Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 12, 2021, 10:23 a.m.	Nov. 12, 2021, 10:42 a.m.

Size	1.8MB
Type	MS-DOS executable, MZ for MS-DOS
MD5	`b380ac326f09bcbd2f78db3d4850d0de`
SHA256	`7a22abe44125262891da6100624d331c845966016cdcb4394b225236537c28f0`
CRC32	`E9C0AAA0`
ssdeep	`12288:8s2pz1td9YYgxUnNm2AVHSr9sWB3EtUeinhnNF:T2n9YYpNmTxg9s/UZ`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library

alltud.exe "C:\Users\test22\AppData\Local\Temp\alltud.exe"
2784

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.italiot

One or more processes crashed (50 out of 112 events)

Time & API	Arguments	Status
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x13b2e @ 0x413b2e RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x13b46 @ 0x413b46 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0xbbd2 @ 0x40bbd2 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0xbbea @ 0x40bbea RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0xf984 @ 0x40f984 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x358c @ 0x40358c RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x3a9a @ 0x403a9a RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x129ac @ 0x4129ac RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x1a976 @ 0x41a976 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x16843 @ 0x416843 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x1685b @ 0x41685b RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x16873 @ 0x416873 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x1688b @ 0x41688b RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x19240 @ 0x419240 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x19258 @ 0x419258 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x127a6 @ 0x4127a6 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x1cba6 @ 0x41cba6 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x1cbbe @ 0x41cbbe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x1cbd6 @ 0x41cbd6 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x1cbee @ 0x41cbee RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x5648 @ 0x405648 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x5660 @ 0x405660 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x11322 @ 0x411322 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x1133a @ 0x41133a RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0xf859 @ 0x40f859 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x9342 @ 0x409342 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x935a @ 0x40935a RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x9372 @ 0x409372 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x938a @ 0x40938a RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x93a2 @ 0x4093a2 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x363b @ 0x40363b RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x3653 @ 0x403653 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x366b @ 0x40366b RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x793a @ 0x40793a RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x7952 @ 0x407952 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0xe26c @ 0x40e26c RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0xe284 @ 0x40e284 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0xe29c @ 0x40e29c RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0xb50f @ 0x40b50f RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x153bf @ 0x4153bf RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x153d7 @ 0x4153d7 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x153ef @ 0x4153ef RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x4277 @ 0x404277 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x428f @ 0x40428f RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x42a7 @ 0x4042a7 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x42bf @ 0x4042bf RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x42d7 @ 0x4042d7 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x61cf @ 0x4061cf RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0x45e3 @ 0x4045e3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1
__exception__ Nov. 12, 2021, 10:23 a.m.	stacktrace: RegOpenKeyExA+0x116 DisableThreadLibraryCalls-0xa0 kernel32+0x14845 @ 0x766e4845 RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x766e4750 New_advapi32_RegOpenKeyExA@20+0x131 New_advapi32_RegOpenKeyExW@20-0x91 @ 0x73ea3bc1 RegOpenKeyA+0x2e MakeSelfRelativeSD-0x16 advapi32+0xcc43 @ 0x7627cc43 alltud+0xa260 @ 0x40a260 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 21 3b c7 45 fc fe ff ff ff 85 ff 0f 85 e8 e3 03 exception.symbol: RegCloseKey+0x18d RegOpenKeyExW-0xe5 kernel32+0x1222c exception.instruction: and dword ptr [ebx], edi exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 74284 exception.address: 0x766e222c registers.esp: 1637868 registers.edi: 0 registers.eax: 8 registers.ebp: 1637988 registers.edx: 0 registers.ebx: 1986854912 registers.esi: 1638036 registers.ecx: 1638036	1

Allocates read-write-execute memory (usually to unpack itself) (6 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Nov. 12, 2021, 10:23 a.m.	process_identifier: 2784 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 12, 2021, 10:23 a.m.	process_identifier: 2784 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 12, 2021, 10:23 a.m.	process_identifier: 2784 region_size: 331776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00920000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 12, 2021, 10:23 a.m.	process_identifier: 2784 region_size: 278528 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 12, 2021, 10:23 a.m.	process_identifier: 2784 region_size: 294912 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02050000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 10:23 a.m.	process_identifier: 2784 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73da2000 process_handle: 0xffffffff	1

Manipulates memory of a non-child process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2784 manipulating memory of non-child process 0
NtProtectVirtualMemory Nov. 12, 2021, 10:23 a.m.	process_identifier: 0 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 0 protection: 52 (PAGE_EXECUTE\|PAGE_EXECUTE_READ\|PAGE_READWRITE) base_address: 0x00000000 process_handle: 0x00000001		3221225541	0

File has been identified by 22 AntiVirus engines on VirusTotal as malicious (22 events)

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
Cylance	Unsafe
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.FNJC
Avast	FileRepMalware
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
Sophos	ML/PE-A
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.b380ac326f09bcbd
Webroot	W32.Malware.Gen
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft	Trojan.Heur!.00002031
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
SentinelOne	Static AI - Malicious PE
McAfee	Artemis!B380AC326F09
eGambit	PE.Heur.InvalidSig
AVG	FileRepMalware
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (W)
MaxSecure	Trojan.Malware.300983.susgen

alltud.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All