popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

smo.exe

Emotet Gen1 Malicious Library UPX GIF Format Lnk Format PE File PE32 CAB
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 21, 2023, 7:52 a.m. Nov. 21, 2023, 7:59 a.m.
Size 1.1MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d117bdd49deff0dc9c560ed4a03d3a5f
SHA256 1c64b3695016d0d7f981448fa92d4665e16306530c186343ecfabe8bce3f3d25
CRC32 E427E3CC
ssdeep 24576:vyLlqCoPuW8A3ZoR+gfudVPXjCIxDIKF24FQGknuzgm:6LlqJh8LE2MtE
PDB Path wextract.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
ipinfo.io
A 34.117.59.81
34.117.59.81
db-ip.com
A 104.26.5.15
A 104.26.4.15
A 172.67.75.166
104.26.5.15
IP Address Status Action
104.26.4.15 Active Moloch
164.124.101.2 Active Moloch
194.49.94.152 Active Moloch
34.117.59.81 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 194.49.94.152:50500 -> 192.168.56.103:49171 2046266 ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 194.49.94.152:50500 2049060 ET MALWARE Suspected RisePro TCP Heartbeat Packet A Network Trojan was detected
TCP 194.49.94.152:50500 -> 192.168.56.103:49171 2046267 ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) Malware Command and Control Activity Detected
TCP 192.168.56.103:49172 -> 34.117.59.81:443 2025331 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49172 -> 34.117.59.81:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49172 -> 34.117.59.81:443 2025331 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49171 -> 194.49.94.152:50500 2046269 ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) Malware Command and Control Activity Detected
TCP 192.168.56.103:49174 -> 104.26.4.15:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49171 -> 194.49.94.152:50500 2046270 ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration) Malware Command and Control Activity Detected
TCP 192.168.56.103:49172 -> 34.117.59.81:443 2025331 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49172 -> 34.117.59.81:443 2025331 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) Device Retrieving External IP Address Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49174
104.26.4.15:443 		C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: SUCCESS: The scheduled task "OfficeTrackerNMP131 HR" has successfully been created.
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: SUCCESS: The scheduled task "OfficeTrackerNMP131 LG" has successfully been created.
console_handle: 0x00000007
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0038aa58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0038aa58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0038aa98
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0038aa98
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0038ab58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0038ab58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
pdb_path wextract.pdb
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
resource name AVI
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
2kd7142+0x102e @ 0xc3102e
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 38993048
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 5255972
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1053 @ 0xc31053
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 174
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1075 @ 0xc31075
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 180
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1097 @ 0xc31097
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 190
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x10b9 @ 0xc310b9
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 248
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x10db @ 0xc310db
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 192
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1100 @ 0xc31100
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 362
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1125 @ 0xc31125
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 248
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1147 @ 0xc31147
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 231
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x116c @ 0xc3116c
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 31
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1191 @ 0xc31191
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 210
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x11b3 @ 0xc311b3
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 290
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x11d5 @ 0xc311d5
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 70
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x11fa @ 0xc311fa
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 4294967167
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x121f @ 0xc3121f
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 222
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1241 @ 0xc31241
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 239
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1263 @ 0xc31263
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 227
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1285 @ 0xc31285
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 151
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x12a7 @ 0xc312a7
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 141
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x12c9 @ 0xc312c9
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 62
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x12ee @ 0xc312ee
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 171
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1313 @ 0xc31313
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 318
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1335 @ 0xc31335
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 78
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x102e @ 0xc3102e
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 77
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1053 @ 0xc31053
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 141
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1075 @ 0xc31075
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 147
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1097 @ 0xc31097
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 153
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x10b9 @ 0xc310b9
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 223
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x10db @ 0xc310db
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 231
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1100 @ 0xc31100
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 401
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1125 @ 0xc31125
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 3
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1147 @ 0xc31147
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 4294967282
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x116c @ 0xc3116c
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 42
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1191 @ 0xc31191
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 231
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x11b3 @ 0xc311b3
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 311
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x11d5 @ 0xc311d5
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 83
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x11fa @ 0xc311fa
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 4294967180
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x121f @ 0xc3121f
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 45
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1241 @ 0xc31241
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 62
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1263 @ 0xc31263
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 50
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1285 @ 0xc31285
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 70
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x12a7 @ 0xc312a7
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 92
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x12c9 @ 0xc312c9
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 13
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x12ee @ 0xc312ee
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 152
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1313 @ 0xc31313
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 299
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1335 @ 0xc31335
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 91
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x102e @ 0xc3102e
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 90
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1053 @ 0xc31053
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 171
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 2
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1075 @ 0xc31075
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 177
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 2
1 0 0

__exception__

 stacktrace: 
2kd7142+0x1097 @ 0xc31097
2kd7142+0x1c2c @ 0xc31c2c
2kd7142+0x1c68 @ 0xc31c68
2kd7142+0x1c78 @ 0xc31c78
2kd7142+0x1c88 @ 0xc31c88
2kd7142+0x1c98 @ 0xc31c98
2kd7142+0x7e9b @ 0xc37e9b
2kd7142+0x7e8a @ 0xc37e8a
2kd7142+0x7e5d @ 0xc37e5d
2kd7142+0x7e34 @ 0xc37e34
2kd7142+0x7e1e @ 0xc37e1e
2kd7142+0x7e02 @ 0xc37e02
2kd7142+0x7c97 @ 0xc37c97
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0x8737 @ 0xc38737
2kd7142+0xfc51 @ 0xc3fc51
2kd7142+0xfc3e @ 0xc3fc3e
2kd7142+0xfc22 @ 0xc3fc22
2kd7142+0xfbe7 @ 0xc3fbe7
2kd7142+0x8a89 @ 0xc38a89
2kd7142+0xfacf @ 0xc3facf
2kd7142+0xfaae @ 0xc3faae
2kd7142+0xfa92 @ 0xc3fa92
2kd7142+0xf9f7 @ 0xc3f9f7
2kd7142+0xf639 @ 0xc3f639
2kd7142+0xf3f5 @ 0xc3f3f5
2kd7142+0xf2a7 @ 0xc3f2a7
2kd7142+0xf239 @ 0xc3f239
2kd7142+0xeed3 @ 0xc3eed3
2kd7142+0xdf7f @ 0xc3df7f
2kd7142+0xc33f @ 0xc3c33f
2kd7142+0x1687f @ 0xc4687f
RtlSelfRelativeToAbsoluteSD+0x1e8 TpPostWork-0x48 ntdll+0x78449 @ 0x77918449
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x778e54f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 81 7e 30 22 22 22 22 0f 85 87 00 00 00 8d 7e 34
exception.instruction: cmp dword ptr [esi + 0x30], 0x22222222
exception.exception_code: 0xc0000005
exception.symbol: CryptDestroyKey+0x20 CryptSetKeyParam-0xdf cryptsp+0x4d13
exception.address: 0x73ff4d13
registers.esp: 38992592
registers.edi: 13273036
registers.eax: 0
registers.ebp: 38992648
registers.edx: 187
registers.ebx: 2006025332
registers.esi: 0
registers.ecx: 2
1 0 0
request GET https://db-ip.com/demo/home.php?s=175.208.134.152
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 444
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74011000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 444
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73fe1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2144
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74011000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2144
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73fb1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74011000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73fe1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73ff1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73c21000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74711000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bf1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75291000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74001000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73321000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x733d1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73be1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x732c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73271000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73241000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73231000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x731e1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73131000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73121000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x730e1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x730c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73081000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73041000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3068
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f81000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3068
region_size: 1245184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02020000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02110000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3068
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73e02000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3068
region_size: 458752
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02020000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02050000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3068
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73522000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3068
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73edb000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3068
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72ee1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3068
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72ee2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3068
region_size: 1507328
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x022c0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01fd2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02051000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02052000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01fda000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01fdc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3068
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73ff1000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02053000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0202c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3068
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02054000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0204b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02047000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3068
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73cda000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceW

 number_of_free_clusters: 2425487
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2425487
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2425200
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2425200
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2424983
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2424983
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Local Extension Settings\cjmkndjhnagcfbpiemnkdpomccnjblmj\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Local Extension Settings\lpilbniiabackdjcionkobglmddfbcjo\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Floc\Sync Extension Settings\gjagmgiddbbciopjhllkdnddhcglnemk\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\MEIPreload\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SafetyTips\Sync Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\GrShaderCache\Sync Extension Settings\aijcbedoijmgnlmjeegjaglmepbmpkpi\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\Sync Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Local Extension Settings\bgpipimickeadkjlklgciifhnalhdjhe\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Floc\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Local Extension Settings\epapihdplajcdnnkdeiahlgigofloibg\CURRENT
file C:\Users\test22\AppData\Local\Temp\tempCMS8BJYNS5tA4UK\Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\cs
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Sync Extension Settings\lpilbniiabackdjcionkobglmddfbcjo\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Sync Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Sync Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc\CURRENT
file C:\Users\test22\AppData\Local\Temp\tempCMS8BJYNS5tA4UK\Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ca
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\Sync Extension Settings\jnkelfanjkeadonecabehalmbgpfodjm\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Local Extension Settings\gjagmgiddbbciopjhllkdnddhcglnemk\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Sync Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\MEIPreload\Sync Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\Sync Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc\CURRENT
file C:\Users\test22\AppData\Local\Temp\tempCMS8BJYNS5tA4UK\Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_locales\ms
file C:\Users\test22\AppData\Local\Temp\tempCMS8BJYNS5tA4UK\Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_locales\mr
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Sync Extension Settings\fhilaheimglignddkjgofkcbgekhenbh\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobl\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crowd Deny\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\Sync Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk\CURRENT
file C:\Users\test22\AppData\Local\Temp\tempCMS8BJYNS5tA4UK\Files\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\2021.7.12.1
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk\CURRENT
domain ipinfo.io
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\hj9PT21.exe
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk
file C:\Users\test22\AppData\Local\Temp\IXP001.TMP\4Xw406jd.exe
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\5UE8Xn9.exe
file C:\Users\test22\AppData\Local\Temp\IXP002.TMP\2kD7142.exe
file C:\Users\test22\AppData\Local\Temp\IXP002.TMP\3IO06QG.exe
file C:\Users\test22\AppData\Local\Temp\IXP001.TMP\Fi4Ea64.exe
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk
cmdline schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
cmdline schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000540
process_name: pw.exe
process_identifier: 772
1 1 0

Process32NextW

 snapshot_handle: 0x00000540
process_name: SearchProtocolHost.exe
process_identifier: 184
1 1 0

Process32NextW

 snapshot_handle: 0x00000540
process_name: SearchFilterHost.exe
process_identifier: 1800
1 1 0

Process32NextW

 snapshot_handle: 0x00000540
process_name: hj9PT21.exe
process_identifier: 2144
1 1 0

Process32NextW

 snapshot_handle: 0x00000540
process_name: Fi4Ea64.exe
process_identifier: 2216
1 1 0

Process32NextW

 snapshot_handle: 0x00000540
process_name: svchost.exe
process_identifier: 2460
1 1 0

Process32NextW

 snapshot_handle: 0x00000540
process_name: mscorsvw.exe
process_identifier: 2488
1 1 0

Process32NextW

 snapshot_handle: 0x00000540
process_name: mscorsvw.exe
process_identifier: 2532
1 1 0

Process32NextW

 snapshot_handle: 0x00000540
process_name: sppsvc.exe
process_identifier: 2580
1 1 0

Process32NextW

 snapshot_handle: 0x00000540
process_name: cmd.exe
process_identifier: 2668
1 1 0

Process32NextW

 snapshot_handle: 0x00000540
process_name: conhost.exe
process_identifier: 2676
1 1 0

Process32NextW

 snapshot_handle: 0x00000540
process_name: pw.exe
process_identifier: 2700
1 1 0

Process32NextW

 snapshot_handle: 0x00000540
process_name: 3IO06QG.exe
process_identifier: 2716
1 1 0
section {u'size_of_data': u'0x0011c600', u'virtual_address': u'0x0000c000', u'entropy': 7.966094264551574, u'name': u'.rsrc', u'virtual_size': u'0x0011d000'} entropy 7.96609426455 description A section with a high entropy has been found
entropy 0.972222222222 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
Time & API Arguments Status Return Repeated

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000002
key_handle: 0x00000540
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91150000-0011-0000-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91150000-0011-0000-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}
base_handle: 0x80000002
key_handle: 0x00000554
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}
1 0 0
cmdline schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
cmdline schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
host 194.49.94.152
file C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
Time & API Arguments Status Return Repeated

ControlService

 service_handle: 0x00380280
service_name: WinDefend
control_code: 1
0 0

ControlService

 service_handle: 0x00380578
service_name: wuauserv
control_code: 1
0 0
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP001.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP002.TMP\"
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 reg_value C:\Users\test22\AppData\Local\MaxLoonaFest131\MaxLoonaFest131.exe
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk
cmdline schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
cmdline schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
Time & API Arguments Status Return Repeated

LdrGetDllHandle

 module_name: snxhk
module_address: 0x00000000
stack_pivoted: 0
3221225781 0

LdrGetDllHandle

 module_name: snxhk
module_address: 0x00000000
stack_pivoted: 0
3221225781 0
file C:\Users\test22\AppData\Roaming\Electrum\wallets
registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate
file C:\Users\test22\AppData\Roaming\GHISLER\wcx_ftp.ini
Time & API Arguments Status Return Repeated

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 7-Zip 20.02 alpha
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: ????? ?? 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Mozilla Thunderbird 78.4.0 (x86 ko)
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Professional Plus 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: HttpWatch Professional 9.3.39
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: ????? ?? 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Java 8 Update 131
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Java Auto Updater
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Google Update Helper
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Access MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Excel MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft PowerPoint MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Publisher MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Outlook MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Word MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing Tools 2013 - English
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Outils de vérification linguistique 2013 de Microsoft Office - Français
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing Tools 2013 - Español
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft InfoPath MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft DCF MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft OneNote MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Groove MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OSM MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OSM UX MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared Setup Metadata MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Access Setup Metadata MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Lync MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Professional Plus 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{91150000-0011-0000-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 ActiveX
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 NPAPI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Acrobat Reader DC MUI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000554
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName
1 0 0
file C:\Users\test22\AppData\Roaming\ICQ\0001
file C:\Users\test22\AppData\Local\Temp\tempCMS8BJYNS5tA4UK\Files\Thunderbird\Profiles\hzkyl8yo.default
file C:\Users\test22\AppData\Local\Temp\tempCMS8BJYNS5tA4UK\Files\AppData\Local\Thunderbird\Profiles\hzkyl8yo.default
file C:\Users\test22\AppData\Local\Temp\tempCMS8BJYNS5tA4UK\Files\AppData\Roaming\Thunderbird\Profiles\hzkyl8yo.default
file C:\Users\test22\AppData\Roaming\Thunderbird\profiles.ini
registry HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
registry HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob
file C:\Users\test22\AppData\Roaming\Exodus\exodus.wallet
file C:\Users\test22\AppData\Roaming\MultiDoge\multidoge.wallet
cmdline schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
cmdline schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
Time & API Arguments Status Return Repeated

__anomaly__

 tid: 2332
message: Encountered 65537 exceptions, quitting.
subcategory: exception
function_name:
1 0 0
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection
Bkav W32.AIDetectMalware
MicroWorld-eScan Gen:Heur.Mint.Zard.45
Skyhigh BehavesLike.Win32.Downloader.tc
McAfee Trojan-FVTT!B489ABF40219
Malwarebytes Malware.AI.32901334
VIPRE Gen:Heur.Mint.Zard.45
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005aad751 )
K7GW Trojan ( 005aad751 )
Cybereason malicious.31d388
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 multiple detections
Cynet Malicious (score: 100)
APEX Malicious
ClamAV Win.Downloader.Crifi-10009294-0
Kaspersky HEUR:Trojan-Spy.Win32.Stealer.gen
NANO-Antivirus Trojan.Win32.RisePro.kdpgzw
SUPERAntiSpyware Trojan.Agent/Gen-Downloader
Avast Win32:BackdoorX-gen [Trj]
Tencent Malware.Win32.Gencirc.10bf5d52
F-Secure Trojan.TR/Agent.klsuq
DrWeb Trojan.Inject4.64759
Trapmine malicious.high.ml.score
SentinelOne Static AI - Malicious SFX
Varist W32/Kryptik.JKR.gen!Eldorado
Avira TR/Agent.klsuq
Antiy-AVL GrayWare/Win32.Wacapew
Kingsoft malware.kb.a.987
Microsoft Trojan:Win32/Wacatac.B!ml
Gridinsoft Spy.Win32.Redline.lu!heur
ZoneAlarm HEUR:Trojan-Spy.Win32.Stealer.gen
Google Detected
Acronis suspicious
ALYac Gen:Variant.Zusy.509378
Cylance unsafe
Rising Trojan.Generic@AI.99 (RDML:UMeD3flekMO/EvHhySc//g)
Yandex Trojan.Agent!EEdX1zPIc9s
Ikarus Trojan.SuspectCRC
Fortinet W32/Agent.ADVG!tr
AVG Win32:BackdoorX-gen [Trj]
DeepInstinct MALICIOUS