Calls
Process tree
Screenshots
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\DownloadManager","DesiredAccess":"0xf003f","KeyHandle":"0x190","TitleIndex":"0x0","CreateDisposition":"0x12ea88","Class":"0x12ed60"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0xf003f","hKey":"HKEY_LOCAL_MACHINE","dwOptions":"0x0","phkResult":"","lpClass":"0x0","lpSubKey":"Software\\Microsoft\\DownloadManager"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x190","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x190"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7fefead2a60","lpcbData":"0x12e114","lpType":"0","lpValueName":"CreateUriCacheSize"}
Returned value:
0x2
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x194","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x198","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x198"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7fefead2a60","lpcbData":"0x12e114","lpType":"0","lpValueName":"CreateUriCacheSize"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x19c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x19c"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7fefead2a60","lpcbData":"0x12e114","lpType":"0","lpValueName":"CreateUriCacheSize"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1a0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x1a0"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7fefead2a60","lpcbData":"0x12e114","lpType":"0","lpValueName":"CreateUriCacheSize"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7fefead29d0","lpcbData":"0x12dd44","lpType":"0","lpValueName":"EnablePunycode"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7fefead29d0","lpcbData":"0x12dd44","lpType":"0","lpValueName":"EnablePunycode"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7fefead29d0","lpcbData":"0x12dd44","lpType":"0","lpValueName":"EnablePunycode"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1a4","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1a4","objectName":"Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","phkResult":"0x1a4"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1a8","objectName":"Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","phkResult":"0x1a8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_MIME_HANDLING","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_MIME_HANDLING","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1ac","objectName":"FEATURE_MIME_HANDLING","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_MIME_HANDLING","phkResult":"0x1ac"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\api-ms-win-downlevel-shlwapi-l2-1-0.dll"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\api-ms-win-downlevel-shlwapi-l2-1-0.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x1b0","objectName":"\\??\\C:\\Windows\\system32\\api-ms-win-downlevel-shlwapi-l2-1-0.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-shlwapi-l2-1-0.dll"}
Returned value:
0x7fef72a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-shlwapi-l2-1-0.dll"}
Returned value:
0x7fef72a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"IUnknown_QueryService","hModule":"shlwapi.dll"}
Returned value:
0x7feff341c28
KernelBase.dll! OpenProcess #process (#3028) EncryptFlag.exe
Arguments:
{"dwProcessId":3028}
Returned value:
0x1b0
KernelBase.dll! OpenProcess #process (#3028) EncryptFlag.exe
Arguments:
{"dwProcessId":3028}
Returned value:
0x1b4
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x1b0","objectName":"\\??\\C:"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1b0","objectName":"Software\\Microsoft\\Internet Explorer\\Main","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Internet Explorer\\Main","phkResult":"0x1b0"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12d2a0","lpcbData":"0x12d294","lpType":"0","lpValueName":"FrameTabWindow"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1b4","objectName":"Software\\Microsoft\\Internet Explorer\\Main","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Internet Explorer\\Main","phkResult":"0x1b4"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12d2a0","lpcbData":"0x12d294","lpType":"0","lpValueName":"FrameTabWindow"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12d2a0","lpcbData":"0x12d294","lpType":"0","lpValueName":"FrameMerging"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12d2a0","lpcbData":"0x12d294","lpType":"0","lpValueName":"FrameMerging"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12d2a0","lpcbData":"0x12d294","lpType":"0","lpValueName":"SessionMerging"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12d2a0","lpcbData":"0x12d294","lpType":"0","lpValueName":"SessionMerging"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12d2a0","lpcbData":"0x12d294","lpType":"0","lpValueName":"AdminTabProcs"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12d2a0","lpcbData":"0x12d294","lpType":"0","lpValueName":"AdminTabProcs"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Internet Explorer\\Main","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Policies\\Microsoft\\Internet Explorer\\Main","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Internet Explorer\\Main","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Policies\\Microsoft\\Internet Explorer\\Main","phkResult":"0x0"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12de60","lpcbData":"0x12d294","lpType":"0","lpValueName":"TabProcGrowth"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12de60","lpcbData":"0x12d294","lpType":"0","lpValueName":"TabProcGrowth"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12de04","lpcbData":"0x12d294","lpType":"0","lpValueName":"TabProcGrowth"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main","lpData":"0x12de04","lpcbData":"0x12d294","lpType":"0","lpValueName":"TabProcGrowth"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1b8","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PROTOCOLS\\Name-Space Handler\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"\\Registry\\Machine\\Software\\Classes\\PROTOCOLS\\Name-Space Handler","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CLASSES_ROOT","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"PROTOCOLS\\Name-Space Handler\\","phkResult":"0x1be"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PROTOCOLS\\Name-Space Handler\\https\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\Registry\\Machine\\Software\\Classes\\PROTOCOLS\\Name-Space Handler\\https","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CLASSES_ROOT","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"PROTOCOLS\\Name-Space Handler\\https\\","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PROTOCOLS\\Name-Space Handler\\*\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\Registry\\Machine\\Software\\Classes\\PROTOCOLS\\Name-Space Handler\\*","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CLASSES_ROOT","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"PROTOCOLS\\Name-Space Handler\\*\\","phkResult":"0x0"}
Returned value:
0x2
KernelBase.dll! GetTickCount #highlight (#3028) EncryptFlag.exe
Arguments:
{}
Returned value:
0x29ddc
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SOFTWARE\\Microsoft\\OLEAUT","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SOFTWARE\\Microsoft\\OLEAUT","DesiredAccess":"0x1"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"OLEAUT32.dll"}
Returned value:
0x7feff3c0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"OLEAUT32.dll"}
Returned value:
0x7feff3c0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x6","hModule":null}
Returned value:
0x7feff3c11b0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"Software\\Microsoft\\Ole","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"FEATURE_BROWSER_EMULATION","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_BROWSER_EMULATION","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"FEATURE_BROWSER_EMULATION","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_BROWSER_EMULATION","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c4","objectName":"Software\\Policies","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Policies","phkResult":"0x1c4"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c8","objectName":"Software\\Policies","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Policies","phkResult":"0x1c8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1cc","objectName":"Software","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software","phkResult":"0x1cc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d0","objectName":"Software","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software","phkResult":"0x1d0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d4","objectName":"\\REGISTRY\\MACHINE\\Software\\Wow6432Node","DesiredAccess":"0x20219"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20219","lpSubKey":"Software","phkResult":"0x1d4"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent","phkResult":"0x1c0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Pre Platform","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Pre Platform","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1d8","objectName":"Post Platform","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Post Platform","phkResult":"0x1d8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x1bc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1c0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x1c0"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetTokenInformation","hModule":"KernelBase.dll"}
Returned value:
0x7feff4bd8a0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\Secur32.dll"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\Secur32.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x1d8","objectName":"\\??\\C:\\Windows\\system32\\Secur32.dll"}
Returned value:
0x0
KernelBase.dll! GetTickCount #highlight (#3028) EncryptFlag.exe
Arguments:
{}
Returned value:
0x29dfb
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"Secur32.dll"}
Returned value:
0x7fefc9f0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"Secur32.dll"}
Returned value:
0x7fefc9f0000
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\SSPICLI.DLL"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\SSPICLI.DLL"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x1d8","objectName":"\\??\\C:\\Windows\\system32\\SSPICLI.DLL"}
Returned value:
0x0
KernelBase.dll! GetTickCount #highlight (#3028) EncryptFlag.exe
Arguments:
{}
Returned value:
0x29dfb
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetUserNameExA","hModule":"sspicli.dll"}
Returned value:
0x7fefcbb1640
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetSidSubAuthorityCount","hModule":"KernelBase.dll"}
Returned value:
0x7feff4b3b84
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetSidSubAuthority","hModule":"KernelBase.dll"}
Returned value:
0x7feff4b3b98
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegCreateKeyExA","hModule":"kernel32.dll"}
Returned value:
0x7feff4b4390
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x2001f","KeyHandle":"0x1ec","TitleIndex":"0x0","CreateDisposition":"0x12d988","Class":"0x12dc60"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x7fe0002001f","hKey":"HKEY_CURRENT_USER","dwOptions":"0x0","phkResult":"","lpClass":"0x0","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegQueryValueExA","hModule":"kernel32.dll"}
Returned value:
0x7feff4c4060
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegOpenKeyExW","hModule":"kernel32.dll"}
Returned value:
0x7feff4c4210
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1f0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","DesiredAccess":"0x9"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x9","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","phkResult":"0x1f0"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegGetValueW","hModule":"kernel32.dll"}
Returned value:
0x7feff4b3bd0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegCloseKey","hModule":"kernel32.dll"}
Returned value:
0x7feff4c4240
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"SHELL32.dll"}
Returned value:
0x7fefd270000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"SHELL32.dll"}
Returned value:
0x7fefd270000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SHGetKnownFolderPath","hModule":"shell32.dll"}
Returned value:
0x7fefd314bf0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1f4","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ole32.dll"}
Returned value:
0x7fefe1d0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ole32.dll"}
Returned value:
0x7fefe1d0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"StringFromGUID2","hModule":"ole32.dll"}
Returned value:
0x7fefe1eede0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1f8","objectName":"{352481E8-33BE-4251-BA85-6007CAEDCF9D}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PropertyBag","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ADVAPI32.dll"}
Returned value:
0x7feff4a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ADVAPI32.dll"}
Returned value:
0x7feff4a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"OpenThreadToken","hModule":"KernelBase.dll"}
Returned value:
0x7feff4be168
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1f8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1f4","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"KnownFolders","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1f4","objectName":"\\REGISTRY\\USER","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1fc","objectName":".DEFAULT","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x200","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"profapi.dll"}
Returned value:
0x7fefcdf0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"profapi.dll"}
Returned value:
0x7fefcdf0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x68","hModule":null}
Returned value:
0x7fefcdf10b0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1fc","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemAlloc","hModule":"ole32.dll"}
Returned value:
0x7fefe1f37d0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x200","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"KnownFolders","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x200","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x200","samDesired":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1fc","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files"}
Returned value:
0x2016
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CopySid","hModule":"KernelBase.dll"}
Returned value:
0x7feff4b3b7c
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\api-ms-win-downlevel-advapi32-l2-1-0.dll"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\api-ms-win-downlevel-advapi32-l2-1-0.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x200","objectName":"\\??\\C:\\Windows\\system32\\api-ms-win-downlevel-advapi32-l2-1-0.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-advapi32-l2-1-0.dll"}
Returned value:
0x7fef8dd0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-advapi32-l2-1-0.dll"}
Returned value:
0x7fef8dd0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertSidToStringSidW","hModule":"sechost.dll"}
Returned value:
0x7feff4bd6d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertStringSecurityDescriptorToSecurityDescriptorW","hModule":"sechost.dll"}
Returned value:
0x7feff4b4750
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x1fc","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat"}
Returned value:
0x0
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x12dd88","dwCreationDisposition":"0x4","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat","dwDesiredAccess":"0xc0000000","dwShareMode":"0x3"}
Returned value:
0x1fc
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-ole32-l1-1-0.dll"}
Returned value:
0x7fefcf10000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-ole32-l1-1-0.dll"}
Returned value:
0x7fefcf10000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemFree","hModule":"ole32.dll"}
Returned value:
0x7fefe1f3780
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"EventRegister","hModule":"api-ms-win-eventing-provider-l1-1-0.dll"}
Returned value:
0x772a6da0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegGetValueA","hModule":"kernel32.dll"}
Returned value:
0x7feff4aa7e0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x2bd","hModule":null}
Returned value:
0x7fefe8872d0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_HTTP_USERNAME_PASSWORD_DISABLE","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_HTTP_USERNAME_PASSWORD_DISABLE","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"FEATURE_HTTP_USERNAME_PASSWORD_DISABLE","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_HTTP_USERNAME_PASSWORD_DISABLE","phkResult":"0x20c"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x2bf","hModule":null}
Returned value:
0x7fefe873230
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","phkResult":"0x20c"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","phkResult":"0x210"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7feff0f1668","lpcbData":"0x12de74","lpType":"0","lpValueName":"FEATURE_CLIENTAUTHCERTFILTER"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7feff0f1668","lpcbData":"0x12de74","lpType":"0","lpValueName":"FEATURE_CLIENTAUTHCERTFILTER"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"RETRY_HEADERONLYPOST_ONCONNECTIONRESET","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"RETRY_HEADERONLYPOST_ONCONNECTIONRESET","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"RETRY_HEADERONLYPOST_ONCONNECTIONRESET","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"RETRY_HEADERONLYPOST_ONCONNECTIONRESET","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_INCLUDE_PORT_IN_SPN_KB908209","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_INCLUDE_PORT_IN_SPN_KB908209","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_INCLUDE_PORT_IN_SPN_KB908209","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_INCLUDE_PORT_IN_SPN_KB908209","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_BUFFERBREAKING_818408","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_BUFFERBREAKING_818408","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_BUFFERBREAKING_818408","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_BUFFERBREAKING_818408","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_USE_CNAME_FOR_SPN_KB911149","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_USE_CNAME_FOR_SPN_KB911149","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_USE_CNAME_FOR_SPN_KB911149","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_USE_CNAME_FOR_SPN_KB911149","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DIGEST_NO_EXTRAS_IN_URI","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DIGEST_NO_EXTRAS_IN_URI","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DIGEST_NO_EXTRAS_IN_URI","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DIGEST_NO_EXTRAS_IN_URI","phkResult":"0x0"}
Returned value:
0x2
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x2be","hModule":null}
Returned value:
0x7fefe873420
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228","phkResult":"0x0"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7feff0f070c","lpcbData":"0x12d424","lpType":"0","lpValueName":"SecureProtocols"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7feff0f070c","lpcbData":"0x12d424","lpType":"0","lpValueName":"SecureProtocols"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x7feff0f070c","lpcbData":"0x12d424","lpType":"0","lpValueName":"SecureProtocols"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Internet Explorer","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Policies\\Microsoft\\Internet Explorer","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x12d430","lpcbData":"0x12d424","lpType":"0","lpValueName":"EnableHttp1_1"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x12d430","lpcbData":"0x12d424","lpType":"0","lpValueName":"EnableHttp1_1"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x12d430","lpcbData":"0x12d424","lpType":"0","lpValueName":"EnableHttp1_1"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x12d430","lpcbData":"0x12d424","lpType":"0","lpValueName":"ProxyHttp1.1"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x12d430","lpcbData":"0x12d424","lpType":"0","lpValueName":"ProxyHttp1.1"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","lpData":"0x12d430","lpcbData":"0x12d424","lpType":"0","lpValueName":"ProxyHttp1.1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegOpenKeyExA","hModule":"kernel32.dll"}
Returned value:
0x7feff4bd6b0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","phkResult":"0x210"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","phkResult":"0x20c"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x214","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","phkResult":"0x214"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x214","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x214","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x214","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x214","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x20c","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x214","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_SCH_SEND_AUX_RECORD_KB_2618444","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_SCH_SEND_AUX_RECORD_KB_2618444","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_SCH_SEND_AUX_RECORD_KB_2618444","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_SCH_SEND_AUX_RECORD_KB_2618444","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x214","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x214"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x214","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x214"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemAlloc","hModule":"ole32.dll"}
Returned value:
0x7fefe1f37d0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x210"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"WS2_32.dll"}
Returned value:
0x7fefd1a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"WS2_32.dll"}
Returned value:
0x7fefd1a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x73","hModule":null}
Returned value:
0x7fefd1a4ae0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x6f","hModule":null}
Returned value:
0x7fefd1a1290
KernelBase.dll! GetTickCount64 #highlight (#3028) EncryptFlag.exe
Arguments:
{}
Returned value:
0x29e1a
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x210","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\winhttp.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x218","objectName":"\\??\\C:\\Windows\\system32\\winhttp.dll"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\webio.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x218","objectName":"\\??\\C:\\Windows\\system32\\webio.dll"}
Returned value:
0x0
KernelBase.dll! GetTickCount #highlight (#3028) EncryptFlag.exe
Arguments:
{}
Returned value:
0x29e1a
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"winhttp.dll"}
Returned value:
0x7fef9c00000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WinHttpCreateProxyResolver","hModule":null}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x218","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WinHttp","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WinHttp","phkResult":"0x218"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x317","hModule":null}
Returned value:
0x7fefe876340
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x21c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad","phkResult":"0x21c"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegQueryValueExW","hModule":"kernel32.dll"}
Returned value:
0x7feff4be6f0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad","lpData":"0x12def8","lpcbData":"0x12df00","lpType":"0","lpValueName":"WpadOverride"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x220","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x220"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_MAXCONNECTIONSPERSERVER","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_MAXCONNECTIONSPERSERVER","phkResult":"0x0"}
Returned value:
0x2
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x17","hModule":null}
Returned value:
0x7fefd1ad910
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x220","objectName":"FEATURE_MAXCONNECTIONSPERSERVER","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_MAXCONNECTIONSPERSERVER","phkResult":"0x220"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_MAXCONNECTIONSPER1_0SERVER","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_MAXCONNECTIONSPER1_0SERVER","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x220","objectName":"FEATURE_MAXCONNECTIONSPER1_0SERVER","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_MAXCONNECTIONSPER1_0SERVER","phkResult":"0x220"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\mswsock.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x1bc","objectName":"\\??\\C:\\Windows\\system32\\mswsock.dll"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"EventActivityIdControl","hModule":"api-ms-win-eventing-provider-l1-1-0.dll"}
Returned value:
0x772e2a60
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\PeerDist\\Service","DesiredAccess":"0x20119"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20119","lpSubKey":"Software\\Policies\\Microsoft\\PeerDist\\Service","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x1bc","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","DesiredAccess":"0x20119"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20119","lpSubKey":"Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service","phkResult":"0x1bc"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\mswsock.dll"}
Returned value:
0x7fefc520000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSPStartup","hModule":"vsocklib.dll"}
Returned value:
0x7fefc528d60
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x220","objectName":"\\Registry\\Machine\\Software\\Policies\\Microsoft\\SQMClient\\Windows","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x224","objectName":"\\Registry\\Machine\\Software\\Microsoft\\SQMClient\\Windows","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x224","objectName":"SYSTEM\\CurrentControlSet\\Services\\Winsock\\Parameters","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x224","objectName":"System\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Winsock","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x224","objectName":"SYSTEM\\CurrentControlSet\\Services\\Winsock\\Setup Migration\\Providers","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x220","objectName":"Tcpip6","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x224","objectName":"System\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Winsock","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\wship6.dll"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_URLMON_IQDA_SIZE","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_URLMON_IQDA_SIZE","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_URLMON_IQDA_SIZE","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_URLMON_IQDA_SIZE","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x220","objectName":"\\??\\C:\\Windows\\System32\\wship6.dll"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_BLOCK_WEAK_ENCRYPTION","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_BLOCK_WEAK_ENCRYPTION","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_BLOCK_WEAK_ENCRYPTION","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_BLOCK_WEAK_ENCRYPTION","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DISABLE_HSTS","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DISABLE_HSTS","phkResult":"0x0"}
Returned value:
0x2
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\wship6.dll"}
Returned value:
0x7fefc510000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHOpenSocket","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc511850
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHOpenSocket2","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc5111f0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHJoinLeaf","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc511ac8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHNotify","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc511890
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHGetSocketInformation","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc5111a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHSetSocketInformation","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc511560
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHGetSockaddrType","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc511138
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_DISABLE_HSTS","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_DISABLE_HSTS","phkResult":"0x0"}
Returned value:
0x2
wininet.dll! InternetConnectW #network (#3028) EncryptFlag.exe
Arguments:
{"lpszUrl":"p"}
Returned value:
null
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHGetWildcardSockaddr","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc5113d8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHGetBroadcastSockaddr","hModule":"WSHTCPIP.DLL"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHAddressToString","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc511010
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHStringToAddress","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc5110a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHIoctl","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefc511c98
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x224","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x15","hModule":null}
Returned value:
0x7fefd1ad7b0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSAIoctl","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1ad150
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x3","hModule":null}
Returned value:
0x7fefd1a18e0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x74","hModule":null}
Returned value:
0x7fefd1a4e20
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"NotifyIpInterfaceChange","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e93c0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegCreateKeyExW","hModule":"kernel32.dll"}
Returned value:
0x7feff4bd5f0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1","KeyHandle":"0x234","TitleIndex":"0x0","CreateDisposition":"0x12d8e8","Class":"0x12dbc0"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x1","hKey":"HKEY_CURRENT_USER","dwOptions":"0x0","phkResult":"","lpClass":"0x7fefed3ecf0","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","lpData":"","lpcbData":"0x12ddfc","lpType":"0","lpValueName":"DefaultConnectionSettings"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","lpData":"","lpcbData":"0x12dd88","lpType":"0","lpValueName":"DefaultConnectionSettings"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UrlMon Settings","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UrlMon Settings","phkResult":"0x0"}
Returned value:
0x2
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CRYPT32.dll"}
Returned value:
0x7fefcf90000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CRYPT32.dll"}
Returned value:
0x7fefcf90000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CertOpenStore","hModule":"crypt32.dll"}
Returned value:
0x7fefcf99de0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x238","objectName":"SYSTEM\\CurrentControlSet\\Services\\crypt32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x238","objectName":"SYSTEM\\CurrentControlSet\\Services\\crypt32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x250","objectName":"Software\\Microsoft\\Cryptography\\OID","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x254","objectName":"EncodingType 0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x258","objectName":"CertDllOpenStoreProv","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x25c","objectName":"#16","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x25c","objectName":"Ldap","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x254","objectName":"EncodingType 1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CertDllOpenStoreProv","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x250","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\SystemCertificates\\my\\PhysicalStores","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x250","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x254","objectName":"Software\\Microsoft\\SystemCertificates\\my","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"USERENV.dll"}
Returned value:
0x7fefd170000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"USERENV.dll"}
Returned value:
0x7fefd170000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetUserProfileDirectoryW","hModule":"userenv.dll"}
Returned value:
0x7fefd171c00
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-SDDL-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-SDDL-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertSidToStringSidW","hModule":"sechost.dll"}
Returned value:
0x7fefe40d128
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x250","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x254","objectName":"S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x2000000"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x250","objectName":"Software\\Microsoft\\SystemCertificates\\my","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x254","objectName":"0x12c860","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Certificates","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x258","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CRLs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x260","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CTLs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x260","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x250","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"ZoneMap\\Ranges\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"ZoneMap\\Ranges\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"ZoneMap\\Ranges\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x2001f","KeyHandle":"0x264","TitleIndex":"0x0","CreateDisposition":"0x12ccf8","Class":"0x12cfd0"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x268","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Internet Explorer","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"Software\\Policies\\Microsoft\\Internet Explorer","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x26c","objectName":"Microsoft\\Internet Explorer\\Security","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Internet Explorer\\Security","phkResult":"0x26c"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Security","lpData":"0x12cf70","lpcbData":"0x12cc44","lpType":"0","lpValueName":"DisableSecuritySettingsCheck"}
Returned value:
0x2
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x26c","objectName":"Microsoft\\Internet Explorer\\Security","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Microsoft\\Internet Explorer\\Security","phkResult":"0x26c"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Security","lpData":"0x12cf70","lpcbData":"0x12cc44","lpType":"0","lpValueName":"DisableSecuritySettingsCheck"}
Returned value:
0x2
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"Secur32.dll"}
Returned value:
0x7fefc9f0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"Secur32.dll"}
Returned value:
0x7fefc9f0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetUserNameExW","hModule":"sspicli.dll"}
Returned value:
0x7fefcbb1118
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x270","objectName":"System\\Setup","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"System\\Setup","phkResult":"0x270"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","lpData":"","lpcbData":"0x12cca0","lpType":"0","lpValueName":"SystemSetupInProgress"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x270","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\","phkResult":"0x270"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x274","objectName":"0","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"0","phkResult":"0x274"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x274","objectName":"1","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"1","phkResult":"0x274"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x274","objectName":"2","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"2","phkResult":"0x274"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x274","objectName":"3","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"3","phkResult":"0x274"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x274","objectName":"4","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"4","phkResult":"0x274"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x270","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateMutant #native (#3028) EncryptFlag.exe
Arguments:
{"DesiredAccess":"0x1f0001","objectName":"Local\\ZonesCacheCounterMutex","MutantHandle":"0x12c418"}
Returned value:
0x40000000
KernelBase.dll! CreateMutexA #mutex (#3028) EncryptFlag.exe
Arguments:
{"lpName":"Local\\ZonesCacheCounterMutex"}
Returned value:
0x274
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x278","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x27c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x278","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x280","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x284","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x288","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x278","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x280","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x278","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x280","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x278","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x28c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x270","objectName":"FEATURE_LOCALMACHINE_LOCKDOWN","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_LOCALMACHINE_LOCKDOWN","phkResult":"0x270"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"NotifyUnicastIpAddressChange","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e6c14
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x270","objectName":"FEATURE_LOCALMACHINE_LOCKDOWN","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"FEATURE_LOCALMACHINE_LOCKDOWN","phkResult":"0x270"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x270","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateMutant #native (#3028) EncryptFlag.exe
Arguments:
{"DesiredAccess":"0x1f0001","objectName":"Local\\ZonesLockedCacheCounterMutex","MutantHandle":"0x12c418"}
Returned value:
0x40000000
KernelBase.dll! CreateMutexA #mutex (#3028) EncryptFlag.exe
Arguments:
{"lpName":"Local\\ZonesLockedCacheCounterMutex"}
Returned value:
0x298
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x29c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetBestInterfaceEx","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e11c4
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x228","objectName":"\\??\\Nsi"}
Returned value:
0x0
KernelBase.dll! CreateFileW #file (#3028) EncryptFlag.exe
Arguments:
{"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x7fe00000003","dwFlagsAndAttributes":"0x7fe40000000","lpFileName":"\\\\.\\Nsi","dwDesiredAccess":"0x0","dwShareMode":"0x3"}
Returned value:
0x228
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2a8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x29c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetIfEntry2","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e5850
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ac","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2b0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2b4","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\","DesiredAccess":"0x2001f"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x29c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ac","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x29c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ac","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x29c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ac","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2a8","objectName":"System\\Setup","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"System\\Setup","phkResult":"0x2a8"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-shlwapi-l2-1-0.dll"}
Returned value:
0x7fef72a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-shlwapi-l2-1-0.dll"}
Returned value:
0x7fef72a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SHGetValueA","hModule":"shlwapi.dll"}
Returned value:
0x7feff334e50
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2a8","objectName":"Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2a8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x2a8"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cc00","lpType":"0","lpValueName":"ProxyEnable"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cc00","lpType":"0","lpValueName":"ProxyServer"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cc00","lpType":"0","lpValueName":"ProxyOverride"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cc00","lpType":"0","lpValueName":"AutoConfigURL"}
Returned value:
0x2
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"0x12cc08","lpcbData":"0x12cc00","lpType":"0","lpValueName":"AutoDetect"}
Returned value:
0x2
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1","KeyHandle":"0x2a8","TitleIndex":"0x0","CreateDisposition":"0x12c688","Class":"0x12c960"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x1","hKey":"HKEY_CURRENT_USER","dwOptions":"0x0","phkResult":"","lpClass":"0x7fefed3ecf0","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cb9c","lpType":"0","lpValueName":"SavedLegacySettings"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cb28","lpType":"0","lpValueName":"SavedLegacySettings"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1","KeyHandle":"0x2a8","TitleIndex":"0x0","CreateDisposition":"0x12c8e8","Class":"0x12cbc0"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x1","hKey":"HKEY_CURRENT_USER","dwOptions":"0x0","phkResult":"","lpClass":"0x7fefed3ecf0","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cdfc","lpType":"0","lpValueName":"DefaultConnectionSettings"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cd88","lpType":"0","lpValueName":"DefaultConnectionSettings"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x20006","KeyHandle":"0x2a8","TitleIndex":"0x0","CreateDisposition":"0x12c988","Class":"0x12cc60"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x20006","hKey":"HKEY_CURRENT_USER","dwOptions":"0x0","phkResult":"","lpClass":"0x7fefed3ecf0","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegSetValueExW","hModule":"kernel32.dll"}
Returned value:
0x7feff4b4490
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"0","cbData":"0x4","dwType":"4","lpValueName":"ProxyEnable"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RegDeleteValueW","hModule":"kernel32.dll"}
Returned value:
0x7feff4aafd0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x1","KeyHandle":"0x2a8","TitleIndex":"0x0","CreateDisposition":"0x12c928","Class":"0x12cc00"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x1","hKey":"HKEY_CURRENT_USER","dwOptions":"0x0","phkResult":"","lpClass":"0x7fefed3ecf0","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12ce14","lpType":"0","lpValueName":"SavedLegacySettings"}
Returned value:
0x0
kernel32.dll! RegQueryValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"ProtocolDefaults\\","lpData":"","lpcbData":"0x12cdc8","lpType":"0","lpValueName":"SavedLegacySettings"}
Returned value:
0x0
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","DesiredAccess":"0x2","KeyHandle":"0x29c","TitleIndex":"0x0","CreateDisposition":"0x12c888","Class":"0x12cb60"}
Returned value:
0x0
kernel32.dll! RegCreateKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"samDesired":"0x2","hKey":"HKEY_CURRENT_USER","dwOptions":"0x0","phkResult":"","lpClass":"0x7fefed3ecf0","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
Returned value:
0x0
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","lpData":"F","cbData":"0xb8","dwType":"3","lpValueName":"SavedLegacySettings"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"AcquireSRWLockExclusive","hModule":"KernelBase.dll"}
Returned value:
0x772ab920
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ReleaseSRWLockExclusive","hModule":"KernelBase.dll"}
Returned value:
0x772ab8e0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"OLEAUT32.dll"}
Returned value:
0x7feff3c0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"OLEAUT32.dll"}
Returned value:
0x7feff3c0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x4","hModule":null}
Returned value:
0x7feff3c1040
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"0x7","hModule":null}
Returned value:
0x7feff3c1020
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2a8","objectName":"Domains\\","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"DNSAPI.dll"}
Returned value:
0x7fefc3a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"DNSAPI.dll"}
Returned value:
0x7fefc3a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DnsGetProxyInformation","hModule":"dnsapi.dll"}
Returned value:
0x7fefc3a5f40
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"RPCRT4.dll"}
Returned value:
0x7fefe630000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"RPCRT4.dll"}
Returned value:
0x7fefe630000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"NdrClientCall3","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe70cc90
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcStringBindingComposeW","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe666e40
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcBindingFromStringBindingW","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe667450
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcStringFreeW","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe665830
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"RpcBindingFree","hModule":"rpcrt4.dll"}
Returned value:
0x7fefe6780c0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2a8","objectName":"ProtocolDefaults\\","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ac","objectName":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","DesiredAccess":"0x1"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExA #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0x1","lpSubKey":"SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","phkResult":"0x2ac"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-advapi32-l2-1-0.dll"}
Returned value:
0x7fef8dd0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"api-ms-win-downlevel-advapi32-l2-1-0.dll"}
Returned value:
0x7fef8dd0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertSidToStringSidW","hModule":"sechost.dll"}
Returned value:
0x7feff4bd6d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoInitializeEx","hModule":"ole32.dll"}
Returned value:
0x7fefe1ee5d0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Parental Controls\\users\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x101"}
Returned value:
0xc0000034
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x101","lpSubKey":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Parental Controls\\users\\S-1-5-21-4270068108-2931534202-3907561125-1001","phkResult":"0x0"}
Returned value:
0x2
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\rpcss.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2ac","objectName":"\\??\\C:\\Windows\\system32\\rpcss.dll"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\rpcss.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2ac","objectName":"\\??\\C:\\Windows\\system32\\rpcss.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CRYPTBASE.dll"}
Returned value:
0x7fefcc40000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CRYPTBASE.dll"}
Returned value:
0x7fefcc40000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"SystemFunction036","hModule":"cryptbase.dll"}
Returned value:
0x7fefcc41658
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"EventWrite","hModule":"api-ms-win-eventing-provider-l1-1-0.dll"}
Returned value:
0x772db0f0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2c4","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoCreateInstance","hModule":"ole32.dll"}
Returned value:
0x7fefe1f23a0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2cc","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","DesiredAccess":"0xf"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER","ulOptions":"0x0","samDesired":"0xf","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","phkResult":"0x2cc"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d0","objectName":"Content","DesiredAccess":"0xf"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","ulOptions":"0x0","samDesired":"0xf","lpSubKey":"Content","phkResult":"0x2d0"}
Returned value:
0x0
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","lpData":"","cbData":"0x2","dwType":"1","lpValueName":"CachePrefix"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\Explorer","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows\\Explorer","DesiredAccess":"0x1"}
Returned value:
0xc0000034
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CLSIDFromOle1Class","hModule":"ole32.dll"}
Returned value:
0x7fefe1e6d18
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2dc","objectName":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x2de","dwOptions":"0x0","samDesired":"0x2000000","hToken":"0x2d4"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2e0","objectName":"{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"Software\\Microsoft\\COM3","DesiredAccess":"0x20119"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PropertyBag","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"KnownFolders","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x2d8","samDesired":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2e0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CLBCatQ.DLL"}
Returned value:
0x7fefe130000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"CLBCatQ.DLL"}
Returned value:
0x7fefe130000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetCatalogObject","hModule":"clbcatq.dll"}
Returned value:
0x7fefe132294
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetCatalogObject2","hModule":"clbcatq.dll"}
Returned value:
0x7fefe13238c
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2e8","objectName":"{5E6C858F-0E22-4760-9AFE-EA3317B67173}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PropertyBag","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\TreatAs","DesiredAccess":"0x1"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-SDDL-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-SDDL-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertSidToStringSidW","hModule":"sechost.dll"}
Returned value:
0x7fefe40d128
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ec","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemFree","hModule":"ole32.dll"}
Returned value:
0x7fefe1f3780
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\??\\C:\\Users\\azure"}
Returned value:
0xc0000035
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"TreatAs","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\azure"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\azure"}
Returned value:
0x10
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\Progid","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Progid","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_CLASSES\\Wow6432Node\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x20219"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x170a027b002c0046","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local"}
Returned value:
0xc0000035
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Local"}
Returned value:
0x2010
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2e8","objectName":"\\Registry\\Machine\\Software\\Classes\\Wow6432Node\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x20219"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x187b00ca0009","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files"}
Returned value:
0xc0000035
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Wow6432Node\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\Progid","DesiredAccess":"0x201"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Progid","DesiredAccess":"0x201"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files"}
Returned value:
0x2016
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\InprocServer32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2e8","objectName":"InprocServer32","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\"}
Returned value:
0x2016
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\InProcServer32","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2e8","objectName":"Cookies","DesiredAccess":"0xf"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","ulOptions":"0x0","samDesired":"0xf","lpSubKey":"Cookies","phkResult":"0x2e8"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\InprocHandler32","DesiredAccess":"0x1"}
Returned value:
0xc0000034
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History","lpData":"Cookie:","cbData":"0x7fe00000010","dwType":"1","lpValueName":"CachePrefix"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ec","objectName":"{2B0F765D-C0E9-4171-908E-08A611B84FF6}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PropertyBag","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2ec","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"KnownFolders","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocHandler32","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\InprocHandler","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocHandler","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"Software\\Microsoft\\OLE","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x2d8","samDesired":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d0","objectName":"\\Registry\\User\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes","DesiredAccess":"0x2000000"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x2d2","dwOptions":"0x0","samDesired":"0x2000000","hToken":"0x2ec"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2f0","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\\TreatAs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"TreatAs","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2f0","objectName":"{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\netprofm.dll"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PropertyBag","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2f0","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2d8","objectName":"\\??\\C:\\Windows\\System32\\netprofm.dll"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"KnownFolders","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2f0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x2f0","samDesired":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x0","objectName":"\\??\\C:\\Users\\azure"}
Returned value:
0xc0000035
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\azure"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\azure"}
Returned value:
0x10
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\nlaapi.dll"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x170a02f50050003a","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming"}
Returned value:
0xc0000035
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Roaming"}
Returned value:
0x2010
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2d8","objectName":"\\??\\C:\\Windows\\System32\\nlaapi.dll"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x19de00de0003","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Cookies"}
Returned value:
0xc0000035
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Cookies"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Cookies"}
Returned value:
0x2016
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\"}
Returned value:
0x2016
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2e8","objectName":"History","DesiredAccess":"0xf"}
Returned value:
0x0
kernel32.dll! RegOpenKeyExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache","ulOptions":"0x0","samDesired":"0xf","lpSubKey":"History","phkResult":"0x2e8"}
Returned value:
0x0
kernel32.dll! RegSetValueExW #registry (#3028) EncryptFlag.exe
Arguments:
{"hKey":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History","lpData":"Visited:","cbData":"0x7fe00000012","dwType":"1","lpValueName":"CachePrefix"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2f0","objectName":"{D9DC8A3B-B784-432E-A781-5A1130A75963}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"PropertyBag","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"KnownFolders","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001","DesiredAccess":"0x20019"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\netprofm.dll"}
Returned value:
0x7fef8de0000
kernel32.dll! RegOpenCurrentUser #registry (#3028) EncryptFlag.exe
Arguments:
{"phkResult":"0x2d8","samDesired":"0x20019"}
Returned value:
0x0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DllGetClassObject","hModule":"zipfldr.dll"}
Returned value:
0x7fef8de7770
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DllCanUnloadNow","hModule":"zipfldr.dll"}
Returned value:
0x7fef8de11b0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ole32.dll"}
Returned value:
0x7fefe1d0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"ole32.dll"}
Returned value:
0x7fefe1d0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoCreateInstance","hModule":"ole32.dll"}
Returned value:
0x7fefe1f23a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetAdaptersAddresses","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e2ab4
ntdll.dll! NtOpenKey #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x7fefe3a61a0","KeyHandle":"0x2fc","objectName":"\\REGISTRY\\MACHINE\\Software\\Microsoft\\Rpc\\Extensions","DesiredAccess":"0x20019"}
Returned value:
0x0
IPHLPAPI.DLL! GetAdaptersAddresses #highlighted (#3028) EncryptFlag.exe
Arguments:
{"desc":"Retrieves local adapter addresses."}
Returned value:
null
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"NdrOleInitializeExtension","hModule":"ole32.dll"}
Returned value:
0x7fefe1e58f8
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoGetClassObject","hModule":"ole32.dll"}
Returned value:
0x7fefe1fb460
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoGetMarshalSizeMax","hModule":"ole32.dll"}
Returned value:
0x7fefe1f883c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoMarshalInterface","hModule":"ole32.dll"}
Returned value:
0x7fefe1f8358
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoUnmarshalInterface","hModule":"ole32.dll"}
Returned value:
0x7fefe1f7f5c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"StringFromIID","hModule":"ole32.dll"}
Returned value:
0x7fefe2cf7a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoGetPSClsid","hModule":"ole32.dll"}
Returned value:
0x7fefe2fab40
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemAlloc","hModule":"ole32.dll"}
Returned value:
0x7fefe1f37d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoTaskMemFree","hModule":"ole32.dll"}
Returned value:
0x7fefe1f3780
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoCreateInstance","hModule":"ole32.dll"}
Returned value:
0x7fefe1f23a0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"CoReleaseMarshalData","hModule":"ole32.dll"}
Returned value:
0x7fefe1d5540
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DcomChannelSetHResult","hModule":"ole32.dll"}
Returned value:
0x7fefe1f4bb8
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2f8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2f8","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}\\TreatAs","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"TreatAs","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}\\Progid","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Progid","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\dhcpcsvc6.DLL"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_CLASSES\\Wow6432Node\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}","DesiredAccess":"0x20219"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\system32\\dhcpcsvc6.DLL"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x2d8","objectName":"\\Registry\\Machine\\Software\\Classes\\Wow6432Node\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}","DesiredAccess":"0x20219"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x2fc","objectName":"\\??\\C:\\Windows\\system32\\dhcpcsvc6.DLL"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\Wow6432Node\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}\\Progid","DesiredAccess":"0x201"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Progid","DesiredAccess":"0x201"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"dhcpcsvc6.DLL"}
Returned value:
0x7fefa720000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"dhcpcsvc6.DLL"}
Returned value:
0x7fefa720000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"Dhcpv6QueryLeaseInfo","hModule":"dhcpcsvc6.dll"}
Returned value:
0x7fefa721120
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"ConvertInterfaceNameToLuidW","hModule":"IPHLPAPI.DLL"}
Returned value:
0x7fefa8e1ad0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}","DesiredAccess":"0x2000000"}
Returned value:
0xc0000034
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x200000000","objectName":"\\??\\C:\\Users\\azure"}
Returned value:
0xc0000035
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}\\InprocServer32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocServer32","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\azure"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\azure"}
Returned value:
0x10
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x170a03870077002d","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local"}
Returned value:
0xc0000035
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}\\InprocHandler32","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Local"}
Returned value:
0x2010
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x1b4dffff0000","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\History"}
Returned value:
0xc0000035
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\History"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\History"}
Returned value:
0x2016
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocHandler32","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"\\REGISTRY\\USER\\S-1-5-21-4270068108-2931534202-3907561125-1001_Classes\\CLSID\\{A47979D2-C419-11D9-A5B4-001185AD2B89}\\InprocHandler","DesiredAccess":"0x1"}
Returned value:
0xc0000034
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\"}
Returned value:
0x0
KernelBase.dll! GetFileAttributesW #file (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\"}
Returned value:
0x2016
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"InprocHandler","DesiredAccess":"0x1"}
Returned value:
0xc0000034
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-LSALookup-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"API-MS-Win-Security-LSALookup-L1-1-0.dll"}
Returned value:
0x7fefe400000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"LookupAccountNameLocalW","hModule":"sechost.dll"}
Returned value:
0x7fefe413d8c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"GetAddrInfoW","hModule":"ws2_32.dll"}
Returned value:
0x7fefd1a23c0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\system32\\mswsock.dll"}
Returned value:
0x7fefc520000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSPStartup","hModule":"vsocklib.dll"}
Returned value:
0x7fefc528d60
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x314","objectName":"SYSTEM\\CurrentControlSet\\Services\\Winsock\\Parameters","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x314","objectName":"System\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Winsock","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x314","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Winsock","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x314","objectName":"SYSTEM\\CurrentControlSet\\Services\\Winsock\\Setup Migration\\Providers","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x318","objectName":"Tcpip","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x314","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Winsock","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtQueryAttributesFile #native (#3028) EncryptFlag.exe
Arguments:
{"objectName":"\\??\\C:\\Windows\\System32\\wshtcpip.dll"}
Returned value:
0x0
ntdll.dll! NtOpenFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x318","objectName":"\\??\\C:\\Windows\\System32\\wshtcpip.dll"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\wshtcpip.dll"}
Returned value:
0x7fefbf90000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHOpenSocket","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91814
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHOpenSocket2","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf911d0
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHJoinLeaf","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91a80
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHNotify","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91850
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHGetSocketInformation","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91180
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHSetSocketInformation","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf9115c
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHGetSockaddrType","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91090
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHGetWildcardSockaddr","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91120
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHGetBroadcastSockaddr","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91760
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHAddressToString","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91010
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHStringToAddress","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91420
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"WSHIoctl","hModule":"WSHTCPIP.DLL"}
Returned value:
0x7fefbf91c10
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x314","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
ntdll.dll! NtCreateFile #native (#3028) EncryptFlag.exe
Arguments:
{"FileHandle":"0x314","objectName":"\\Device\\Afd\\Endpoint"}
Returned value:
0x0
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"C:\\Windows\\System32\\mswsock.dll"}
Returned value:
0x7fefc520000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"NSPStartup","hModule":"wshbth.dll"}
Returned value:
0x7fefc546f40
KernelBase.dll! LoadLibraryExW #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"DNSAPI.dll"}
Returned value:
0x7fefc3a0000
KernelBase.dll! LoadLibraryExA #misc (#3028) EncryptFlag.exe
Arguments:
{"lpFileName":"DNSAPI.dll"}
Returned value:
0x7fefc3a0000
KernelBase.dll! GetProcAddress #misc (#3028) EncryptFlag.exe
Arguments:
{"lpProcName":"DnsQueryConfigAllocEx","hModule":"dnsapi.dll"}
Returned value:
0x7fefc3a5e98
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters","DesiredAccess":"0x20019","KeyHandle":"0x314","TitleIndex":"0x0","CreateDisposition":"0x3a8dea8","Class":"0x3a8e180"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x318","objectName":"System\\CurrentControlSet\\Services\\DnsCache\\Parameters","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x0","objectName":"Software\\Policies\\Microsoft\\Windows NT\\DnsClient","DesiredAccess":"0x20019"}
Returned value:
0xc0000034
ntdll.dll! NtCreateKey #native (#3028) EncryptFlag.exe
Arguments:
{"CreateOptions":"0x0","objectName":"System\\CurrentControlSet\\Services\\Tcpip\\Parameters","DesiredAccess":"0x20019","KeyHandle":"0x318","TitleIndex":"0x0","CreateDisposition":"0x3a8dc78","Class":"0x3a8df50"}
Returned value:
0x0
ntdll.dll! NtOpenKeyEx #native (#3028) EncryptFlag.exe
Arguments:
{"OpenOptions":"0x0","KeyHandle":"0x314","objectName":"System\\CurrentControlSet\\Services\\DnsCache\\Parameters","DesiredAccess":"0x20019"}
Returned value:
0x0
ntdll.dll!