry\\Machine\\Software\\Classes\\Wow6432Node\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}","DesiredAccess":"0x20219"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Wow6432Node\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\Progid","DesiredAccess":"0x201"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Progid","DesiredAccess":"0x201"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\InprocServer32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3e4","objectName":"InprocServer32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\InprocHandler32","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocHandler32","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\InprocHandler","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocHandler","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3e4","objectName":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x3e6","dwOptions":"0x0","samDesired":"0x2000000","hToken":"0x3e0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3e0","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\TreatAs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"TreatAs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\wininet.dll"}
Returned value:
0x7fefeca0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DllGetClassObject","hModule":"zipfldr.dll"}
Returned value:
0x7fefed2b6e0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DllCanUnloadNow","hModule":"zipfldr.dll"}
Returned value:
0x7fefed2a0a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoSetProxyBlanket","hModule":"ole32.dll"}
Returned value:
0x7fefe203da0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ole32.dll"}
Returned value:
0x7fefe1d0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ole32.dll"}
Returned value:
0x7fefe1d0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ObjectStublessClient10","hModule":"ole32.dll"}
Returned value:
0x7fefe20aee0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"secur32.dll"}
Returned value:
0x7fefc9f0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"FreeContextBuffer","hModule":"sspicli.dll"}
Returned value:
0x7fefcbb1a90
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\ncrypt.dll"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\ncrypt.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x3e8","objectName":"\\??\\C:\\Windows\\system32\\ncrypt.dll"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\msasn1","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ncrypt.dll"}
Returned value:
0x7fefc750000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ncrypt.dll"}
Returned value:
0x7fefc750000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SslOpenProvider","hModule":"ncrypt.dll"}
Returned value:
0x7fefc7577c0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetSChannelInterface","hModule":"ncrypt.dll"}
Returned value:
0x7fefc7576b0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\bcryptprimitives.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x3f0","objectName":"\\??\\C:\\Windows\\system32\\bcryptprimitives.dll"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x773c2ee0","KeyHandle":"0x3f0","objectName":"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x3c0e740","KeyHandle":"0x3f4","objectName":"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x3c0e740","KeyHandle":"0x0","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x3c0e740","KeyHandle":"0x3f4","objectName":"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x3c0e740","KeyHandle":"0x3f0","objectName":"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x3c0e740","KeyHandle":"0x0","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x3c0e740","KeyHandle":"0x3f0","objectName":"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x3c0e740","KeyHandle":"0x3f4","objectName":"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x3c0e740","KeyHandle":"0x0","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x3c0e740","KeyHandle":"0x3f4","objectName":"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x3c0e740","KeyHandle":"0x3f0","objectName":"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x3c0e740","KeyHandle":"0x0","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration","DesiredAccess":"0x1"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\bcryptprimitives.dll"}
Returned value:
0x7fefc690000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetHashInterface","hModule":"bcryptprimitives.dll"}
Returned value:
0x7fefc697c60
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetHashInterface","hModule":"bcryptprimitives.dll"}
Returned value:
0x7fefc697c60
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetHashInterface","hModule":"bcryptprimitives.dll"}
Returned value:
0x7fefc697c60
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetHashInterface","hModule":"bcryptprimitives.dll"}
Returned value:
0x7fefc697c60
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SslIncrementProviderReferenceCount","hModule":"ncrypt.dll"}
Returned value:
0x7fefc752600
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SslImportKey","hModule":"ncrypt.dll"}
Returned value:
0x7fefc7572d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetCipherInterface","hModule":"bcryptprimitives.dll"}
Returned value:
0x7fefc69e5b0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"QueryContextAttributesA","hModule":"sspicli.dll"}
Returned value:
0x7fefcbc5900
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3f0","objectName":"Software\\Microsoft\\Cryptography\\OID","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3f4","objectName":"EncodingType 0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CryptDllDecodeObjectEx","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3f4","objectName":"EncodingType 1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3f8","objectName":"CryptDllDecodeObjectEx","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3fc","objectName":"1.2.840.113549.1.9.16.1.1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3fc","objectName":"1.2.840.113549.1.9.16.2.1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3fc","objectName":"1.2.840.113549.1.9.16.2.11","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3fc","objectName":"1.2.840.113549.1.9.16.2.12","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3fc","objectName":"1.2.840.113549.1.9.16.2.2","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3fc","objectName":"1.2.840.113549.1.9.16.2.3","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x3fc","objectName":"1.2.840.113549.1.9.16.2.4","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CertDuplicateCertificateContext","hModule":"crypt32.dll"}
Returned value:
0x7fefcf9e8cc
ntdll.dll! NtCreateMutant #native (#3028) EncryptFlag.exe
Arguments:
{"DesiredAccess":"0x1f0001","objectName":null,"MutantHandle":"0x3c0e318"}
Returned value:
0x0
KernelBase.dll! CreateMutexA #mutex (#3028) EncryptFlag.exe
Arguments:
{"lpName":null}
Returned value:
0x3f0
ntdll.dll! NtCreateMutant #native (#3028) EncryptFlag.exe
Arguments:
{"DesiredAccess":"0x1f0001","objectName":null,"MutantHandle":"0x3c0e318"}
Returned value:
0x0
KernelBase.dll! CreateMutexA #mutex (#3028) EncryptFlag.exe
Arguments:
{"lpName":null}
Returned value:
0x3f8
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"WINTRUST.dll"}
Returned value:
0x7fefcf40000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"WINTRUST.dll"}
Returned value:
0x7fefcf40000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinVerifyTrust","hModule":"wintrust.dll"}
Returned value:
0x7fefcf41010
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x408","objectName":"Software\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x408","objectName":"Software\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x408","objectName":"Software\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x408","objectName":"Software\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x408","objectName":"Software\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x408","objectName":"Software\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Cryptography\\Providers\\Trust\\DiagnosticPolicy\\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x408","objectName":"Software\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"HTTPSCertificateTrust","hModule":"wintrust.dll"}
Returned value:
0x7fefcf5a62c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"HTTPSFinalProv","hModule":"wintrust.dll"}
Returned value:
0x7fefcf5a980
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SoftpubInitialize","hModule":"wintrust.dll"}
Returned value:
0x7fefcf428a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SoftpubLoadMessage","hModule":"wintrust.dll"}
Returned value:
0x7fefcf42b78
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SoftpubLoadSignature","hModule":"wintrust.dll"}
Returned value:
0x7fefcf42540
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SoftpubCheckCert","hModule":"wintrust.dll"}
Returned value:
0x7fefcf46014
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SoftpubCleanup","hModule":"wintrust.dll"}
Returned value:
0x7fefcf42268
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CRYPTSP.dll"}
Returned value:
0x7fefc580000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CRYPTSP.dll"}
Returned value:
0x7fefc580000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CryptAcquireContextA","hModule":"cryptsp.dll"}
Returned value:
0x7fefc583ca8
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x408","objectName":"SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Enhanced RSA and AES Cryptographic Provider","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPAcquireContext","hModule":"rsaenh.dll"}
Returned value:
0x7fefc28230c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPReleaseContext","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2833c8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGenKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc289a80
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDeriveKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29dbc8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDestroyKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc285530
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPSetKeyParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29f838
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGetKeyParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29fc68
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPExportKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2859e8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPImportKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc285658
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPEncrypt","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29c64c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDecrypt","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29cc1c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPCreateHash","hModule":"rsaenh.dll"}
Returned value:
0x7fefc283a80
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPHashData","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2838b0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPHashSessionKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29d430
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDestroyHash","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2837b0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPSignHash","hModule":"rsaenh.dll"}
Returned value:
0x7fefc288b48
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPVerifySignature","hModule":"rsaenh.dll"}
Returned value:
0x7fefc28701c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGenRandom","hModule":"rsaenh.dll"}
Returned value:
0x7fefc281d3c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGetUserKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2890d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPSetProvParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2a0078
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGetProvParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2a0230
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPSetHashParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc285be8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGetHashParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc283c7c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDuplicateKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2a0a28
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDuplicateHash","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29d948
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"Software\\Microsoft\\Cryptography","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Cryptography\\Offload","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Cryptography\\DESHashSessionKeyBackward","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x408","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\WinTrust\\Trust Providers\\Software Publishing","DesiredAccess":"0x20019","KeyHandle":"0x40c","TitleIndex":"0x0","CreateDisposition":"0x3c0e508","Class":"0x3c0e7e0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x408","objectName":"Software\\Microsoft\\Internet Explorer\\Security","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x408","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\AuthRoot","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x408","objectName":"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\ChainEngine\\Config","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"Default","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\My\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\My","DesiredAccess":"0x3001f","KeyHandle":"0x410","TitleIndex":"0x0","CreateDisposition":"0x3c0deb8","Class":"0x3c0e190"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x410","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"Software\\Microsoft\\SystemCertificates\\My","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x410","objectName":"0x3c0e020","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x414","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x414","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x414","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Keys","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\CA\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\CA","DesiredAccess":"0x3001f","KeyHandle":"0x414","TitleIndex":"0x0","CreateDisposition":"0x3c0deb8","Class":"0x3c0e190"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x414","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\CA","DesiredAccess":"0x3001f","KeyHandle":"0x40c","TitleIndex":"0x0","CreateDisposition":"0x3c0dcc8","Class":"0x3c0dfa0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x414","objectName":"0x3c0e020","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x418","TitleIndex":"0x0","CreateDisposition":"0x3c0dc58","Class":"0x3c0df30"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x418","TitleIndex":"0x0","CreateDisposition":"0x3c0dc58","Class":"0x3c0df30"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x418","TitleIndex":"0x0","CreateDisposition":"0x3c0dc58","Class":"0x3c0df30"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x418","objectName":"0x3c0dcb0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\CA","DesiredAccess":"0x3001f","KeyHandle":"0x40c","TitleIndex":"0x0","CreateDisposition":"0x3c0d928","Class":"0x3c0dc00"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x41c","TitleIndex":"0x0","CreateDisposition":"0x3c0d8b8","Class":"0x3c0db90"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x41c","TitleIndex":"0x0","CreateDisposition":"0x3c0d8b8","Class":"0x3c0db90"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x41c","TitleIndex":"0x0","CreateDisposition":"0x3c0d8b8","Class":"0x3c0db90"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\CA\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\CA","DesiredAccess":"0x3001f","KeyHandle":"0x40c","TitleIndex":"0x0","CreateDisposition":"0x3c0db48","Class":"0x3c0de20"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\CA","DesiredAccess":"0x3001f","KeyHandle":"0x40c","TitleIndex":"0x0","CreateDisposition":"0x3c0d958","Class":"0x3c0dc30"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x41c","objectName":"0x3c0dcb0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x420","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x424","objectName":"109F1CAED645BB78B3EA2B94C0697C740733031C","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x424","objectName":"D559A586669B08F46A30A133F8A9ED3D038E2EA8","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x424","objectName":"FEE449EE0E3965A5246F000E87FDE2A065FD89D4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x420","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x424","objectName":"A377D1B1C0538833035211F4083D00FECC414DAB","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x420","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\CA","DesiredAccess":"0x3001f","KeyHandle":"0x40c","TitleIndex":"0x0","CreateDisposition":"0x3c0d5b8","Class":"0x3c0d890"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x420","TitleIndex":"0x0","CreateDisposition":"0x3c0d548","Class":"0x3c0d820"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x420","TitleIndex":"0x0","CreateDisposition":"0x3c0d548","Class":"0x3c0d820"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x420","TitleIndex":"0x0","CreateDisposition":"0x3c0d548","Class":"0x3c0d820"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\EnterpriseCertificates\\CA\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\EnterpriseCertificates\\CA","DesiredAccess":"0x3001f","KeyHandle":"0x40c","TitleIndex":"0x0","CreateDisposition":"0x3c0d7d8","Class":"0x3c0dab0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\EnterpriseCertificates\\CA","DesiredAccess":"0x3001f","KeyHandle":"0x40c","TitleIndex":"0x0","CreateDisposition":"0x3c0d5e8","Class":"0x3c0d8c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x420","objectName":"0x3c0d940","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x424","TitleIndex":"0x0","CreateDisposition":"0x3c0d578","Class":"0x3c0d850"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x424","TitleIndex":"0x0","CreateDisposition":"0x3c0d578","Class":"0x3c0d850"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x424","TitleIndex":"0x0","CreateDisposition":"0x3c0d578","Class":"0x3c0d850"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\Disallowed\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\Disallowed","DesiredAccess":"0x3001f","KeyHandle":"0x424","TitleIndex":"0x0","CreateDisposition":"0x3c0deb8","Class":"0x3c0e190"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x424","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x424","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\Disallowed","DesiredAccess":"0x3001f","KeyHandle":"0x40c","TitleIndex":"0x0","CreateDisposition":"0x3c0dcc8","Class":"0x3c0dfa0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x424","objectName":"0x3c0e020","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x428","TitleIndex":"0x0","CreateDisposition":"0x3c0dc58","Class":"0x3c0df30"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x428","TitleIndex":"0x0","CreateDisposition":"0x3c0dc58","Class":"0x3c0df30"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x428","TitleIndex":"0x0","CreateDisposition":"0x3c0dc58","Class":"0x3c0df30"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x428","objectName":"0x3c0dcb0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed","DesiredAccess":"0x3001f","KeyHandle":"0x40c","TitleIndex":"0x0","CreateDisposition":"0x3c0d928","Class":"0x3c0dc00"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x42c","TitleIndex":"0x0","CreateDisposition":"0x3c0d8b8","Class":"0x3c0db90"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x42c","TitleIndex":"0x0","CreateDisposition":"0x3c0d8b8","Class":"0x3c0db90"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x42c","TitleIndex":"0x0","CreateDisposition":"0x3c0d8b8","Class":"0x3c0db90"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\Disallowed\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\Disallowed","DesiredAccess":"0x3001f","KeyHandle":"0x40c","TitleIndex":"0x0","CreateDisposition":"0x3c0db48","Class":"0x3c0de20"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\TrustedPublisher\\Safer","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\Disallowed","DesiredAccess":"0x3001f","KeyHandle":"0x40c","TitleIndex":"0x0","CreateDisposition":"0x3c0d958","Class":"0x3c0dc30"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x42c","objectName":"0x3c0dcb0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x430","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"1916A2AF346D399F50313C393200F14140456616","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"2A83E9020591A55FC6DDAD3FB102794C52B24E70","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"2B84BFBB34EE2EF949FE1CBE30AA026416EB2216","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"3A850044D8A195CD401A680C012CB0A3B5F8DC08","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"40AA38731BD189F9CDB5B9DC35E2136F38777AF4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"43D9BCB568E039D073A74A71D8511F7476089CC3","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"471C949A8143DB5AD5CDF1C972864A2504FA23C9","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"61793FCBFA4F9008309BBA5FF12D2CB29CD4151A","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"63FEAE960BAA91E343CE2BD8B71798C76BDB77D0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"6431723036FD26DEA502792FA595922493030F97","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"7D7F4414CCEF168ADF6BF40753B5BECD78375931","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"80962AE4D6C5B442894E95A13E4A699E07D694CF","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"86E817C81A5CA672FE000F36F878C19518D6F844","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"8E5BD50D6AE686D65252F843A9D4B96D197730AB","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"9845A431D51959CAF225322B4A4FE9F223CE6D15","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"B533345D06F64516403C00DA03187D3BFEF59156","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"B86E791620F759F17B8D25E38CA8BE32E7D5EAC2","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"C060ED44CBD881BD0EF86C0BA287DDCF8167478C","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"CEA586B2CE593EC7D939898337C57814708AB2BE","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"D018B62DC518907247DF50925BB09ACF4A5CB3AD","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"F8A54E03AADC5692B850496A4C4630FFEAA29D83","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"FA6660A94AB45F6A88C0D7874D89A863D74DEE97","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x430","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x430","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed","DesiredAccess":"0x3001f","KeyHandle":"0x40c","TitleIndex":"0x0","CreateDisposition":"0x3c0d5b8","Class":"0x3c0d890"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x430","TitleIndex":"0x0","CreateDisposition":"0x3c0d548","Class":"0x3c0d820"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x430","TitleIndex":"0x0","CreateDisposition":"0x3c0d548","Class":"0x3c0d820"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x430","TitleIndex":"0x0","CreateDisposition":"0x3c0d548","Class":"0x3c0d820"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\EnterpriseCertificates\\Disallowed\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\EnterpriseCertificates\\Disallowed","DesiredAccess":"0x3001f","KeyHandle":"0x40c","TitleIndex":"0x0","CreateDisposition":"0x3c0d7d8","Class":"0x3c0dab0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\EnterpriseCertificates\\Disallowed","DesiredAccess":"0x3001f","KeyHandle":"0x40c","TitleIndex":"0x0","CreateDisposition":"0x3c0d5e8","Class":"0x3c0d8c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x430","objectName":"0x3c0d940","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d578","Class":"0x3c0d850"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d578","Class":"0x3c0d850"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d578","Class":"0x3c0d850"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\Root\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\Root","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0deb8","Class":"0x3c0e190"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\Root","DesiredAccess":"0x3001f","KeyHandle":"0x40c","TitleIndex":"0x0","CreateDisposition":"0x3c0dcc8","Class":"0x3c0dfa0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x438","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x43c","objectName":"Software\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x438","objectName":"0x3c0e020","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x43c","TitleIndex":"0x0","CreateDisposition":"0x3c0dc58","Class":"0x3c0df30"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x43c","TitleIndex":"0x0","CreateDisposition":"0x3c0dc58","Class":"0x3c0df30"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x43c","TitleIndex":"0x0","CreateDisposition":"0x3c0dc58","Class":"0x3c0df30"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x43c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-SDDL-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-SDDL-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertStringSidToSidW","hModule":"sechost.dll"}
Returned value:
0x7fefe40d1d4
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x440","objectName":"Software\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\Root\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\Root","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0db48","Class":"0x3c0de20"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\Root","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d958","Class":"0x3c0dc30"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x40c","objectName":"0x3c0dcb0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x43c","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x440","objectName":"18F7C1FCC3090203FD5BAA2F861A754976C8DD25","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x440","objectName":"245C97DF7514E7CF2DF8BE72AE957B9E04741E85","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x440","objectName":"3B1EFD3A66EA28B16697394703A72CA340A05BD5","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x440","objectName":"7F88CD7223F3C813818C994614A89C99FA3B5247","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x440","objectName":"8F43288AD272F3103B6FB1428485EA3014C0BCFE","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x440","objectName":"A43489159A520F0D93D032CCAF37E7FE20A8B419","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x440","objectName":"BE36A4562FB2EE05DBB3D32323ADF445084ED656","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x440","objectName":"CDD4EEAE6000AC7F40C3802C171E30148030C072","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x43c","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x43c","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\AuthRoot","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d958","Class":"0x3c0dc30"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x43c","objectName":"0x3c0dcb0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x440","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"07E032E020B72C3F192F0628A2593A19A70F069E","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"2796BAE63F1801E277261BA0D77770028F20EEE4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"4F65566336DB6598581D584A596C87934D5F2AB4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"742C3192E607E424EB4549542BE1BBC53E6174E2","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"97817950D81C9670CC34D809CF794431367EF474","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"AD7E1C28B064EF8F6003402014C3D0E3370EB58A","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"B1BC968BD4F49D622AA89A81F2150152A41D829C","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"CABD2A79A1076A31F21D253635CB039D4329A5E8","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"D1EB23A46D17D68FD92564C2F1F1601764D8E349","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"D4DE20D05E66FC53FE1A50882C78DB2852CAE474","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"D69B561148F01C77C54578C10926DF5B856976AD","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"DAC9024F54D8F6DF94935FB1732638CA6AD77C13","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"DDFB16CD4931C973A2037D3FC83A4D7D775D05E4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"DF3C24F9BFD666761B268073FE06D1CC8D4F82A4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x440","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x440","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\Root","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d5b8","Class":"0x3c0d890"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x440","TitleIndex":"0x0","CreateDisposition":"0x3c0d548","Class":"0x3c0d820"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x440","TitleIndex":"0x0","CreateDisposition":"0x3c0d548","Class":"0x3c0d820"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x440","TitleIndex":"0x0","CreateDisposition":"0x3c0d548","Class":"0x3c0d820"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\EnterpriseCertificates\\Root\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\EnterpriseCertificates\\Root","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d7d8","Class":"0x3c0dab0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\EnterpriseCertificates\\Root","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d5e8","Class":"0x3c0d8c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x440","objectName":"0x3c0d940","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x444","TitleIndex":"0x0","CreateDisposition":"0x3c0d578","Class":"0x3c0d850"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x444","TitleIndex":"0x0","CreateDisposition":"0x3c0d578","Class":"0x3c0d850"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x444","TitleIndex":"0x0","CreateDisposition":"0x3c0d578","Class":"0x3c0d850"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\SmartCardRoot","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d958","Class":"0x3c0dc30"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x444","objectName":"0x3c0dcb0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x448","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x448","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x448","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\SmartCardRoot","DesiredAccess":"0x3001f","KeyHandle":"0x448","TitleIndex":"0x0","CreateDisposition":"0x3c0dcc8","Class":"0x3c0dfa0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x44c","objectName":"0x3c0e020","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x450","TitleIndex":"0x0","CreateDisposition":"0x3c0dc58","Class":"0x3c0df30"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x450","TitleIndex":"0x0","CreateDisposition":"0x3c0dc58","Class":"0x3c0df30"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x450","TitleIndex":"0x0","CreateDisposition":"0x3c0dc58","Class":"0x3c0df30"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\TrustedPeople\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\TrustedPeople","DesiredAccess":"0x3001f","KeyHandle":"0x448","TitleIndex":"0x0","CreateDisposition":"0x3c0deb8","Class":"0x3c0e190"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x448","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\TrustedPeople","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0dcc8","Class":"0x3c0dfa0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x448","objectName":"0x3c0e020","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x450","TitleIndex":"0x0","CreateDisposition":"0x3c0dc58","Class":"0x3c0df30"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x450","TitleIndex":"0x0","CreateDisposition":"0x3c0dc58","Class":"0x3c0df30"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x450","TitleIndex":"0x0","CreateDisposition":"0x3c0dc58","Class":"0x3c0df30"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x450","objectName":"0x3c0dcb0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d928","Class":"0x3c0dc00"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x454","TitleIndex":"0x0","CreateDisposition":"0x3c0d8b8","Class":"0x3c0db90"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x454","TitleIndex":"0x0","CreateDisposition":"0x3c0d8b8","Class":"0x3c0db90"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x454","TitleIndex":"0x0","CreateDisposition":"0x3c0d8b8","Class":"0x3c0db90"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\TrustedPeople\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\TrustedPeople","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0db48","Class":"0x3c0de20"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\TrustedPeople","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d958","Class":"0x3c0dc30"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x454","objectName":"0x3c0dcb0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x458","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x458","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x458","TitleIndex":"0x0","CreateDisposition":"0x3c0d8e8","Class":"0x3c0dbc0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d5b8","Class":"0x3c0d890"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x458","TitleIndex":"0x0","CreateDisposition":"0x3c0d548","Class":"0x3c0d820"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x458","TitleIndex":"0x0","CreateDisposition":"0x3c0d548","Class":"0x3c0d820"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x458","TitleIndex":"0x0","CreateDisposition":"0x3c0d548","Class":"0x3c0d820"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\EnterpriseCertificates\\TrustedPeople\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\EnterpriseCertificates\\TrustedPeople","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d7d8","Class":"0x3c0dab0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\EnterpriseCertificates\\TrustedPeople","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d5e8","Class":"0x3c0d8c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x458","objectName":"0x3c0d940","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x45c","TitleIndex":"0x0","CreateDisposition":"0x3c0d578","Class":"0x3c0d850"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x45c","TitleIndex":"0x0","CreateDisposition":"0x3c0d578","Class":"0x3c0d850"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x45c","TitleIndex":"0x0","CreateDisposition":"0x3c0d578","Class":"0x3c0d850"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\trust\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\trust","DesiredAccess":"0x3001f","KeyHandle":"0x45c","TitleIndex":"0x0","CreateDisposition":"0x3c0de38","Class":"0x3c0e110"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x45c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\trust","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0dc48","Class":"0x3c0df20"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x45c","objectName":"0x3c0dfa0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x460","TitleIndex":"0x0","CreateDisposition":"0x3c0dbd8","Class":"0x3c0deb0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x460","TitleIndex":"0x0","CreateDisposition":"0x3c0dbd8","Class":"0x3c0deb0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x460","TitleIndex":"0x0","CreateDisposition":"0x3c0dbd8","Class":"0x3c0deb0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x434","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x460","objectName":"0x3c0dc30","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\trust","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d8a8","Class":"0x3c0db80"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x464","TitleIndex":"0x0","CreateDisposition":"0x3c0d838","Class":"0x3c0db10"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x464","TitleIndex":"0x0","CreateDisposition":"0x3c0d838","Class":"0x3c0db10"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x464","TitleIndex":"0x0","CreateDisposition":"0x3c0d838","Class":"0x3c0db10"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\trust\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\trust","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0dac8","Class":"0x3c0dda0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\trust","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d8d8","Class":"0x3c0dbb0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x464","objectName":"0x3c0dc30","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x468","TitleIndex":"0x0","CreateDisposition":"0x3c0d868","Class":"0x3c0db40"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x468","TitleIndex":"0x0","CreateDisposition":"0x3c0d868","Class":"0x3c0db40"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x468","TitleIndex":"0x0","CreateDisposition":"0x3c0d868","Class":"0x3c0db40"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\trust","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d538","Class":"0x3c0d810"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x468","TitleIndex":"0x0","CreateDisposition":"0x3c0d4c8","Class":"0x3c0d7a0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x468","TitleIndex":"0x0","CreateDisposition":"0x3c0d4c8","Class":"0x3c0d7a0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x468","TitleIndex":"0x0","CreateDisposition":"0x3c0d4c8","Class":"0x3c0d7a0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\EnterpriseCertificates\\trust\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\EnterpriseCertificates\\trust","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d758","Class":"0x3c0da30"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\EnterpriseCertificates\\trust","DesiredAccess":"0x3001f","KeyHandle":"0x434","TitleIndex":"0x0","CreateDisposition":"0x3c0d568","Class":"0x3c0d840"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x468","objectName":"0x3c0d8c0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Certificates","DesiredAccess":"0x3001f","KeyHandle":"0x46c","TitleIndex":"0x0","CreateDisposition":"0x3c0d4f8","Class":"0x3c0d7d0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CRLs","DesiredAccess":"0x3001f","KeyHandle":"0x46c","TitleIndex":"0x0","CreateDisposition":"0x3c0d4f8","Class":"0x3c0d7d0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"CTLs","DesiredAccess":"0x3001f","KeyHandle":"0x46c","TitleIndex":"0x0","CreateDisposition":"0x3c0d4f8","Class":"0x3c0d7d0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x474","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x474","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x474","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x474","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x478","objectName":"Software\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x47c","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x480","objectName":"18F7C1FCC3090203FD5BAA2F861A754976C8DD25","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x480","objectName":"245C97DF7514E7CF2DF8BE72AE957B9E04741E85","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x480","objectName":"3B1EFD3A66EA28B16697394703A72CA340A05BD5","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x480","objectName":"7F88CD7223F3C813818C994614A89C99FA3B5247","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x480","objectName":"8F43288AD272F3103B6FB1428485EA3014C0BCFE","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x480","objectName":"A43489159A520F0D93D032CCAF37E7FE20A8B419","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x480","objectName":"BE36A4562FB2EE05DBB3D32323ADF445084ED656","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x480","objectName":"CDD4EEAE6000AC7F40C3802C171E30148030C072","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x47c","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x47c","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x484","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"07E032E020B72C3F192F0628A2593A19A70F069E","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"2796BAE63F1801E277261BA0D77770028F20EEE4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"4F65566336DB6598581D584A596C87934D5F2AB4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"742C3192E607E424EB4549542BE1BBC53E6174E2","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"97817950D81C9670CC34D809CF794431367EF474","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"AD7E1C28B064EF8F6003402014C3D0E3370EB58A","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"B1BC968BD4F49D622AA89A81F2150152A41D829C","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"CABD2A79A1076A31F21D253635CB039D4329A5E8","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"D1EB23A46D17D68FD92564C2F1F1601764D8E349","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"D4DE20D05E66FC53FE1A50882C78DB2852CAE474","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"D69B561148F01C77C54578C10926DF5B856976AD","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"DAC9024F54D8F6DF94935FB1732638CA6AD77C13","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"DDFB16CD4931C973A2037D3FC83A4D7D775D05E4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x488","objectName":"DF3C24F9BFD666761B268073FE06D1CC8D4F82A4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x484","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x484","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegisterGPNotification","hModule":"userenv.dll"}
Returned value:
0x7fefd171060
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\GPAPI.dll"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\GPAPI.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x490","objectName":"\\??\\C:\\Windows\\system32\\GPAPI.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"GPAPI.dll"}
Returned value:
0x7fefc080000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"GPAPI.dll"}
Returned value:
0x7fefc080000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegisterGPNotificationInternal","hModule":"gpapi.dll"}
Returned value:
0x7fefc0813b8
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\Diagnostics","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"Software\\Policies\\Microsoft\\Windows\\System","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-WIN-Service-Management-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-WIN-Service-Management-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"OpenSCManagerW","hModule":"sechost.dll"}
Returned value:
0x7fefe40659c
sechost.dll! OpenSCManagerW #services (#3028) EncryptFlag.exe
Arguments:
{"lpDatabaseName":"ServicesActive","dwDesiredAccess":"0x4","lpMachineName":null}
Returned value:
0x41a84e0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"OpenServiceW","hModule":"sechost.dll"}
Returned value:
0x7fefe406484
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x494","objectName":"System\\CurrentControlSet\\Control\\SQMServiceList","DesiredAccess":"0x1"}
Returned value:
0x0
sechost.dll! OpenServiceW #services (#3028) EncryptFlag.exe
Arguments:
{"lpServiceName":"gpsvc","dwDesiredAccess":"0x5","hSCManager":"0x41a84e0"}
Returned value:
0x41a8510
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CloseServiceHandle","hModule":"sechost.dll"}
Returned value:
0x7fefe406518
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-WIN-Service-Management-L2-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-WIN-Service-Management-L2-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"QueryServiceConfigW","hModule":"sechost.dll"}
Returned value:
0x7fefe407c34
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x364","objectName":"System\\Setup","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x49c","objectName":"Software\\Policies\\Microsoft\\SystemCertificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4a0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\Root","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4a4","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4a4","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4a4","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4a8","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4a8","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4a8","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4b0","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4b0","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4b0","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4b8","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4b8","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4b8","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"OLEAUT32.dll"}
Returned value:
0x7feff3c0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"OLEAUT32.dll"}
Returned value:
0x7feff3c0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x2","hModule":null}
Returned value:
0x7feff3c2fc0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemFree","hModule":"ole32.dll"}
Returned value:
0x7fefe1f3780
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"{2B41894A-B8B7-4E14-A86A-FAD06E822145}","DesiredAccess":"0xe","KeyHandle":"0x4c0","TitleIndex":"0x0","CreateDisposition":"0x37af388","Class":"0x37af660"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0xe","hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad","dwOptions":"0x0","phkResult":"","lpClass":"0x0","lpSubKey":"{2B41894A-B8B7-4E14-A86A-FAD06E822145}"}
Returned value:
0x0
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Policies\\Microsoft\\SystemCertificates","lpData":"1","cbData":"0x4","dwType":"4","lpValueName":"WpadDecisionReason"}
Returned value:
0x0
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Policies\\Microsoft\\SystemCertificates","lpData":"充꾂훑ǘẠK","cbData":"0x8","dwType":"3","lpValueName":"WpadDecisionTime"}
Returned value:
0x0
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Policies\\Microsoft\\SystemCertificates","lpData":"0","cbData":"0x4","dwType":"4","lpValueName":"WpadDecision"}
Returned value:
0x0
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Policies\\Microsoft\\SystemCertificates","lpData":"Network  2","cbData":"0x16","dwType":"1","lpValueName":"WpadNetworkName"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4c0","objectName":"{2B41894A-B8B7-4E14-A86A-FAD06E822145}","DesiredAccess":"0x6"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad","ulOptions":"0x0","samDesired":"0x6","lpSubKey":"{2B41894A-B8B7-4E14-A86A-FAD06E822145}","phkResult":"0x4c0"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"52-54-00-b2-3b-fe","DesiredAccess":"0x3","KeyHandle":"0x4c4","TitleIndex":"0x0","CreateDisposition":"0x37af2e8","Class":"0x37af5c0"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x3","hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad","dwOptions":"0x0","phkResult":"","lpClass":"0x0","lpSubKey":"52-54-00-b2-3b-fe"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"52-54-00-b2-3b-fe","DesiredAccess":"0x20019","KeyHandle":"0x4c8","TitleIndex":"0x0","CreateDisposition":"0x37af368","Class":"0x37af640"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x20019","hKey":"Software\\Policies\\Microsoft\\SystemCertificates","dwOptions":"0x0","phkResult":"","lpClass":"0x0","lpSubKey":"52-54-00-b2-3b-fe"}
Returned value:
0x0
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"CTLs","lpData":"1","cbData":"0x4","dwType":"4","lpValueName":"WpadDecisionReason"}
Returned value:
0x0
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"CTLs","lpData":"充꾂훑ǘẠK","cbData":"0x8","dwType":"3","lpValueName":"WpadDecisionTime"}
Returned value:
0x0
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"CTLs","lpData":"0","cbData":"0x4","dwType":"4","lpValueName":"WpadDecision"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x6","hModule":null}
Returned value:
0x7feff3c11b0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2b0","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2b0","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2b0","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\Diagnostics","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2bc","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2bc","objectName":"Software\\Policies\\Microsoft\\Windows\\System","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-SDDL-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-SDDL-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertSidToStringSidW","hModule":"sechost.dll"}
Returned value:
0x7fefe40d128
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2bc","objectName":"System\\Setup","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2c0","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4c0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2c0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\trust","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4c4","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4c4","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4c4","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4c8","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4c8","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4c8","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4cc","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\trust","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4d0","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4d0","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4d0","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4d4","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4d4","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4d4","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4dc","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4dc","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4dc","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4e0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\CA","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4e4","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4e4","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4e4","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4e8","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4ec","objectName":"109F1CAED645BB78B3EA2B94C0697C740733031C","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4ec","objectName":"D559A586669B08F46A30A133F8A9ED3D038E2EA8","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4ec","objectName":"FEE449EE0E3965A5246F000E87FDE2A065FD89D4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4e8","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4ec","objectName":"A377D1B1C0538833035211F4083D00FECC414DAB","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4e8","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4ec","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\CA","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4f0","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4f0","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4f0","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4f4","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4f4","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x4f4","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x4f8","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x4fc","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x4fc","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x4fc","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x504","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x504","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x504","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x508","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x50c","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x50c","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x50c","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x510","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"1916A2AF346D399F50313C393200F14140456616","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"2A83E9020591A55FC6DDAD3FB102794C52B24E70","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"2B84BFBB34EE2EF949FE1CBE30AA026416EB2216","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"3A850044D8A195CD401A680C012CB0A3B5F8DC08","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"40AA38731BD189F9CDB5B9DC35E2136F38777AF4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"43D9BCB568E039D073A74A71D8511F7476089CC3","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"471C949A8143DB5AD5CDF1C972864A2504FA23C9","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"61793FCBFA4F9008309BBA5FF12D2CB29CD4151A","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"63FEAE960BAA91E343CE2BD8B71798C76BDB77D0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"6431723036FD26DEA502792FA595922493030F97","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"7D7F4414CCEF168ADF6BF40753B5BECD78375931","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"80962AE4D6C5B442894E95A13E4A699E07D694CF","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"86E817C81A5CA672FE000F36F878C19518D6F844","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"8E5BD50D6AE686D65252F843A9D4B96D197730AB","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"9845A431D51959CAF225322B4A4FE9F223CE6D15","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"B533345D06F64516403C00DA03187D3BFEF59156","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"B86E791620F759F17B8D25E38CA8BE32E7D5EAC2","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"C060ED44CBD881BD0EF86C0BA287DDCF8167478C","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"CEA586B2CE593EC7D939898337C57814708AB2BE","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"D018B62DC518907247DF50925BB09ACF4A5CB3AD","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"F8A54E03AADC5692B850496A4C4630FFEAA29D83","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"FA6660A94AB45F6A88C0D7874D89A863D74DEE97","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x510","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x510","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x514","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x518","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x518","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x518","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x51c","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x51c","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x51c","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x524","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x524","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x524","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x528","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x52c","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x52c","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x52c","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x530","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x530","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x530","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x534","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x538","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x538","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x538","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x53c","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x53c","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x53c","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x53c","objectName":"Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x53c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate","DesiredAccess":"0x20119"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x53c","objectName":"Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate","DesiredAccess":"0x20119"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CRYPTSP.dll"}
Returned value:
0x7fefc580000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CRYPTSP.dll"}
Returned value:
0x7fefc580000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CryptAcquireContextA","hModule":"cryptsp.dll"}
Returned value:
0x7fefc583ca8
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x540","objectName":"SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Enhanced RSA and AES Cryptographic Provider","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPAcquireContext","hModule":"rsaenh.dll"}
Returned value:
0x7fefc28230c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPReleaseContext","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2833c8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGenKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc289a80
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDeriveKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29dbc8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDestroyKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc285530
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPSetKeyParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29f838
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGetKeyParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29fc68
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPExportKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2859e8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPImportKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc285658
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPEncrypt","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29c64c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDecrypt","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29cc1c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPCreateHash","hModule":"rsaenh.dll"}
Returned value:
0x7fefc283a80
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPHashData","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2838b0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPHashSessionKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29d430
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDestroyHash","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2837b0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPSignHash","hModule":"rsaenh.dll"}
Returned value:
0x7fefc288b48
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPVerifySignature","hModule":"rsaenh.dll"}
Returned value:
0x7fefc28701c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGenRandom","hModule":"rsaenh.dll"}
Returned value:
0x7fefc281d3c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGetUserKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2890d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPSetProvParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2a0078
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGetProvParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2a0230
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPSetHashParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc285be8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPGetHashParam","hModule":"rsaenh.dll"}
Returned value:
0x7fefc283c7c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDuplicateKey","hModule":"rsaenh.dll"}
Returned value:
0x7fefc2a0a28
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CPDuplicateHash","hModule":"rsaenh.dll"}
Returned value:
0x7fefc29d948
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x544","objectName":"Software\\Microsoft\\Cryptography","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Cryptography\\Offload","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Cryptography\\DESHashSessionKeyBackward","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x540","objectName":"Software\\Microsoft\\Cryptography\\OID","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x544","objectName":"EncodingType 0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x548","objectName":"CryptDllFindOIDInfo","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"1.3.6.1.4.1.311.44.3.4!7","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x550","objectName":"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.44.3.4!7","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"Software\\Classes\\Local Settings\\MuiCache\\1c\\52C64B7E","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\p2pcollab.dll"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\p2pcollab.dll"}
Returned value:
0x20
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"Software\\Classes\\Local Settings\\MuiCache\\1c\\52C64B7E","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\p2pcollab.dll"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\p2pcollab.dll"}
Returned value:
0x20
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"1.3.6.1.4.1.311.47.1.1!7","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x550","objectName":"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.47.1.1!7","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"Software\\Classes\\Local Settings\\MuiCache\\1c\\52C64B7E","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\qagentrt.dll"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\qagentrt.dll"}
Returned value:
0x20
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"Software\\Classes\\Local Settings\\MuiCache\\1c\\52C64B7E","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\qagentrt.dll"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\qagentrt.dll"}
Returned value:
0x20
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"1.3.6.1.4.1.311.64.1.1!7","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x550","objectName":"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"Software\\Classes\\Local Settings\\MuiCache\\1c\\52C64B7E","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\dnsapi.dll"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\dnsapi.dll"}
Returned value:
0x20
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"Software\\Classes\\Local Settings\\MuiCache\\1c\\52C64B7E","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\dnsapi.dll"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\dnsapi.dll"}
Returned value:
0x20
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"1.3.6.1.4.1.311.67.1.1!7","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x550","objectName":"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.67.1.1!7","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"Software\\Classes\\Local Settings\\MuiCache\\1c\\52C64B7E","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\fveui.dll"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\fveui.dll"}
Returned value:
0x20
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"Software\\Classes\\Local Settings\\MuiCache\\1c\\52C64B7E","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\fveui.dll"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\fveui.dll"}
Returned value:
0x20
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"1.3.6.1.4.1.311.67.1.2!7","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x550","objectName":"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.67.1.2!7","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"Software\\Classes\\Local Settings\\MuiCache\\1c\\52C64B7E","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\fveui.dll"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\fveui.dll"}
Returned value:
0x20
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"Software\\Classes\\Local Settings\\MuiCache\\1c\\52C64B7E","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\fveui.dll"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\fveui.dll"}
Returned value:
0x20
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"1.3.6.1.4.1.311.76.6.1!7","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x550","objectName":"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.76.6.1!7","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"Software\\Classes\\Local Settings\\MuiCache\\1c\\52C64B7E","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\wuaueng.dll"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\wuaueng.dll"}
Returned value:
0x20
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"Software\\Classes\\Local Settings\\MuiCache\\1c\\52C64B7E","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\wuaueng.dll"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\wuaueng.dll"}
Returned value:
0x20
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"1.3.6.1.4.1.311.80.1!7","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x550","objectName":"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.80.1!7","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"Software\\Classes\\Local Settings\\MuiCache\\1c\\52C64B7E","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe"}
Returned value:
0x20
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\MUI\\StringCacheSettings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"Software\\Classes\\Local Settings\\MuiCache\\1c\\52C64B7E","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe"}
Returned value:
0x20
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"USER32.dll"}
Returned value:
0x77190000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"USER32.dll"}
Returned value:
0x77190000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"LoadStringW","hModule":"user32.dll"}
Returned value:
0x7719f77c
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ncrypt.dll"}
Returned value:
0x7fefc750000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ncrypt.dll"}
Returned value:
0x7fefc750000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"BCryptOpenAlgorithmProvider","hModule":"ncrypt.dll"}
Returned value:
0x7fefc722460
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetHashInterface","hModule":"bcryptprimitives.dll"}
Returned value:
0x7fefc697c60
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"BCryptGetProperty","hModule":"ncrypt.dll"}
Returned value:
0x7fefc721300
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"BCryptCreateHash","hModule":"ncrypt.dll"}
Returned value:
0x7fefc7210c0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"BCryptHashData","hModule":"ncrypt.dll"}
Returned value:
0x7fefc7212c0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x540","objectName":"Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x540","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate","DesiredAccess":"0x20119"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\cryptnet.dll"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\cryptnet.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x540","objectName":"\\??\\C:\\Windows\\system32\\cryptnet.dll"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x548","objectName":"System\\CurrentControlSet\\Services\\LDAP","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x548","objectName":"System\\CurrentControlSet\\Services\\LDAP","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x548","objectName":"System\\CurrentControlSet\\Services\\LDAP","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x548","objectName":"System\\CurrentControlSet\\Services\\LDAP","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\cryptnet.dll"}
Returned value:
0x7fef9fb0000
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\cryptnet.dll"}
Returned value:
0x7fef9fb0000
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\cryptnet.dll"}
Returned value:
0x7fef9fb0000
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\cryptnet.dll"}
Returned value:
0x7fef9fb0000
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\cryptnet.dll"}
Returned value:
0x7fef9fb0000
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\cryptnet.dll"}
Returned value:
0x7fef9fb0000
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\cryptnet.dll"}
Returned value:
0x7fef9fb0000
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\cryptnet.dll"}
Returned value:
0x7fef9fb0000
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\cryptnet.dll"}
Returned value:
0x7fef9fb0000
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\cryptnet.dll"}
Returned value:
0x7fef9fb0000
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\cryptnet.dll"}
Returned value:
0x7fef9fb0000
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Cryptography\\TVO","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"cryptnet.dll"}
Returned value:
0x7fef9fb0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"cryptnet.dll"}
Returned value:
0x7fef9fb0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"I_CryptNetGetConnectivity","hModule":"cryptnet.dll"}
Returned value:
0x7fef9fb7708
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\SensApi.dll"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\SensApi.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x548","objectName":"\\??\\C:\\Windows\\system32\\SensApi.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"SensApi.dll"}
Returned value:
0x7fef4530000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"SensApi.dll"}
Returned value:
0x7fef4530000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"IsNetworkAlive","hModule":"SensApi.dll"}
Returned value:
0x7fef4531010
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"RPCRT4.dll"}
Returned value:
0x7fefe630000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"RPCRT4.dll"}
Returned value:
0x7fefe630000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcBindingFromStringBindingW","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe667450
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcBindingSetAuthInfoExW","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe65e210
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"NdrClientCall3","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe70cc90
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate","DesiredAccess":"0x20119"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CryptRetrieveObjectByUrlW","hModule":"cryptnet.dll"}
Returned value:
0x7fef9fb2bdc
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"SYSTEM\\CurrentControlSet\\Services\\crypt32","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\cryptnet.dll"}
Returned value:
0x7fef9fb0000
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"SHLWAPI.dll"}
Returned value:
0x7feff330000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"SHLWAPI.dll"}
Returned value:
0x7feff330000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"UrlGetPartW","hModule":"shlwapi.dll"}
Returned value:
0x7feff3382ac
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x550","objectName":"Software\\Microsoft\\Cryptography\\OID","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"EncodingType 0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SchemeDllRetrieveEncodedObjectW","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x554","objectName":"EncodingType 1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SchemeDllRetrieveEncodedObjectW","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\WINHTTP.dll"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\WINHTTP.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x550","objectName":"\\??\\C:\\Windows\\system32\\WINHTTP.dll"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\webio.dll"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\webio.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x550","objectName":"\\??\\C:\\Windows\\system32\\webio.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"WINHTTP.dll"}
Returned value:
0x7fef9c00000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"WINHTTP.dll"}
Returned value:
0x7fef9c00000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpOpen","hModule":"winhttp.dll"}
Returned value:
0x7fef9c0340c
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WinHttp\\Tracing","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"SHLWAPI.dll"}
Returned value:
0x7feff330000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"SHLWAPI.dll"}
Returned value:
0x7feff330000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"StrRChrA","hModule":"shlwapi.dll"}
Returned value:
0x7feff334c9c
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WinHttp","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WinHttp","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WinHttp","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WinHttp","DesiredAccess":"0x1"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ADVAPI32.dll"}
Returned value:
0x7feff4a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ADVAPI32.dll"}
Returned value:
0x7feff4a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"OpenThreadToken","hModule":"KernelBase.dll"}
Returned value:
0x7feff4be168
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"winhttp.dll"}
Returned value:
0x7fef9c00000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"winhttp.dll"}
Returned value:
0x7fef9c00000
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"WS2_32.dll"}
Returned value:
0x7fefd1a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"WS2_32.dll"}
Returned value:
0x7fefd1a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x73","hModule":null}
Returned value:
0x7fefd1a4ae0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SetSystemFileCacheSize","hModule":"kernel32.dll"}
Returned value:
0x770b7f30
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"NtSetSystemInformation","hModule":"ntdll.dll"}
Returned value:
0x772faf70
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"PrivIsDllSynchronizationHeld","hModule":null}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"WS2_32.dll"}
Returned value:
0x7fefd1a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"WS2_32.dll"}
Returned value:
0x7fefd1a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x73","hModule":null}
Returned value:
0x7fefd1a4ae0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x564","objectName":"\\??\\C:\\Windows\\system32\\en-US\\KERNELBASE.dll.mui"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"kernel32.dll"}
Returned value:
0x77070000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetProductInfo","hModule":"kernel32.dll"}
Returned value:
0x77072ed0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"SspiCli.dll"}
Returned value:
0x7fefcbb0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"SspiCli.dll"}
Returned value:
0x7fefcbb0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"InitSecurityInterfaceW","hModule":"sspicli.dll"}
Returned value:
0x7fefcbb7334
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"InitSecurityInterfaceA","hModule":"sspicli.dll"}
Returned value:
0x7fefcbb7564
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x6f","hModule":null}
Returned value:
0x7fefd1a1290
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"RPCRT4.dll"}
Returned value:
0x7fefe630000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"RPCRT4.dll"}
Returned value:
0x7fefe630000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcStringBindingComposeW","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe666e40
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcBindingFromStringBindingW","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe667450
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcBindingSetAuthInfoExW","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe65e210
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcBindingSetOption","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe65e6c0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcStringFreeW","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe665830
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ADVAPI32.dll"}
Returned value:
0x7feff4a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ADVAPI32.dll"}
Returned value:
0x7feff4a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"OpenThreadToken","hModule":"KernelBase.dll"}
Returned value:
0x7feff4be168
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x574","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpSetTimeouts","hModule":"winhttp.dll"}
Returned value:
0x7fef9c0ebc8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpSetOption","hModule":"winhttp.dll"}
Returned value:
0x7fef9c039a8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpCrackUrl","hModule":"winhttp.dll"}
Returned value:
0x7fef9c0b9d8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"StrCmpNW","hModule":"shlwapi.dll"}
Returned value:
0x7feff33b174
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpConnect","hModule":"winhttp.dll"}
Returned value:
0x7fef9c13da4
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSAStringToAddressW","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1aacf0
winhttp.dll! WinHttpConnect #network (#3028) EncryptFlag.exe
Arguments:
{"pswzServerName":"ctldl.windowsupdate.com"}
Returned value:
0x41c2360
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpOpenRequest","hModule":"winhttp.dll"}
Returned value:
0x7fef9c045e0
winhttp.dll! WinHttpOpenRequest #network (#3028) EncryptFlag.exe
Arguments:
{"hConnect":"0x41c2360","pwszVersion":null,"pwszReferrer":null,"pwszObjectName":"/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0bb4d2c97e9f712b","pwszVerb":null}
Returned value:
null
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"UrlCanonicalizeW","hModule":"shlwapi.dll"}
Returned value:
0x7feff33e334
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpGetDefaultProxyConfiguration","hModule":"winhttp.dll"}
Returned value:
0x7fef9c1555c
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpGetIEProxyConfigForCurrentUser","hModule":"winhttp.dll"}
Returned value:
0x7fef9c1a504
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetAdaptersAddresses","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e2ab4
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x490","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x457ecb0","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x490","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x457ecb0","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Linkage","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetBestInterfaceEx","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e11c4
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SHGetValueA","hModule":"shlwapi.dll"}
Returned value:
0x7feff334e50
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ntdll.dll"}
Returned value:
0x77290000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ntdll.dll"}
Returned value:
0x77290000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RtlConvertSidToUnicodeString","hModule":"ntdll.dll"}
Returned value:
0x772af4c0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"OpenProcessToken","hModule":"KernelBase.dll"}
Returned value:
0x7feff4bd8c0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetTokenInformation","hModule":"KernelBase.dll"}
Returned value:
0x7feff4bd8a0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x3"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x580","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Wpad","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ole32.dll"}
Returned value:
0x7fefe1d0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ole32.dll"}
Returned value:
0x7fefe1d0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoInitializeEx","hModule":"ole32.dll"}
Returned value:
0x7fefe1ee5d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegDeleteTreeA","hModule":"kernel32.dll"}
Returned value:
0x7feff4ea690
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegDeleteTreeW","hModule":"kernel32.dll"}
Returned value:
0x7feff4ea6a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemAlloc","hModule":"ole32.dll"}
Returned value:
0x7fefe1f37d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"StringFromIID","hModule":"ole32.dll"}
Returned value:
0x7fefe2cf7a0
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x588","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x588","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Linkage","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"NSI.dll"}
Returned value:
0x7fefe830000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"NSI.dll"}
Returned value:
0x7fefe830000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"NsiAllocateAndGetTable","hModule":"nsi.dll"}
Returned value:
0x7fefe83162c
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CFGMGR32.dll"}
Returned value:
0x7fefd130000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CFGMGR32.dll"}
Returned value:
0x7fefd130000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CM_Open_Class_Key_ExW","hModule":"setupapi.dll"}
Returned value:
0x7fefd133c80
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}","phkResult":"0x584"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertInterfaceGuidToLuid","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e492c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetIfEntry2","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e5850
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetIpForwardTable2","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e61b4
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetIpNetEntry2","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e62d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"FreeMibTable","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e5710
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemFree","hModule":"ole32.dll"}
Returned value:
0x7fefe1f3780
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"NsiFreeTable","hModule":"nsi.dll"}
Returned value:
0x7fefe83182c
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Wpad","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"52-54-00-b2-3b-fe","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoUninitialize","hModule":"ole32.dll"}
Returned value:
0x7fefe1ecfc8
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-SDDL-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-SDDL-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertSidToStringSidW","hModule":"sechost.dll"}
Returned value:
0x7fefe40d128
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"profapi.dll"}
Returned value:
0x7fefcdf0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"profapi.dll"}
Returned value:
0x7fefcdf0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x68","hModule":null}
Returned value:
0x7fefcdf10b0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x580","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x2010
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x578","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x490","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157"}
Returned value:
0x0
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x80","lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157","dwDesiredAccess":"0x80000000","dwShareMode":"0x1"}
Returned value:
0x490
KernelBase.dll! GetFileSize #file (#3028) EncryptFlag.exe
Arguments:
{"hFile":"0x490"}
Returned value:
0x154
KernelBase.dll! ReadFile #file (#3028) EncryptFlag.exe
Arguments:
{"nNumberOfBytesToRead":4,"lpBuffer":"p���","hFile":"0x490"}
Returned value:
0x1
KernelBase.dll! ReadFile #file (#3028) EncryptFlag.exe
Arguments:
{"nNumberOfBytesToRead":108,"lpBuffer":"\u0001\u0001\u0002 \u0001��������O;e���\u0001(���\u0006������������Z@fd��\u0001�چ����","hFile":"0x490"}
Returned value:
0x1
KernelBase.dll! ReadFile #file (#3028) EncryptFlag.exe
Arguments:
{"nNumberOfBytesToRead":228,"lpBuffer":"�\u0012��h�t�t�p�:�/�/�c�t�l�d�l�.�w�i�n�d�o�w�s�u�p�d�","hFile":"0x490"}
Returned value:
0x1
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpTimeFromSystemTime","hModule":"winhttp.dll"}
Returned value:
0x7fef9c326d4
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\ChainEngine\\Config","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1"}
Returned value:
0x0
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x578","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x457db40","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x578","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x457db40","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Linkage","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ntdll.dll"}
Returned value:
0x77290000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ntdll.dll"}
Returned value:
0x77290000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RtlConvertSidToUnicodeString","hModule":"ntdll.dll"}
Returned value:
0x772af4c0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x3"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x580","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Wpad","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegDeleteTreeA","hModule":"kernel32.dll"}
Returned value:
0x7feff4ea690
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegDeleteTreeW","hModule":"kernel32.dll"}
Returned value:
0x7feff4ea6a0
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x588","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x588","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Linkage","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}","phkResult":"0x584"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x584","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Wpad","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"52-54-00-b2-3b-fe","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpSendRequest","hModule":"winhttp.dll"}
Returned value:
0x7fef9c07490
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x99","hModule":null}
Returned value:
0x7feff33521c
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"DNSAPI.dll"}
Returned value:
0x7fefc3a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"DNSAPI.dll"}
Returned value:
0x7fefc3a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DnsGetProxyInformation","hModule":"dnsapi.dll"}
Returned value:
0x7fefc3a5f40
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetAddrInfoW","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1a23c0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x584","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x584","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x37ae3a0","objectName":"\\Device\\RasAcd"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x584","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x584","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x584","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x37ae3a0","objectName":"\\Device\\RasAcd"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x584","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSASocketW","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1a1bd0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x584","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x2","hModule":null}
Returned value:
0x7fefd1a1f00
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x15","hModule":null}
Returned value:
0x7fefd1ad7b0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x9","hModule":null}
Returned value:
0x7fefd1a1250
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSAIoctl","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1ad150
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"FreeAddrInfoW","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1a2640
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x6","hModule":null}
Returned value:
0x7fefd1a9150
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x5","hModule":null}
Returned value:
0x7fefd1ce3e0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSARecv","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1a2200
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSASend","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1a13b0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpReceiveResponse","hModule":"winhttp.dll"}
Returned value:
0x7fef9c0d000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpQueryHeaders","hModule":"winhttp.dll"}
Returned value:
0x7fef9c0c44c
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x2010
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x490","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData"}
Returned value:
0x2014
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x578","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x578","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157"}
Returned value:
0x0
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x4","dwFlagsAndAttributes":"0x4","lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157","dwDesiredAccess":"0xc0000000","dwShareMode":"0x0"}
Returned value:
0x578
KernelBase.dll! GetFileSize #file (#3028) EncryptFlag.exe
Arguments:
{"hFile":"0x578"}
Returned value:
0x154
KernelBase.dll! ReadFile #file (#3028) EncryptFlag.exe
Arguments:
{"nNumberOfBytesToRead":4,"lpBuffer":"p���","hFile":"0x578"}
Returned value:
0x1
KernelBase.dll! ReadFile #file (#3028) EncryptFlag.exe
Arguments:
{"nNumberOfBytesToRead":108,"lpBuffer":"\u0001\u0001\u0002 \u0001��������O;e���\u0001(���\u0006������������Z@fd��\u0001�چ����","hFile":"0x578"}
Returned value:
0x1
KernelBase.dll! ReadFile #file (#3028) EncryptFlag.exe
Arguments:
{"nNumberOfBytesToRead":228,"lpBuffer":"�\u0012��h�t�t�p�:�/�/�c�t�l�d�l�.�w�i�n�d�o�w�s�u�p�d�","hFile":"0x578"}
Returned value:
0x1
KernelBase.dll! WriteFile #file (#3028) EncryptFlag.exe
Arguments:
{"nNumberOfBytesToWrite":"0x154","lpBuffer":"p���\u0001\u0001\u0002 \u0001�������n������\u0001(�������������������������","lpNumberOfBytesWritten":"0x457f358","hFile":"0x578"}
Returned value:
0x1
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x2010
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x490","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x578","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157"}
Returned value:
0x0
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x80","lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157","dwDesiredAccess":"0x80000000","dwShareMode":"0x1"}
Returned value:
0x578
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x490","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157"}
Returned value:
0x0
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x80","lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157","dwDesiredAccess":"0x80000000","dwShareMode":"0x1"}
Returned value:
0x490
KernelBase.dll! GetFileSize #file (#3028) EncryptFlag.exe
Arguments:
{"hFile":"0x578"}
Returned value:
0x154
KernelBase.dll! ReadFile #file (#3028) EncryptFlag.exe
Arguments:
{"nNumberOfBytesToRead":4,"lpBuffer":"p���","hFile":"0x578"}
Returned value:
0x1
KernelBase.dll! ReadFile #file (#3028) EncryptFlag.exe
Arguments:
{"nNumberOfBytesToRead":108,"lpBuffer":"\u0001\u0001\u0002 \u0001�������n������\u0001(�����������������������������","hFile":"0x578"}
Returned value:
0x1
KernelBase.dll! ReadFile #file (#3028) EncryptFlag.exe
Arguments:
{"nNumberOfBytesToRead":228,"lpBuffer":"�\u0012��h�t�t�p�:�/�/�c�t�l�d�l�.�w�i�n�d�o�w�s�u�p�d�","hFile":"0x578"}
Returned value:
0x1
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpCloseHandle","hModule":"winhttp.dll"}
Returned value:
0x7fef9c022d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcBindingFree","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe6780c0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-WIN-Service-Management-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-WIN-Service-Management-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"OpenSCManagerW","hModule":"sechost.dll"}
Returned value:
0x7fefe40659c
sechost.dll! OpenSCManagerW #services (#3028) EncryptFlag.exe
Arguments:
{"lpDatabaseName":null,"dwDesiredAccess":"0x1","lpMachineName":null}
Returned value:
0x41a9a10
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"OpenServiceW","hModule":"sechost.dll"}
Returned value:
0x7fefe406484
sechost.dll! OpenServiceW #services (#3028) EncryptFlag.exe
Arguments:
{"lpServiceName":"CryptSvc","dwDesiredAccess":"0x5","hSCManager":"0x41a9a10"}
Returned value:
0x41a9e30
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-WIN-Service-winsvc-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-WIN-Service-winsvc-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"QueryServiceConfigA","hModule":"sechost.dll"}
Returned value:
0x7fefe407b04
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"QueryServiceStatus","hModule":"sechost.dll"}
Returned value:
0x7fefe406730
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CloseServiceHandle","hModule":"sechost.dll"}
Returned value:
0x7fefe406518
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"RPCRT4.dll"}
Returned value:
0x7fefe630000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"RPCRT4.dll"}
Returned value:
0x7fefe630000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcStringBindingComposeA","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe6d77b0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcBindingFromStringBindingA","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe6f9470
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcEpResolveBinding","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe645790
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-LSALookup-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-LSALookup-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"LookupAccountSidLocalW","hModule":"sechost.dll"}
Returned value:
0x7fefe41424c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcBindingSetAuthInfoExW","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe65e210
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcStringFreeA","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe6d8f50
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"NdrClientCall3","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe70cc90
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcBindingFree","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe6780c0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate","DesiredAccess":"0x20119"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate","DesiredAccess":"0x20119"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"BCryptDestroyHash","hModule":"ncrypt.dll"}
Returned value:
0x7fefc721030
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\ChainEngine\\Config","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Default","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"07E032E020B72C3F192F0628A2593A19A70F069E","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"2796BAE63F1801E277261BA0D77770028F20EEE4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"4F65566336DB6598581D584A596C87934D5F2AB4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"742C3192E607E424EB4549542BE1BBC53E6174E2","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"97817950D81C9670CC34D809CF794431367EF474","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"AD7E1C28B064EF8F6003402014C3D0E3370EB58A","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"B1BC968BD4F49D622AA89A81F2150152A41D829C","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"CABD2A79A1076A31F21D253635CB039D4329A5E8","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"D1EB23A46D17D68FD92564C2F1F1601764D8E349","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"D4DE20D05E66FC53FE1A50882C78DB2852CAE474","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"D69B561148F01C77C54578C10926DF5B856976AD","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"DAC9024F54D8F6DF94935FB1732638CA6AD77C13","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"DDFB16CD4931C973A2037D3FC83A4D7D775D05E4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"DF3C24F9BFD666761B268073FE06D1CC8D4F82A4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate","DesiredAccess":"0x20119"}
Returned value:
0xc0000034
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"BCryptFinishHash","hModule":"ncrypt.dll"}
Returned value:
0x7fefc721240
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Software\\Microsoft\\Cryptography\\OID","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CryptDllImportPublicKeyInfoEx2","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CryptDllImportPublicKeyInfoEx2","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetSignatureInterface","hModule":"bcryptprimitives.dll"}
Returned value:
0x7fefc6b8d50
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"BCryptImportKeyPair","hModule":"ncrypt.dll"}
Returned value:
0x7fefc721d10
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"BCryptDestroyKey","hModule":"ncrypt.dll"}
Returned value:
0x7fefc721910
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Software\\Microsoft\\Cryptography\\OID","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CryptDllImportPublicKeyInfoEx","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CryptDllImportPublicKeyInfoEx","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Software\\Microsoft\\Cryptography\\OID","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CryptDllConvertPublicKeyInfo","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CryptDllConvertPublicKeyInfo","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CryptImportKey","hModule":"cryptsp.dll"}
Returned value:
0x7fefc5856fc
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CryptCreateHash","hModule":"cryptsp.dll"}
Returned value:
0x7fefc585be4
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CryptHashData","hModule":"cryptsp.dll"}
Returned value:
0x7fefc585f80
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CryptVerifySignatureA","hModule":"cryptsp.dll"}
Returned value:
0x7fefc5865f8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CryptDestroyKey","hModule":"cryptsp.dll"}
Returned value:
0x7fefc5850c8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CryptDestroyHash","hModule":"cryptsp.dll"}
Returned value:
0x7fefc5861b8
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Software\\Microsoft\\Cryptography\\OID","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CryptDllVerifyEncodedSignature","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CryptDllVerifyEncodedSignature","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetAsymmetricEncryptionInterface","hModule":"bcryptprimitives.dll"}
Returned value:
0x7fefc69bd40
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"BCryptVerifySignature","hModule":"ncrypt.dll"}
Returned value:
0x7fefc735bc0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetHashInterface","hModule":"bcryptprimitives.dll"}
Returned value:
0x7fefc697c60
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Software\\Microsoft\\Cryptography\\OID","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CertDllVerifyRevocation","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x574","objectName":"CertDllVerifyRevocation","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"DEFAULT","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"cryptnet.dll"}
Returned value:
0x7fef9fb0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DllCanUnloadNow","hModule":"zipfldr.dll"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CertDllVerifyRevocation","hModule":"cryptnet.dll"}
Returned value:
0x7fef9fb3a2c
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Software\\Microsoft\\Cryptography\\OID","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"TimeValidDllGetObject","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"TimeValidDllGetObject","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Software\\Microsoft\\Cryptography\\OID","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"UrlDllGetObjectUrl","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"UrlDllGetObjectUrl","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\ChainEngine\\Config","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x574","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x2010
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x570","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x57c","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Software\\Microsoft\\Cryptography\\OID","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CryptDllEncodeObjectEx","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x574","objectName":"CryptDllEncodeObjectEx","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"1.2.840.113549.1.9.16.1.1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"1.2.840.113549.1.9.16.2.1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"1.2.840.113549.1.9.16.2.11","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"1.2.840.113549.1.9.16.2.12","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"1.2.840.113549.1.9.16.2.2","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"1.2.840.113549.1.9.16.2.3","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"1.2.840.113549.1.9.16.2.4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x574","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x2010
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x570","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27"}
Returned value:
0xc0000034
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x80","lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27","dwDesiredAccess":"0x80000000","dwShareMode":"0x1"}
Returned value:
0xffffffffffffffff
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"SYSTEM\\CurrentControlSet\\Services\\crypt32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"SYSTEM\\CurrentControlSet\\Services\\crypt32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x574","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x2010
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x570","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_276151B6A55B03FE802FD87EEDF5637F"}
Returned value:
0xc0000034
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x80","lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_276151B6A55B03FE802FD87EEDF5637F","dwDesiredAccess":"0x80000000","dwShareMode":"0x1"}
Returned value:
0xffffffffffffffff
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"SYSTEM\\CurrentControlSet\\Services\\crypt32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"SYSTEM\\CurrentControlSet\\Services\\crypt32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Software\\Microsoft\\Cryptography\\OID","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"ContextDllCreateObjectContext","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"ContextDllCreateObjectContext","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x574","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x2010
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x570","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\82CB34DD3343FE727DF8890D352E0D8F"}
Returned value:
0xc0000034
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x80","lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\82CB34DD3343FE727DF8890D352E0D8F","dwDesiredAccess":"0x80000000","dwShareMode":"0x1"}
Returned value:
0xffffffffffffffff
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"SYSTEM\\CurrentControlSet\\Services\\crypt32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\ChainEngine\\Config","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x574","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x2010
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x570","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x57c","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\cryptnet.dll"}
Returned value:
0x7fef9fb0000
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"winhttp.dll"}
Returned value:
0x7fef9c00000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"winhttp.dll"}
Returned value:
0x7fef9c00000
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1"}
Returned value:
0x0
winhttp.dll! WinHttpConnect #network (#3028) EncryptFlag.exe
Arguments:
{"pswzServerName":"ocsp.digicert.com"}
Returned value:
0x41e40a0
winhttp.dll! WinHttpOpenRequest #network (#3028) EncryptFlag.exe
Arguments:
{"hConnect":"0x41e40a0","pwszVersion":null,"pwszReferrer":null,"pwszObjectName":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D","pwszVerb":null}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1"}
Returned value:
0x0
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x588","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x56c","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x459f0f0","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x56c","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x459f0f0","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Linkage","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ntdll.dll"}
Returned value:
0x77290000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ntdll.dll"}
Returned value:
0x77290000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RtlConvertSidToUnicodeString","hModule":"ntdll.dll"}
Returned value:
0x772af4c0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x3"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x58c","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Wpad","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegDeleteTreeA","hModule":"kernel32.dll"}
Returned value:
0x7feff4ea690
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegDeleteTreeW","hModule":"kernel32.dll"}
Returned value:
0x7feff4ea6a0
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x594","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x594","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Linkage","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}","phkResult":"0x590"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Wpad","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"52-54-00-b2-3b-fe","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x58c","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x2010
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x558","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27"}
Returned value:
0xc0000034
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x80","lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27","dwDesiredAccess":"0x80000000","dwShareMode":"0x1"}
Returned value:
0xffffffffffffffff
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\SystemCertificates\\ChainEngine\\Config","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1"}
Returned value:
0x0
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x558","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x459df80","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x558","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x459df80","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Linkage","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ntdll.dll"}
Returned value:
0x77290000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ntdll.dll"}
Returned value:
0x77290000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RtlConvertSidToUnicodeString","hModule":"ntdll.dll"}
Returned value:
0x772af4c0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x56c","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x3"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x58c","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Wpad","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegDeleteTreeA","hModule":"kernel32.dll"}
Returned value:
0x7feff4ea690
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegDeleteTreeW","hModule":"kernel32.dll"}
Returned value:
0x7feff4ea6a0
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x594","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"{b77285ec-43d2-45ee-9909-45c579e0b32f}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{B77285EC-43D2-45EE-9909-45C579E0B32F}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x594","objectName":"\\DEVICE\\NETBT_TCPIP_{B77285EC-43D2-45EE-9909-45C579E0B32F}"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"{846ee342-7039-11de-9d20-806e6f6e6963}","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{846EE342-7039-11DE-9D20-806E6F6E6963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"{3dfcad32-1cde-44fb-a9e1-d91126365830}","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\DEVICE\\NETBT_TCPIP_{3DFCAD32-1CDE-44FB-A9E1-D91126365830}"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Linkage","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}","phkResult":"0x590"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Wpad","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x594","objectName":"52-54-00-b2-3b-fe","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x58c","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x58c","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x37ae3a0","objectName":"\\Device\\RasAcd"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x58c","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x58c","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x58c","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x37ae3a0","objectName":"\\Device\\RasAcd"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x58c","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x58c","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"StrStrIW","hModule":"shlwapi.dll"}
Returned value:
0x7feff33fb70
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpQueryDataAvailable","hModule":"winhttp.dll"}
Returned value:
0x7fef9c1dca8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpReadData","hModule":"winhttp.dll"}
Returned value:
0x7fef9c0e160
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x558","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x590","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x2010
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x558","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData"}
Returned value:
0x2014
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x56c","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x56c","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27"}
Returned value:
0x0
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x4","dwFlagsAndAttributes":"0x4","lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27","dwDesiredAccess":"0xc0000000","dwShareMode":"0x0"}
Returned value:
0x56c
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content"}
Returned value:
0x2014
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x558","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x558","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27"}
Returned value:
0x0
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x4","dwFlagsAndAttributes":"0x4","lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27","dwDesiredAccess":"0xc0000000","dwShareMode":"0x0"}
Returned value:
0x558
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetHashInterface","hModule":"bcryptprimitives.dll"}
Returned value:
0x7fefc697c60
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetHashInterface","hModule":"bcryptprimitives.dll"}
Returned value:
0x7fefc697c60
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x578","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x2010
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x578","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData"}
Returned value:
0x2014
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x54c","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x54c","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27"}
Returned value:
0x0
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x4","dwFlagsAndAttributes":"0x4","lpFileName":"C:\\Users\\<USER>\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27","dwDesiredAccess":"0xc0000000","dwShareMode":"0x0"}
Returned value:
0x54c
KernelBase.dll! GetFileSize #file (#3028) EncryptFlag.exe
Arguments:
{"hFile":"0x54c"}
Returned value:
0x1b6
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x54c","objectName":"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config","DesiredAccess":"0x20119"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\CRYPT32.dll"}
Returned value:
0x7fefcf90000
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x490","objectName":"Software\\Microsoft\\Cryptography\\OID","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CertDllVerifyCertificateChainPolicy","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x570","objectName":"EncodingType 1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CertDllVerifyCertificateChainPolicy","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WTHelperProvDataFromStateData","hModule":"wintrust.dll"}
Returned value:
0x7fefcf4a250
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WTHelperGetProvSignerFromChain","hModule":"wintrust.dll"}
Returned value:
0x7fefcf4a220
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CertDuplicateCertificateChain","hModule":"crypt32.dll"}
Returned value:
0x7fefd04a094
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CertGetCertificateContextProperty","hModule":"crypt32.dll"}
Returned value:
0x7fefcf9d140
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CryptReleaseContext","hModule":"cryptsp.dll"}
Returned value:
0x7fefc584a74
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CertFreeCertificateChain","hModule":"crypt32.dll"}
Returned value:
0x7fefcf9e794
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CertFreeCertificateContext","hModule":"crypt32.dll"}
Returned value:
0x7fefcf96d68
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SslLookupCipherSuiteInfo","hModule":"ncrypt.dll"}
Returned value:
0x7fefc757090
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SslLookupCipherLengths","hModule":"ncrypt.dll"}
Returned value:
0x7fefc76246c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SealMessage","hModule":"sspicli.dll"}
Returned value:
0x7fefcbb50a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SslEncryptPacket","hModule":"ncrypt.dll"}
Returned value:
0x7fefc751e40
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"UnsealMessage","hModule":"sspicli.dll"}
Returned value:
0x7fefcbb51f4
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SslDecryptPacket","hModule":"ncrypt.dll"}
Returned value:
0x7fefc752240
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2286DCMF"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2286DCMF"}
Returned value:
0x2016
wininet.dll! InternetCrackUrlW #network (#3028) EncryptFlag.exe
Arguments:
{"dwUrlLength":"0x21","lpszUrl":"https://pastebin.com/raw/P0xWUyiT","dwFlags":"0x0"}
Returned value:
0x1
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x57c","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2286DCMF\\P0xWUyiT[1].txt"}
Returned value:
0x0
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2000","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2286DCMF\\P0xWUyiT[1].txt","dwDesiredAccess":"0x40000000","dwShareMode":"0x7"}
Returned value:
0x57c
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_SHOW_CERT_WARNINGS_ON_POST_FROM_ISTREAM_KB2894776","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_SHOW_CERT_WARNINGS_ON_POST_FROM_ISTREAM_KB2894776","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_SHOW_CERT_WARNINGS_ON_POST_FROM_ISTREAM_KB2894776","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_SHOW_CERT_WARNINGS_ON_POST_FROM_ISTREAM_KB2894776","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SOFTWARE\\Classes\\PROTOCOLS\\Filter\\text/plain","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"SOFTWARE\\Classes\\PROTOCOLS\\Filter\\text/plain","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SOFTWARE\\Classes\\PROTOCOLS\\Filter\\text/plain","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"SOFTWARE\\Classes\\PROTOCOLS\\Filter\\text/plain","phkResult":"0x0"}
Returned value:
0x2
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0xa","hModule":null}
Returned value:
0x7fefd1a4670
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x10","hModule":null}
Returned value:
0x7fefd1ad9c0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_MIME_SNIFFING","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_MIME_SNIFFING","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"FEATURE_MIME_SNIFFING","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_MIME_SNIFFING","phkResult":"0x57c"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x57c"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_FEEDS","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_FEEDS","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"FEATURE_FEEDS","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_FEEDS","phkResult":"0x57c"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ENABLE_COMPAT_LOGGING","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ENABLE_COMPAT_LOGGING","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ENABLE_COMPAT_LOGGING","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ENABLE_COMPAT_LOGGING","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":".txt","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x57c","objectName":"\\Registry\\Machine\\Software\\Classes\\.txt","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CLASSES_ROOT","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":".txt","phkResult":"0x57e"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\.txt","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CLASSES_ROOT\\.txt","lpData":"","lpcbData":"0x12d9e0","lpType":"0","lpValueName":"Content Type"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\.txt","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CLASSES_ROOT\\.txt","lpData":"0x2705040","lpcbData":"0x12cb34","lpType":"0","lpValueName":"Content Type"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_IEXPLORE_USE_FEEDVIEWER_ON_FEED_MIMETYPE_DETECTION_KB2920147","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_IEXPLORE_USE_FEEDVIEWER_ON_FEED_MIMETYPE_DETECTION_KB2920147","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_IEXPLORE_USE_FEEDVIEWER_ON_FEED_MIMETYPE_DETECTION_KB2920147","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_IEXPLORE_USE_FEEDVIEWER_ON_FEED_MIMETYPE_DETECTION_KB2920147","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x56c","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2286DCMF\\P0xWUyiT[1].txt"}
Returned value:
0x0
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x80","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2286DCMF\\P0xWUyiT[1].txt","dwDesiredAccess":"0x80000000","dwShareMode":"0x3"}
Returned value:
0x56c
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x558","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2286DCMF\\P0xWUyiT[1].txt"}
Returned value:
0x0
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x80","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2286DCMF\\P0xWUyiT[1].txt","dwDesiredAccess":"0x80000000","dwShareMode":"0x3"}
Returned value:
0x558
KernelBase.dll! GetFileSize #file (#3028) EncryptFlag.exe
Arguments:
{"hFile":"0x56c"}
Returned value:
0x20
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\??\\C:\\Hacknite_2022_solutions\\zadatak_reversing\\keyfile.txt"}
Returned value:
0xc000003a
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x2","dwFlagsAndAttributes":"0x80","lpFileName":"C:\\Hacknite_2022_solutions\\zadatak_reversing\\keyfile.txt","dwDesiredAccess":"0x40000000","dwShareMode":"0x0"}
Returned value:
0xffffffffffffffff
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x197","hModule":null}
Returned value:
0x7fefeb353d0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\??\\C:\\Hacknite_2022_solutions\\zadatak_reversing\\keyfile.txt"}
Returned value:
0xc000003a
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x12ee00","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x80","lpFileName":"C:\\Hacknite_2022_solutions\\zadatak_reversing\\keyfile.txt","dwDesiredAccess":"0x80000000","dwShareMode":"0x3"}
Returned value:
0xffffffffffffffff
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\??\\C:\\Hacknite_2022_solutions\\zadatak_reversing\\flag.txt"}
Returned value:
0xc000003a
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x12ee00","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x80","lpFileName":"C:\\Hacknite_2022_solutions\\zadatak_reversing\\flag.txt","dwDesiredAccess":"0x80000000","dwShareMode":"0x3"}
Returned value:
0xffffffffffffffff
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\??\\C:\\Hacknite_2022_solutions\\zadatak_reversing\\flag.txt"}
Returned value:
0xc000003a
v1.2.0