important_document.exe

1.  
2. Calls
3. Screenshots
4. Select call methods...
5. Select processes...
6. Select call types...
7. Clear Filters
8. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9. Arguments:
10.  
11. {"lpProcName":"SetDefaultDllDirectories","hModule":"kernel32.dll"}
12.  
13. Returned value:
14.  
15. 0x0
16.  
17. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
18. Arguments:
19.  
20. {"objectName":"\\??\\C:\\Windows\\system32\\UXTHEME.dll"}
21.  
22. Returned value:
23.  
24. 0x0
25.  
26. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
27. Arguments:
28.  
29. {"FileHandle":"0x18fa6c","objectName":"\\??\\C:\\Windows\\system32\\UXTHEME.dll"}
30.  
31. Returned value:
32.  
33. null
34.  
35. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
36. Arguments:
37.  
38. {"objectName":"\\??\\C:\\Windows\\system32\\USERENV.dll"}
39.  
40. Returned value:
41.  
42. 0x0
43.  
44. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
45. Arguments:
46.  
47. {"FileHandle":"0x18fa6c","objectName":"\\??\\C:\\Windows\\system32\\USERENV.dll"}
48.  
49. Returned value:
50.  
51. null
52.  
53. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
54. Arguments:
55.  
56. {"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\profapi.dll"}
57.  
58. Returned value:
59.  
60. 0xc0000034
61.  
62. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
63. Arguments:
64.  
65. {"objectName":"\\??\\C:\\Windows\\system32\\profapi.dll"}
66.  
67. Returned value:
68.  
69. 0x0
70.  
71. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
72. Arguments:
73.  
74. {"FileHandle":"0x18f6cc","objectName":"\\??\\C:\\Windows\\system32\\profapi.dll"}
75.  
76. Returned value:
77.  
78. null
79.  
80. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
81. Arguments:
82.  
83. {"objectName":"\\??\\C:\\Windows\\system32\\SETUPAPI.dll"}
84.  
85. Returned value:
86.  
87. 0x0
88.  
89. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
90. Arguments:
91.  
92. {"FileHandle":"0x18fa6c","objectName":"\\??\\C:\\Windows\\system32\\SETUPAPI.dll"}
93.  
94. Returned value:
95.  
96. null
97.  
98. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
99. Arguments:
100.  
101. {"OpenOptions":"0x0","KeyHandle":"0x18f8e0","objectName":"SOFTWARE\\Microsoft\\OLEAUT","DesiredAccess":"0x1"}
102.  
103. Returned value:
104.  
105. 0xc0000034
106.  
107. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
108. Arguments:
109.  
110. {"OpenOptions":"0x0","KeyHandle":"0x18f910","objectName":"SOFTWARE\\Microsoft\\OLEAUT","DesiredAccess":"0x1"}
111.  
112. Returned value:
113.  
114. 0xc0000034
115.  
116. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
117. Arguments:
118.  
119. {"DesiredAccess":"0x1","KeyHandle":"0x18f194","objectName":"\\Registry\\Machine\\Software\\Microsoft\\Windows\\Windows Error Reporting\\WMR"}
120.  
121. Returned value:
122.  
123. 0x0
124.  
125. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
126. Arguments:
127.  
128. {"OpenOptions":"0x0","KeyHandle":"0x18f5d4","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Setup","DesiredAccess":"0x20019"}
129.  
130. Returned value:
131.  
132. 0x0
133.  
134. KernelBase.dll! LoadLibraryExW #misc (#2236) important_document.exe
135. Arguments:
136.  
137. {"lpFileName":"API-MS-Win-Core-LocalRegistry-L1-1-0.dll"}
138.  
139. Returned value:
140.  
141. 0x773d0000
142.  
143. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
144. Arguments:
145.  
146. {"lpProcName":"RegQueryValueExW","hModule":"kernel32.dll"}
147.  
148. Returned value:
149.  
150. 0x773e1f4e
151.  
152. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
153. Arguments:
154.  
155. {"OpenOptions":"0x0","KeyHandle":"0x18f5b4","objectName":"Software\\Microsoft\\Windows\\CurrentVersion","DesiredAccess":"0x20019"}
156.  
157. Returned value:
158.  
159. 0x0
160.  
161. KernelBase.dll! CreateMutexW #sync (#2236) important_document.exe
162. Arguments:
163.  
164. {"lpName":null}
165.  
166. Returned value:
167.  
168. 0x16c
169.  
170. KernelBase.dll! CreateMutexW #sync (#2236) important_document.exe
171. Arguments:
172.  
173. {"lpName":null}
174.  
175. Returned value:
176.  
177. 0x174
178.  
179. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
180. Arguments:
181.  
182. {"objectName":"\\??\\C:\\Windows\\system32\\VERSION.dll"}
183.  
184. Returned value:
185.  
186. 0x0
187.  
188. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
189. Arguments:
190.  
191. {"FileHandle":"0x18fa5c","objectName":"\\??\\C:\\Windows\\system32\\VERSION.dll"}
192.  
193. Returned value:
194.  
195. null
196.  
197. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
198. Arguments:
199.  
200. {"lpProcName":"GetFileVersionInfoA","hModule":"version.dll"}
201.  
202. Returned value:
203.  
204. 0x74801ced
205.  
206. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
207. Arguments:
208.  
209. {"objectName":"\\??\\C:\\Windows\\system32\\SHFOLDER.dll"}
210.  
211. Returned value:
212.  
213. 0x0
214.  
215. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
216. Arguments:
217.  
218. {"FileHandle":"0x18fa5c","objectName":"\\??\\C:\\Windows\\system32\\SHFOLDER.dll"}
219.  
220. Returned value:
221.  
222. null
223.  
224. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
225. Arguments:
226.  
227. {"lpProcName":"SHGetFolderPathA","hModule":"shfolder.dll"}
228.  
229. Returned value:
230.  
231. 0x741f1528
232.  
233. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
234. Arguments:
235.  
236. {"objectName":"\\??\\C:\\Windows\\system32\\rpcss.dll"}
237.  
238. Returned value:
239.  
240. 0xc0000034
241.  
242. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
243. Arguments:
244.  
245. {"objectName":"\\??\\C:\\Windows\\system32\\rpcss.dll"}
246.  
247. Returned value:
248.  
249. 0xc0000034
250.  
251. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
252. Arguments:
253.  
254. {"FileHandle":"0x18fb2c","objectName":"\\Device\\KsecDD"}
255.  
256. Returned value:
257.  
258. null
259.  
260. KernelBase.dll! LoadLibraryExA #misc (#2236) important_document.exe
261. Arguments:
262.  
263. {"lpFileName":"ole32.dll"}
264.  
265. Returned value:
266.  
267. 0x75720000
268.  
269. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
270. Arguments:
271.  
272. {"lpProcName":"CoTaskMemAlloc","hModule":"ole32.dll"}
273.  
274. Returned value:
275.  
276. 0x7576ea4c
277.  
278. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
279. Arguments:
280.  
281. {"OpenOptions":"0x0","KeyHandle":"0x18ef64","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
282.  
283. Returned value:
284.  
285. 0x0
286.  
287. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
288. Arguments:
289.  
290. {"DesiredAccess":"0x2000000","KeyHandle":"0x774b0718","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001"}
291.  
292. Returned value:
293.  
294. 0x0
295.  
296. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
297. Arguments:
298.  
299. {"OpenOptions":"0x0","KeyHandle":"0x18ef64","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
300.  
301. Returned value:
302.  
303. 0xc0000034
304.  
305. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
306. Arguments:
307.  
308. {"OpenOptions":"0x0","KeyHandle":"0x18ef64","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
309.  
310. Returned value:
311.  
312. 0x0
313.  
314. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
315. Arguments:
316.  
317. {"OpenOptions":"0x0","KeyHandle":"0x18ef64","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
318.  
319. Returned value:
320.  
321. 0xc0000034
322.  
323. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
324. Arguments:
325.  
326. {"OpenOptions":"0x0","KeyHandle":"0x18ef40","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
327.  
328. Returned value:
329.  
330. 0x0
331.  
332. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
333. Arguments:
334.  
335. {"OpenOptions":"0x0","KeyHandle":"0x18ef40","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
336.  
337. Returned value:
338.  
339. 0xc0000034
340.  
341. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
342. Arguments:
343.  
344. {"OpenOptions":"0x0","KeyHandle":"0x18ef40","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
345.  
346. Returned value:
347.  
348. 0x0
349.  
350. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
351. Arguments:
352.  
353. {"OpenOptions":"0x0","KeyHandle":"0x18ef40","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
354.  
355. Returned value:
356.  
357. 0xc0000034
358.  
359. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
360. Arguments:
361.  
362. {"OpenOptions":"0x0","KeyHandle":"0x18ef5c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
363.  
364. Returned value:
365.  
366. 0x0
367.  
368. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
369. Arguments:
370.  
371. {"OpenOptions":"0x0","KeyHandle":"0x18ef5c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
372.  
373. Returned value:
374.  
375. 0xc0000034
376.  
377. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
378. Arguments:
379.  
380. {"OpenOptions":"0x0","KeyHandle":"0x18ef44","objectName":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\important_document.exe","DesiredAccess":"0x9"}
381.  
382. Returned value:
383.  
384. 0xc0000034
385.  
386. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
387. Arguments:
388.  
389. {"DesiredAccess":"0x20019","KeyHandle":"0x18e584","objectName":"\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"}
390.  
391. Returned value:
392.  
393. 0xc0000034
394.  
395. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
396. Arguments:
397.  
398. {"FileHandle":"0x18e760","objectName":"\\??\\C:\\Windows\\syswow64\\SHELL32.dll"}
399.  
400. Returned value:
401.  
402. null
403.  
404. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
405. Arguments:
406.  
407. {"DesiredAccess":"0x8","KeyHandle":"0x18e2fc","objectName":"\\Registry\\Machine\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\AssemblyStorageRoots"}
408.  
409. Returned value:
410.  
411. 0xc0000034
412.  
413. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
414. Arguments:
415.  
416. {"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\important_document.exe.Local\\"}
417.  
418. Returned value:
419.  
420. 0xc0000034
421.  
422. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
423. Arguments:
424.  
425. {"objectName":"\\??\\C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2"}
426.  
427. Returned value:
428.  
429. 0x0
430.  
431. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
432. Arguments:
433.  
434. {"FileHandle":"0x18e2fc","objectName":"\\??\\C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2"}
435.  
436. Returned value:
437.  
438. null
439.  
440. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
441. Arguments:
442.  
443. {"OpenOptions":"0x0","KeyHandle":"0x18ef64","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
444.  
445. Returned value:
446.  
447. 0x0
448.  
449. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
450. Arguments:
451.  
452. {"OpenOptions":"0x0","KeyHandle":"0x18ef64","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
453.  
454. Returned value:
455.  
456. 0xc0000034
457.  
458. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
459. Arguments:
460.  
461. {"DesiredAccess":"0x2000000","KeyHandle":"0x774b0708","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes"}
462.  
463. Returned value:
464.  
465. 0x0
466.  
467. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
468. Arguments:
469.  
470. {"OpenOptions":"0x0","KeyHandle":"0x18f13c","objectName":"CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x1"}
471.  
472. Returned value:
473.  
474. 0xc0000034
475.  
476. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
477. Arguments:
478.  
479. {"OpenOptions":"0x0","KeyHandle":"0x18f13c","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x1"}
480.  
481. Returned value:
482.  
483. 0x0
484.  
485. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
486. Arguments:
487.  
488. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
489.  
490. Returned value:
491.  
492. 0xc0000034
493.  
494. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
495. Arguments:
496.  
497. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
498.  
499. Returned value:
500.  
501. 0xc0000034
502.  
503. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
504. Arguments:
505.  
506. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
507.  
508. Returned value:
509.  
510. 0xc0000034
511.  
512. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
513. Arguments:
514.  
515. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
516.  
517. Returned value:
518.  
519. 0xc0000034
520.  
521. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
522. Arguments:
523.  
524. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
525.  
526. Returned value:
527.  
528. 0xc0000034
529.  
530. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
531. Arguments:
532.  
533. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
534.  
535. Returned value:
536.  
537. 0xc0000034
538.  
539. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
540. Arguments:
541.  
542. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
543.  
544. Returned value:
545.  
546. 0xc0000034
547.  
548. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
549. Arguments:
550.  
551. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
552.  
553. Returned value:
554.  
555. 0xc0000034
556.  
557. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
558. Arguments:
559.  
560. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
561.  
562. Returned value:
563.  
564. 0xc0000034
565.  
566. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
567. Arguments:
568.  
569. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
570.  
571. Returned value:
572.  
573. 0xc0000034
574.  
575. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
576. Arguments:
577.  
578. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
579.  
580. Returned value:
581.  
582. 0xc0000034
583.  
584. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
585. Arguments:
586.  
587. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
588.  
589. Returned value:
590.  
591. 0xc0000034
592.  
593. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
594. Arguments:
595.  
596. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
597.  
598. Returned value:
599.  
600. 0xc0000034
601.  
602. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
603. Arguments:
604.  
605. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
606.  
607. Returned value:
608.  
609. 0xc0000034
610.  
611. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
612. Arguments:
613.  
614. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
615.  
616. Returned value:
617.  
618. 0xc0000034
619.  
620. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
621. Arguments:
622.  
623. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
624.  
625. Returned value:
626.  
627. 0xc0000034
628.  
629. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
630. Arguments:
631.  
632. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
633.  
634. Returned value:
635.  
636. 0xc0000034
637.  
638. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
639. Arguments:
640.  
641. {"OpenOptions":"0x0","KeyHandle":"0x18ef4c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x2000000"}
642.  
643. Returned value:
644.  
645. 0xc0000034
646.  
647. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
648. Arguments:
649.  
650. {"OpenOptions":"0x0","KeyHandle":"0x18f0dc","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x1"}
651.  
652. Returned value:
653.  
654. 0xc0000034
655.  
656. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
657. Arguments:
658.  
659. {"OpenOptions":"0x0","KeyHandle":"0x18f0dc","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder","DesiredAccess":"0x1"}
660.  
661. Returned value:
662.  
663. 0xc0000034
664.  
665. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
666. Arguments:
667.  
668. {"OpenOptions":"0x0","KeyHandle":"0x18f070","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum","DesiredAccess":"0x1"}
669.  
670. Returned value:
671.  
672. 0xc0000034
673.  
674. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
675. Arguments:
676.  
677. {"OpenOptions":"0x0","KeyHandle":"0x18f070","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum","DesiredAccess":"0x1"}
678.  
679. Returned value:
680.  
681. 0x0
682.  
683. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
684. Arguments:
685.  
686. {"FileHandle":"0x18f0bc","objectName":"\\??\\C:"}
687.  
688. Returned value:
689.  
690. null
691.  
692. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
693. Arguments:
694.  
695. {"FileHandle":"0x18f050","objectName":"\\??\\MountPointManager"}
696.  
697. Returned value:
698.  
699. null
700.  
701. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
702. Arguments:
703.  
704. {"OpenOptions":"0x0","KeyHandle":"0x18f074","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
705.  
706. Returned value:
707.  
708. 0x0
709.  
710. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
711. Arguments:
712.  
713. {"OpenOptions":"0x0","KeyHandle":"0x18f290","objectName":"{e9b1a4f8-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
714.  
715. Returned value:
716.  
717. 0x0
718.  
719. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
720. Arguments:
721.  
722. {"OpenOptions":"0x0","KeyHandle":"0x18f04c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
723.  
724. Returned value:
725.  
726. 0x0
727.  
728. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
729. Arguments:
730.  
731. {"OpenOptions":"0x0","KeyHandle":"0x18f268","objectName":"{e9b1a4f8-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
732.  
733. Returned value:
734.  
735. 0x0
736.  
737. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
738. Arguments:
739.  
740. {"OpenOptions":"0x0","KeyHandle":"0x18f0f0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
741.  
742. Returned value:
743.  
744. 0x0
745.  
746. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
747. Arguments:
748.  
749. {"OpenOptions":"0x0","KeyHandle":"0x18f30c","objectName":"{e9b1a4f8-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
750.  
751. Returned value:
752.  
753. 0x0
754.  
755. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
756. Arguments:
757.  
758. {"OpenOptions":"0x0","KeyHandle":"0x18f398","objectName":"Drive\\shellex\\FolderExtensions","DesiredAccess":"0x8"}
759.  
760. Returned value:
761.  
762. 0xc0000034
763.  
764. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
765. Arguments:
766.  
767. {"OpenOptions":"0x0","KeyHandle":"0x18f398","objectName":"\\Registry\\Machine\\Software\\Classes\\Drive\\shellex\\FolderExtensions","DesiredAccess":"0x8"}
768.  
769. Returned value:
770.  
771. 0x0
772.  
773. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
774. Arguments:
775.  
776. {"OpenOptions":"0x0","KeyHandle":"0x7ded64","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Drive\\shellex\\FolderExtensions","DesiredAccess":"0x2000000"}
777.  
778. Returned value:
779.  
780. 0xc0000034
781.  
782. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
783. Arguments:
784.  
785. {"OpenOptions":"0x0","KeyHandle":"0x18f0fc","objectName":"Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}","DesiredAccess":"0x1"}
786.  
787. Returned value:
788.  
789. 0xc0000034
790.  
791. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
792. Arguments:
793.  
794. {"OpenOptions":"0x0","KeyHandle":"0x18f0fc","objectName":"\\Registry\\Machine\\Software\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}","DesiredAccess":"0x1"}
795.  
796. Returned value:
797.  
798. 0x0
799.  
800. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
801. Arguments:
802.  
803. {"OpenOptions":"0x0","KeyHandle":"0x18ef64","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}","DesiredAccess":"0x2000000"}
804.  
805. Returned value:
806.  
807. 0xc0000034
808.  
809. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
810. Arguments:
811.  
812. {"OpenOptions":"0x0","KeyHandle":"0x18ddfc","objectName":"Software\\Policies\\Microsoft\\Windows\\Explorer","DesiredAccess":"0x1"}
813.  
814. Returned value:
815.  
816. 0xc0000034
817.  
818. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
819. Arguments:
820.  
821. {"OpenOptions":"0x0","KeyHandle":"0x18ddfc","objectName":"Software\\Policies\\Microsoft\\Windows\\Explorer","DesiredAccess":"0x1"}
822.  
823. Returned value:
824.  
825. 0xc0000034
826.  
827. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
828. Arguments:
829.  
830. {"FileHandle":"0x18e074","objectName":"\\??\\C:\\"}
831.  
832. Returned value:
833.  
834. null
835.  
836. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
837. Arguments:
838.  
839. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
840.  
841. Returned value:
842.  
843. 0x198
844.  
845. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
846. Arguments:
847.  
848. {"DesiredAccess":"0x2000000","KeyHandle":"0x18e364","objectName":"\\Registry\\User\\S-1-5-21-364843204-231886559-199882026-1001_Classes"}
849.  
850. Returned value:
851.  
852. 0x0
853.  
854. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
855. Arguments:
856.  
857. {"FileHandle":"0x31df940","objectName":"\\??\\STORAGE#Volume#{e9b1a4f4-a98b-11e9-a299-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"}
858.  
859. Returned value:
860.  
861. null
862.  
863. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
864. Arguments:
865.  
866. {"FileHandle":"0x31dfb38","objectName":"\\??\\STORAGE#Volume#{e9b1a4f4-a98b-11e9-a299-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"}
867.  
868. Returned value:
869.  
870. null
871.  
872. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
873. Arguments:
874.  
875. {"FileHandle":"0x31dfacc","objectName":"\\??\\MountPointManager"}
876.  
877. Returned value:
878.  
879. null
880.  
881. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
882. Arguments:
883.  
884. {"OpenOptions":"0x0","KeyHandle":"0x309f838","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
885.  
886. Returned value:
887.  
888. 0x0
889.  
890. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
891. Arguments:
892.  
893. {"OpenOptions":"0x0","KeyHandle":"0x309fa54","objectName":"{e9b1a4f7-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
894.  
895. Returned value:
896.  
897. 0x0
898.  
899. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
900. Arguments:
901.  
902. {"OpenOptions":"0x0","KeyHandle":"0x309f810","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
903.  
904. Returned value:
905.  
906. 0x0
907.  
908. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
909. Arguments:
910.  
911. {"OpenOptions":"0x0","KeyHandle":"0x309fa2c","objectName":"{e9b1a4f7-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
912.  
913. Returned value:
914.  
915. 0x0
916.  
917. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
918. Arguments:
919.  
920. {"FileHandle":"0x31df940","objectName":"\\??\\STORAGE#Volume#{e9b1a4f4-a98b-11e9-a299-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"}
921.  
922. Returned value:
923.  
924. null
925.  
926. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
927. Arguments:
928.  
929. {"FileHandle":"0x31dfb38","objectName":"\\??\\STORAGE#Volume#{e9b1a4f4-a98b-11e9-a299-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"}
930.  
931. Returned value:
932.  
933. null
934.  
935. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
936. Arguments:
937.  
938. {"OpenOptions":"0x0","KeyHandle":"0x18e384","objectName":"Software\\Microsoft\\COM3","DesiredAccess":"0x20119"}
939.  
940. Returned value:
941.  
942. 0x0
943.  
944. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
945. Arguments:
946.  
947. {"FileHandle":"0x31dfacc","objectName":"\\??\\MountPointManager"}
948.  
949. Returned value:
950.  
951. null
952.  
953. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
954. Arguments:
955.  
956. {"OpenOptions":"0x0","KeyHandle":"0x309f838","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
957.  
958. Returned value:
959.  
960. 0x0
961.  
962. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
963. Arguments:
964.  
965. {"OpenOptions":"0x0","KeyHandle":"0x309fa54","objectName":"{e9b1a4f8-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
966.  
967. Returned value:
968.  
969. 0x0
970.  
971. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
972. Arguments:
973.  
974. {"OpenOptions":"0x0","KeyHandle":"0x309f810","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
975.  
976. Returned value:
977.  
978. 0x0
979.  
980. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
981. Arguments:
982.  
983. {"OpenOptions":"0x0","KeyHandle":"0x309fa2c","objectName":"{e9b1a4f8-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
984.  
985. Returned value:
986.  
987. 0x0
988.  
989. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
990. Arguments:
991.  
992. {"OpenOptions":"0x0","KeyHandle":"0x18e1c8","objectName":"CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}","DesiredAccess":"0x20019"}
993.  
994. Returned value:
995.  
996. 0xc0000034
997.  
998. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
999. Arguments:
1000.  
1001. {"OpenOptions":"0x0","KeyHandle":"0x18e1c8","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}","DesiredAccess":"0x20019"}
1002.  
1003. Returned value:
1004.  
1005. 0x0
1006.  
1007. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
1008. Arguments:
1009.  
1010. {"FileHandle":"0x309fd04","objectName":"\\??\\MountPointManager"}
1011.  
1012. Returned value:
1013.  
1014. null
1015.  
1016. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
1017. Arguments:
1018.  
1019. {"FileHandle":"0x309fd04","objectName":"\\??\\MountPointManager"}
1020.  
1021. Returned value:
1022.  
1023. null
1024.  
1025. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
1026. Arguments:
1027.  
1028. {"FileHandle":"0x309fd04","objectName":"\\??\\MountPointManager"}
1029.  
1030. Returned value:
1031.  
1032. null
1033.  
1034. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
1035. Arguments:
1036.  
1037. {"FileHandle":"0x309fd04","objectName":"\\??\\MountPointManager"}
1038.  
1039. Returned value:
1040.  
1041. null
1042.  
1043. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
1044. Arguments:
1045.  
1046. {"FileHandle":"0x309fd04","objectName":"\\??\\MountPointManager"}
1047.  
1048. Returned value:
1049.  
1050. null
1051.  
1052. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
1053. Arguments:
1054.  
1055. {"FileHandle":"0x309fd04","objectName":"\\??\\MountPointManager"}
1056.  
1057. Returned value:
1058.  
1059. null
1060.  
1061. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1062. Arguments:
1063.  
1064. {"OpenOptions":"0x0","KeyHandle":"0x18e16c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\TreatAs","DesiredAccess":"0x1"}
1065.  
1066. Returned value:
1067.  
1068. 0xc0000034
1069.  
1070. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1071. Arguments:
1072.  
1073. {"OpenOptions":"0x0","KeyHandle":"0x18e16c","objectName":"TreatAs","DesiredAccess":"0x1"}
1074.  
1075. Returned value:
1076.  
1077. 0xc0000034
1078.  
1079. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1080. Arguments:
1081.  
1082. {"OpenOptions":"0x0","KeyHandle":"0x18e0c4","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\Progid","DesiredAccess":"0x1"}
1083.  
1084. Returned value:
1085.  
1086. 0xc0000034
1087.  
1088. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1089. Arguments:
1090.  
1091. {"OpenOptions":"0x0","KeyHandle":"0x18e0c4","objectName":"Progid","DesiredAccess":"0x1"}
1092.  
1093. Returned value:
1094.  
1095. 0xc0000034
1096.  
1097. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1098. Arguments:
1099.  
1100. {"OpenOptions":"0x0","KeyHandle":"0x18e12c","objectName":"CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}","DesiredAccess":"0x20119"}
1101.  
1102. Returned value:
1103.  
1104. 0xc0000034
1105.  
1106. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1107. Arguments:
1108.  
1109. {"OpenOptions":"0x0","KeyHandle":"0x18e12c","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}","DesiredAccess":"0x20119"}
1110.  
1111. Returned value:
1112.  
1113. 0x0
1114.  
1115. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1116. Arguments:
1117.  
1118. {"OpenOptions":"0x0","KeyHandle":"0x18e0c4","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\Progid","DesiredAccess":"0x101"}
1119.  
1120. Returned value:
1121.  
1122. 0xc0000034
1123.  
1124. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1125. Arguments:
1126.  
1127. {"OpenOptions":"0x0","KeyHandle":"0x18e0c4","objectName":"Progid","DesiredAccess":"0x101"}
1128.  
1129. Returned value:
1130.  
1131. 0xc0000034
1132.  
1133. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1134. Arguments:
1135.  
1136. {"OpenOptions":"0x0","KeyHandle":"0x18df48","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}","DesiredAccess":"0x2000000"}
1137.  
1138. Returned value:
1139.  
1140. 0xc0000034
1141.  
1142. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1143. Arguments:
1144.  
1145. {"OpenOptions":"0x0","KeyHandle":"0x18df48","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}","DesiredAccess":"0x2000000"}
1146.  
1147. Returned value:
1148.  
1149. 0xc0000034
1150.  
1151. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1152. Arguments:
1153.  
1154. {"OpenOptions":"0x0","KeyHandle":"0x18e100","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\InprocServer32","DesiredAccess":"0x20019"}
1155.  
1156. Returned value:
1157.  
1158. 0xc0000034
1159.  
1160. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1161. Arguments:
1162.  
1163. {"OpenOptions":"0x0","KeyHandle":"0x18e100","objectName":"InprocServer32","DesiredAccess":"0x20019"}
1164.  
1165. Returned value:
1166.  
1167. 0x0
1168.  
1169. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1170. Arguments:
1171.  
1172. {"OpenOptions":"0x0","KeyHandle":"0x18defc","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\InProcServer32","DesiredAccess":"0x2000000"}
1173.  
1174. Returned value:
1175.  
1176. 0xc0000034
1177.  
1178. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1179. Arguments:
1180.  
1181. {"OpenOptions":"0x0","KeyHandle":"0x18df20","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\InProcServer32","DesiredAccess":"0x2000000"}
1182.  
1183. Returned value:
1184.  
1185. 0xc0000034
1186.  
1187. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1188. Arguments:
1189.  
1190. {"OpenOptions":"0x0","KeyHandle":"0x18dea4","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\InProcServer32","DesiredAccess":"0x2000000"}
1191.  
1192. Returned value:
1193.  
1194. 0xc0000034
1195.  
1196. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1197. Arguments:
1198.  
1199. {"OpenOptions":"0x0","KeyHandle":"0x18df20","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\InProcServer32","DesiredAccess":"0x2000000"}
1200.  
1201. Returned value:
1202.  
1203. 0xc0000034
1204.  
1205. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1206. Arguments:
1207.  
1208. {"OpenOptions":"0x0","KeyHandle":"0x18decc","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\InProcServer32","DesiredAccess":"0x2000000"}
1209.  
1210. Returned value:
1211.  
1212. 0xc0000034
1213.  
1214. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1215. Arguments:
1216.  
1217. {"OpenOptions":"0x0","KeyHandle":"0x18e0a8","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\InprocHandler32","DesiredAccess":"0x1"}
1218.  
1219. Returned value:
1220.  
1221. 0xc0000034
1222.  
1223. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1224. Arguments:
1225.  
1226. {"OpenOptions":"0x0","KeyHandle":"0x18e0a8","objectName":"InprocHandler32","DesiredAccess":"0x1"}
1227.  
1228. Returned value:
1229.  
1230. 0xc0000034
1231.  
1232. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1233. Arguments:
1234.  
1235. {"OpenOptions":"0x0","KeyHandle":"0x18e0a8","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\InprocHandler","DesiredAccess":"0x1"}
1236.  
1237. Returned value:
1238.  
1239. 0xc0000034
1240.  
1241. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1242. Arguments:
1243.  
1244. {"OpenOptions":"0x0","KeyHandle":"0x18e0a8","objectName":"InprocHandler","DesiredAccess":"0x1"}
1245.  
1246. Returned value:
1247.  
1248. 0xc0000034
1249.  
1250. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1251. Arguments:
1252.  
1253. {"OpenOptions":"0x0","KeyHandle":"0x18e3d4","objectName":"Software\\Microsoft\\OLE","DesiredAccess":"0x20019"}
1254.  
1255. Returned value:
1256.  
1257. 0x0
1258.  
1259. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
1260. Arguments:
1261.  
1262. {"DesiredAccess":"0x2000000","KeyHandle":"0x18d498","objectName":"\\Registry\\User\\S-1-5-21-364843204-231886559-199882026-1001_Classes"}
1263.  
1264. Returned value:
1265.  
1266. 0x0
1267.  
1268. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1269. Arguments:
1270.  
1271. {"OpenOptions":"0x0","KeyHandle":"0x18d734","objectName":"CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}","DesiredAccess":"0x20019"}
1272.  
1273. Returned value:
1274.  
1275. 0xc0000034
1276.  
1277. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1278. Arguments:
1279.  
1280. {"OpenOptions":"0x0","KeyHandle":"0x18d734","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}","DesiredAccess":"0x20019"}
1281.  
1282. Returned value:
1283.  
1284. 0x0
1285.  
1286. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1287. Arguments:
1288.  
1289. {"OpenOptions":"0x0","KeyHandle":"0x18d718","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\TreatAs","DesiredAccess":"0x20019"}
1290.  
1291. Returned value:
1292.  
1293. 0xc0000034
1294.  
1295. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1296. Arguments:
1297.  
1298. {"OpenOptions":"0x0","KeyHandle":"0x18d718","objectName":"TreatAs","DesiredAccess":"0x20019"}
1299.  
1300. Returned value:
1301.  
1302. 0xc0000034
1303.  
1304. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
1305. Arguments:
1306.  
1307. {"objectName":"\\??\\C:\\Windows\\system32\\propsys.dll"}
1308.  
1309. Returned value:
1310.  
1311. 0x0
1312.  
1313. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
1314. Arguments:
1315.  
1316. {"FileHandle":"0x18d324","objectName":"\\??\\C:\\Windows\\system32\\propsys.dll"}
1317.  
1318. Returned value:
1319.  
1320. null
1321.  
1322. KernelBase.dll! LoadLibraryExA #misc (#2236) important_document.exe
1323. Arguments:
1324.  
1325. {"lpFileName":"ADVAPI32.dll"}
1326.  
1327. Returned value:
1328.  
1329. 0x77300000
1330.  
1331. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
1332. Arguments:
1333.  
1334. {"lpProcName":"RegisterTraceGuidsW","hModule":"wmi.dll"}
1335.  
1336. Returned value:
1337.  
1338. 0x77a1f843
1339.  
1340. KernelBase.dll! LoadLibraryExW #misc (#2236) important_document.exe
1341. Arguments:
1342.  
1343. {"lpFileName":"propsys.dll"}
1344.  
1345. Returned value:
1346.  
1347. 0x726d0000
1348.  
1349. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
1350. Arguments:
1351.  
1352. {"lpProcName":"EventRegister","hModule":"api-ms-win-eventing-provider-l1-1-0.dll"}
1353.  
1354. Returned value:
1355.  
1356. 0x77a1f6ba
1357.  
1358. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
1359. Arguments:
1360.  
1361. {"lpProcName":"EventUnregister","hModule":"api-ms-win-eventing-provider-l1-1-0.dll"}
1362.  
1363. Returned value:
1364.  
1365. 0x77a39241
1366.  
1367. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
1368. Arguments:
1369.  
1370. {"lpProcName":"EventEnabled","hModule":"api-ms-win-eventing-provider-l1-1-0.dll"}
1371.  
1372. Returned value:
1373.  
1374. 0x77a188e2
1375.  
1376. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
1377. Arguments:
1378.  
1379. {"lpProcName":"EventWrite","hModule":"api-ms-win-eventing-provider-l1-1-0.dll"}
1380.  
1381. Returned value:
1382.  
1383. 0x77a40c59
1384.  
1385. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
1386. Arguments:
1387.  
1388. {"FileHandle":"0x18d668","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Caches"}
1389.  
1390. Returned value:
1391.  
1392. null
1393.  
1394. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
1395. Arguments:
1396.  
1397. {"FileHandle":"0x18da8c","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db"}
1398.  
1399. Returned value:
1400.  
1401. null
1402.  
1403. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
1404. Arguments:
1405.  
1406. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db","dwDesiredAccess":"0x80000000","dwShareMode":"0x3"}
1407.  
1408. Returned value:
1409.  
1410. 0x1c0
1411.  
1412. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
1413. Arguments:
1414.  
1415. {"lpProcName":"InitializeSecurityDescriptor","hModule":"KernelBase.dll"}
1416.  
1417. Returned value:
1418.  
1419. 0x77314620
1420.  
1421. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
1422. Arguments:
1423.  
1424. {"lpProcName":"SetEntriesInAclW","hModule":"advapi32.dll"}
1425.  
1426. Returned value:
1427.  
1428. 0x77312a66
1429.  
1430. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1431. Arguments:
1432.  
1433. {"OpenOptions":"0x0","KeyHandle":"0x18d620","objectName":"System\\CurrentControlSet\\Control\\LSA\\AccessProviders","DesiredAccess":"0x20019"}
1434.  
1435. Returned value:
1436.  
1437. 0x0
1438.  
1439. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
1440. Arguments:
1441.  
1442. {"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\ntmarta.dll"}
1443.  
1444. Returned value:
1445.  
1446. 0xc0000034
1447.  
1448. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
1449. Arguments:
1450.  
1451. {"objectName":"\\??\\C:\\Windows\\system32\\ntmarta.dll"}
1452.  
1453. Returned value:
1454.  
1455. 0x0
1456.  
1457. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
1458. Arguments:
1459.  
1460. {"FileHandle":"0x18d3dc","objectName":"\\??\\C:\\Windows\\system32\\ntmarta.dll"}
1461.  
1462. Returned value:
1463.  
1464. null
1465.  
1466. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1467. Arguments:
1468.  
1469. {"OpenOptions":"0x0","KeyHandle":"0x18d23c","objectName":"System\\CurrentControlSet\\Services\\LDAP","DesiredAccess":"0x20019"}
1470.  
1471. Returned value:
1472.  
1473. 0x0
1474.  
1475. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1476. Arguments:
1477.  
1478. {"OpenOptions":"0x0","KeyHandle":"0x18d240","objectName":"System\\CurrentControlSet\\Services\\LDAP","DesiredAccess":"0x20019"}
1479.  
1480. Returned value:
1481.  
1482. 0x0
1483.  
1484. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1485. Arguments:
1486.  
1487. {"OpenOptions":"0x0","KeyHandle":"0x18d240","objectName":"System\\CurrentControlSet\\Services\\LDAP","DesiredAccess":"0x20019"}
1488.  
1489. Returned value:
1490.  
1491. 0x0
1492.  
1493. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
1494. Arguments:
1495.  
1496. {"lpProcName":"GetMartaExtensionInterface","hModule":"ntmarta.dll"}
1497.  
1498. Returned value:
1499.  
1500. 0x741c21f2
1501.  
1502. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
1503. Arguments:
1504.  
1505. {"lpProcName":"SetSecurityDescriptorDacl","hModule":"KernelBase.dll"}
1506.  
1507. Returned value:
1508.  
1509. 0x7731415e
1510.  
1511. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
1512. Arguments:
1513.  
1514. {"FileHandle":"0x18e0c8","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db"}
1515.  
1516. Returned value:
1517.  
1518. null
1519.  
1520. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
1521. Arguments:
1522.  
1523. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db","dwDesiredAccess":"0x80000000","dwShareMode":"0x1"}
1524.  
1525. Returned value:
1526.  
1527. 0x1c0
1528.  
1529. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
1530. Arguments:
1531.  
1532. {"FileHandle":"0x18e51c","objectName":"\\??\\C:\\Users\\desktop.ini"}
1533.  
1534. Returned value:
1535.  
1536. null
1537.  
1538. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
1539. Arguments:
1540.  
1541. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x8000000","lpFileName":"C:\\Users\\desktop.ini","dwDesiredAccess":"0x80000000","dwShareMode":"0x7"}
1542.  
1543. Returned value:
1544.  
1545. 0x1c4
1546.  
1547. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1548. Arguments:
1549.  
1550. {"OpenOptions":"0x0","KeyHandle":"0x18e474","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
1551.  
1552. Returned value:
1553.  
1554. 0x0
1555.  
1556. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1557. Arguments:
1558.  
1559. {"OpenOptions":"0x0","KeyHandle":"0x18e474","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
1560.  
1561. Returned value:
1562.  
1563. 0xc0000034
1564.  
1565. KernelBase.dll! LoadLibraryExA #misc (#2236) important_document.exe
1566. Arguments:
1567.  
1568. {"lpFileName":"ADVAPI32.dll"}
1569.  
1570. Returned value:
1571.  
1572. 0x77300000
1573.  
1574. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
1575. Arguments:
1576.  
1577. {"lpProcName":"OpenThreadToken","hModule":"KernelBase.dll"}
1578.  
1579. Returned value:
1580.  
1581. 0x7731432c
1582.  
1583. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1584. Arguments:
1585.  
1586. {"OpenOptions":"0x0","KeyHandle":"0x18e644","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer","DesiredAccess":"0x1"}
1587.  
1588. Returned value:
1589.  
1590. 0x0
1591.  
1592. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1593. Arguments:
1594.  
1595. {"OpenOptions":"0x0","KeyHandle":"0x18e644","objectName":"","DesiredAccess":"0x1"}
1596.  
1597. Returned value:
1598.  
1599. 0x0
1600.  
1601. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1602. Arguments:
1603.  
1604. {"OpenOptions":"0x0","KeyHandle":"0x18e3f0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
1605.  
1606. Returned value:
1607.  
1608. 0x0
1609.  
1610. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1611. Arguments:
1612.  
1613. {"OpenOptions":"0x0","KeyHandle":"0x18e3f0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
1614.  
1615. Returned value:
1616.  
1617. 0xc0000034
1618.  
1619. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1620. Arguments:
1621.  
1622. {"OpenOptions":"0x0","KeyHandle":"0x18e3f0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
1623.  
1624. Returned value:
1625.  
1626. 0x0
1627.  
1628. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1629. Arguments:
1630.  
1631. {"OpenOptions":"0x0","KeyHandle":"0x18e3f0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
1632.  
1633. Returned value:
1634.  
1635. 0xc0000034
1636.  
1637. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1638. Arguments:
1639.  
1640. {"OpenOptions":"0x0","KeyHandle":"0x18e3f0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
1641.  
1642. Returned value:
1643.  
1644. 0x0
1645.  
1646. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1647. Arguments:
1648.  
1649. {"OpenOptions":"0x0","KeyHandle":"0x18e3f0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
1650.  
1651. Returned value:
1652.  
1653. 0xc0000034
1654.  
1655. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1656. Arguments:
1657.  
1658. {"OpenOptions":"0x0","KeyHandle":"0x18e3f0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
1659.  
1660. Returned value:
1661.  
1662. 0x0
1663.  
1664. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1665. Arguments:
1666.  
1667. {"OpenOptions":"0x0","KeyHandle":"0x18e3f0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
1668.  
1669. Returned value:
1670.  
1671. 0xc0000034
1672.  
1673. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1674. Arguments:
1675.  
1676. {"OpenOptions":"0x0","KeyHandle":"0x18e3f0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
1677.  
1678. Returned value:
1679.  
1680. 0x0
1681.  
1682. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1683. Arguments:
1684.  
1685. {"OpenOptions":"0x0","KeyHandle":"0x18e3f0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DesiredAccess":"0x1"}
1686.  
1687. Returned value:
1688.  
1689. 0xc0000034
1690.  
1691. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1692. Arguments:
1693.  
1694. {"OpenOptions":"0x0","KeyHandle":"0x18e5e4","objectName":"Advanced","DesiredAccess":"0x1"}
1695.  
1696. Returned value:
1697.  
1698. 0x0
1699.  
1700. KernelBase.dll! LoadLibraryExA #misc (#2236) important_document.exe
1701. Arguments:
1702.  
1703. {"lpFileName":"SHELL32.dll"}
1704.  
1705. Returned value:
1706.  
1707. 0x75d90000
1708.  
1709. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
1710. Arguments:
1711.  
1712. {"lpProcName":"0x66","hModule":null}
1713.  
1714. Returned value:
1715.  
1716. 0x75e2b7d9
1717.  
1718. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1719. Arguments:
1720.  
1721. {"OpenOptions":"0x0","KeyHandle":"0x7e137c","objectName":"Software\\Microsoft\\Windows\\Shell\\RegisteredApplications\\UrlAssociations\\Directory\\OpenWithProgids","DesiredAccess":"0x20019"}
1722.  
1723. Returned value:
1724.  
1725. 0xc0000034
1726.  
1727. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1728. Arguments:
1729.  
1730. {"OpenOptions":"0x0","KeyHandle":"0x7e137c","objectName":"Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\Directory","DesiredAccess":"0x20019"}
1731.  
1732. Returned value:
1733.  
1734. 0xc0000034
1735.  
1736. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1737. Arguments:
1738.  
1739. {"OpenOptions":"0x0","KeyHandle":"0x18e508","objectName":"Directory","DesiredAccess":"0x20019"}
1740.  
1741. Returned value:
1742.  
1743. 0xc0000034
1744.  
1745. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1746. Arguments:
1747.  
1748. {"OpenOptions":"0x0","KeyHandle":"0x18e508","objectName":"\\Registry\\Machine\\Software\\Classes\\Directory","DesiredAccess":"0x20019"}
1749.  
1750. Returned value:
1751.  
1752. 0x0
1753.  
1754. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1755. Arguments:
1756.  
1757. {"OpenOptions":"0x0","KeyHandle":"0x18e480","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Directory\\CurVer","DesiredAccess":"0x1"}
1758.  
1759. Returned value:
1760.  
1761. 0xc0000034
1762.  
1763. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1764. Arguments:
1765.  
1766. {"OpenOptions":"0x0","KeyHandle":"0x18e480","objectName":"CurVer","DesiredAccess":"0x1"}
1767.  
1768. Returned value:
1769.  
1770. 0xc0000034
1771.  
1772. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1773. Arguments:
1774.  
1775. {"OpenOptions":"0x0","KeyHandle":"0x18e500","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Directory","DesiredAccess":"0x20019"}
1776.  
1777. Returned value:
1778.  
1779. 0xc0000034
1780.  
1781. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1782. Arguments:
1783.  
1784. {"OpenOptions":"0x0","KeyHandle":"0x18e500","objectName":"","DesiredAccess":"0x20019"}
1785.  
1786. Returned value:
1787.  
1788. 0x0
1789.  
1790. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1791. Arguments:
1792.  
1793. {"OpenOptions":"0x0","KeyHandle":"0x7e137c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Directory","DesiredAccess":"0x20019"}
1794.  
1795. Returned value:
1796.  
1797. 0xc0000034
1798.  
1799. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1800. Arguments:
1801.  
1802. {"OpenOptions":"0x0","KeyHandle":"0x7e137c","objectName":"","DesiredAccess":"0x20019"}
1803.  
1804. Returned value:
1805.  
1806. 0x0
1807.  
1808. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1809. Arguments:
1810.  
1811. {"OpenOptions":"0x0","KeyHandle":"0x18e4cc","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Directory\\ShellEx\\IconHandler","DesiredAccess":"0x1"}
1812.  
1813. Returned value:
1814.  
1815. 0xc0000034
1816.  
1817. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1818. Arguments:
1819.  
1820. {"OpenOptions":"0x0","KeyHandle":"0x18e4cc","objectName":"ShellEx\\IconHandler","DesiredAccess":"0x1"}
1821.  
1822. Returned value:
1823.  
1824. 0xc0000034
1825.  
1826. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1827. Arguments:
1828.  
1829. {"OpenOptions":"0x0","KeyHandle":"0x7e1394","objectName":"Folder","DesiredAccess":"0x20019"}
1830.  
1831. Returned value:
1832.  
1833. 0xc0000034
1834.  
1835. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1836. Arguments:
1837.  
1838. {"OpenOptions":"0x0","KeyHandle":"0x7e1394","objectName":"\\Registry\\Machine\\Software\\Classes\\Folder","DesiredAccess":"0x20019"}
1839.  
1840. Returned value:
1841.  
1842. 0x0
1843.  
1844. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1845. Arguments:
1846.  
1847. {"OpenOptions":"0x0","KeyHandle":"0x18e4cc","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Folder\\ShellEx\\IconHandler","DesiredAccess":"0x1"}
1848.  
1849. Returned value:
1850.  
1851. 0xc0000034
1852.  
1853. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1854. Arguments:
1855.  
1856. {"OpenOptions":"0x0","KeyHandle":"0x18e4cc","objectName":"ShellEx\\IconHandler","DesiredAccess":"0x1"}
1857.  
1858. Returned value:
1859.  
1860. 0xc0000034
1861.  
1862. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1863. Arguments:
1864.  
1865. {"OpenOptions":"0x0","KeyHandle":"0x7e13ac","objectName":"AllFilesystemObjects","DesiredAccess":"0x20019"}
1866.  
1867. Returned value:
1868.  
1869. 0xc0000034
1870.  
1871. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1872. Arguments:
1873.  
1874. {"OpenOptions":"0x0","KeyHandle":"0x7e13ac","objectName":"\\Registry\\Machine\\Software\\Classes\\AllFilesystemObjects","DesiredAccess":"0x20019"}
1875.  
1876. Returned value:
1877.  
1878. 0x0
1879.  
1880. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1881. Arguments:
1882.  
1883. {"OpenOptions":"0x0","KeyHandle":"0x18e4cc","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\AllFilesystemObjects\\ShellEx\\IconHandler","DesiredAccess":"0x1"}
1884.  
1885. Returned value:
1886.  
1887. 0xc0000034
1888.  
1889. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1890. Arguments:
1891.  
1892. {"OpenOptions":"0x0","KeyHandle":"0x18e4cc","objectName":"ShellEx\\IconHandler","DesiredAccess":"0x1"}
1893.  
1894. Returned value:
1895.  
1896. 0xc0000034
1897.  
1898. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1899. Arguments:
1900.  
1901. {"OpenOptions":"0x0","KeyHandle":"0x18e474","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Directory","DesiredAccess":"0x2000000"}
1902.  
1903. Returned value:
1904.  
1905. 0xc0000034
1906.  
1907. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1908. Arguments:
1909.  
1910. {"OpenOptions":"0x0","KeyHandle":"0x18e60c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Directory\\DocObject","DesiredAccess":"0x1"}
1911.  
1912. Returned value:
1913.  
1914. 0xc0000034
1915.  
1916. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1917. Arguments:
1918.  
1919. {"OpenOptions":"0x0","KeyHandle":"0x18e60c","objectName":"DocObject","DesiredAccess":"0x1"}
1920.  
1921. Returned value:
1922.  
1923. 0xc0000034
1924.  
1925. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1926. Arguments:
1927.  
1928. {"OpenOptions":"0x0","KeyHandle":"0x18e474","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Folder","DesiredAccess":"0x2000000"}
1929.  
1930. Returned value:
1931.  
1932. 0xc0000034
1933.  
1934. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1935. Arguments:
1936.  
1937. {"OpenOptions":"0x0","KeyHandle":"0x18e60c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Folder\\DocObject","DesiredAccess":"0x1"}
1938.  
1939. Returned value:
1940.  
1941. 0xc0000034
1942.  
1943. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1944. Arguments:
1945.  
1946. {"OpenOptions":"0x0","KeyHandle":"0x18e60c","objectName":"DocObject","DesiredAccess":"0x1"}
1947.  
1948. Returned value:
1949.  
1950. 0xc0000034
1951.  
1952. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1953. Arguments:
1954.  
1955. {"OpenOptions":"0x0","KeyHandle":"0x18e474","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\AllFilesystemObjects","DesiredAccess":"0x2000000"}
1956.  
1957. Returned value:
1958.  
1959. 0xc0000034
1960.  
1961. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1962. Arguments:
1963.  
1964. {"OpenOptions":"0x0","KeyHandle":"0x18e60c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\AllFilesystemObjects\\DocObject","DesiredAccess":"0x1"}
1965.  
1966. Returned value:
1967.  
1968. 0xc0000034
1969.  
1970. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1971. Arguments:
1972.  
1973. {"OpenOptions":"0x0","KeyHandle":"0x18e60c","objectName":"DocObject","DesiredAccess":"0x1"}
1974.  
1975. Returned value:
1976.  
1977. 0xc0000034
1978.  
1979. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1980. Arguments:
1981.  
1982. {"OpenOptions":"0x0","KeyHandle":"0x18e474","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Directory","DesiredAccess":"0x2000000"}
1983.  
1984. Returned value:
1985.  
1986. 0xc0000034
1987.  
1988. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1989. Arguments:
1990.  
1991. {"OpenOptions":"0x0","KeyHandle":"0x18e60c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Directory\\BrowseInPlace","DesiredAccess":"0x1"}
1992.  
1993. Returned value:
1994.  
1995. 0xc0000034
1996.  
1997. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
1998. Arguments:
1999.  
2000. {"OpenOptions":"0x0","KeyHandle":"0x18e60c","objectName":"BrowseInPlace","DesiredAccess":"0x1"}
2001.  
2002. Returned value:
2003.  
2004. 0xc0000034
2005.  
2006. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2007. Arguments:
2008.  
2009. {"OpenOptions":"0x0","KeyHandle":"0x18e474","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Folder","DesiredAccess":"0x2000000"}
2010.  
2011. Returned value:
2012.  
2013. 0xc0000034
2014.  
2015. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2016. Arguments:
2017.  
2018. {"OpenOptions":"0x0","KeyHandle":"0x18e60c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Folder\\BrowseInPlace","DesiredAccess":"0x1"}
2019.  
2020. Returned value:
2021.  
2022. 0xc0000034
2023.  
2024. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2025. Arguments:
2026.  
2027. {"OpenOptions":"0x0","KeyHandle":"0x18e60c","objectName":"BrowseInPlace","DesiredAccess":"0x1"}
2028.  
2029. Returned value:
2030.  
2031. 0xc0000034
2032.  
2033. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2034. Arguments:
2035.  
2036. {"OpenOptions":"0x0","KeyHandle":"0x18e474","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\AllFilesystemObjects","DesiredAccess":"0x2000000"}
2037.  
2038. Returned value:
2039.  
2040. 0xc0000034
2041.  
2042. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2043. Arguments:
2044.  
2045. {"OpenOptions":"0x0","KeyHandle":"0x18e60c","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\AllFilesystemObjects\\BrowseInPlace","DesiredAccess":"0x1"}
2046.  
2047. Returned value:
2048.  
2049. 0xc0000034
2050.  
2051. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2052. Arguments:
2053.  
2054. {"OpenOptions":"0x0","KeyHandle":"0x18e60c","objectName":"BrowseInPlace","DesiredAccess":"0x1"}
2055.  
2056. Returned value:
2057.  
2058. 0xc0000034
2059.  
2060. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2061. Arguments:
2062.  
2063. {"OpenOptions":"0x0","KeyHandle":"0x18e1d4","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Directory\\Clsid","DesiredAccess":"0x1"}
2064.  
2065. Returned value:
2066.  
2067. 0xc0000034
2068.  
2069. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2070. Arguments:
2071.  
2072. {"OpenOptions":"0x0","KeyHandle":"0x18e1d4","objectName":"Clsid","DesiredAccess":"0x1"}
2073.  
2074. Returned value:
2075.  
2076. 0xc0000034
2077.  
2078. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2079. Arguments:
2080.  
2081. {"OpenOptions":"0x0","KeyHandle":"0x18e1f8","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Folder\\Clsid","DesiredAccess":"0x1"}
2082.  
2083. Returned value:
2084.  
2085. 0xc0000034
2086.  
2087. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2088. Arguments:
2089.  
2090. {"OpenOptions":"0x0","KeyHandle":"0x18e1f8","objectName":"Clsid","DesiredAccess":"0x1"}
2091.  
2092. Returned value:
2093.  
2094. 0xc0000034
2095.  
2096. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2097. Arguments:
2098.  
2099. {"OpenOptions":"0x0","KeyHandle":"0x18e1f8","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\AllFilesystemObjects\\Clsid","DesiredAccess":"0x1"}
2100.  
2101. Returned value:
2102.  
2103. 0xc0000034
2104.  
2105. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2106. Arguments:
2107.  
2108. {"OpenOptions":"0x0","KeyHandle":"0x18e1f8","objectName":"Clsid","DesiredAccess":"0x1"}
2109.  
2110. Returned value:
2111.  
2112. 0xc0000034
2113.  
2114. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2115. Arguments:
2116.  
2117. {"OpenOptions":"0x0","KeyHandle":"0x18e474","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Directory","DesiredAccess":"0x2000000"}
2118.  
2119. Returned value:
2120.  
2121. 0xc0000034
2122.  
2123. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2124. Arguments:
2125.  
2126. {"OpenOptions":"0x0","KeyHandle":"0x18e474","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Folder","DesiredAccess":"0x2000000"}
2127.  
2128. Returned value:
2129.  
2130. 0xc0000034
2131.  
2132. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2133. Arguments:
2134.  
2135. {"OpenOptions":"0x0","KeyHandle":"0x18e474","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\AllFilesystemObjects","DesiredAccess":"0x2000000"}
2136.  
2137. Returned value:
2138.  
2139. 0xc0000034
2140.  
2141. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2142. Arguments:
2143.  
2144. {"OpenOptions":"0x0","KeyHandle":"0x18e474","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Directory","DesiredAccess":"0x2000000"}
2145.  
2146. Returned value:
2147.  
2148. 0xc0000034
2149.  
2150. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2151. Arguments:
2152.  
2153. {"OpenOptions":"0x0","KeyHandle":"0x18e474","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Directory","DesiredAccess":"0x2000000"}
2154.  
2155. Returned value:
2156.  
2157. 0xc0000034
2158.  
2159. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2160. Arguments:
2161.  
2162. {"OpenOptions":"0x0","KeyHandle":"0x18e474","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Folder","DesiredAccess":"0x2000000"}
2163.  
2164. Returned value:
2165.  
2166. 0xc0000034
2167.  
2168. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2169. Arguments:
2170.  
2171. {"OpenOptions":"0x0","KeyHandle":"0x18e474","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\AllFilesystemObjects","DesiredAccess":"0x2000000"}
2172.  
2173. Returned value:
2174.  
2175. 0xc0000034
2176.  
2177. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
2178. Arguments:
2179.  
2180. {"FileHandle":"0x18db20","objectName":"\\??\\C:\\Users"}
2181.  
2182. Returned value:
2183.  
2184. null
2185.  
2186. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
2187. Arguments:
2188.  
2189. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
2190.  
2191. Returned value:
2192.  
2193. 0x1f0
2194.  
2195. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
2196. Arguments:
2197.  
2198. {"FileHandle":"0x18d5cc","objectName":"\\??\\C:\\Users\\admin"}
2199.  
2200. Returned value:
2201.  
2202. null
2203.  
2204. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
2205. Arguments:
2206.  
2207. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users\\admin","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
2208.  
2209. Returned value:
2210.  
2211. 0x1f0
2212.  
2213. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
2214. Arguments:
2215.  
2216. {"FileHandle":"0x18da74","objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\desktop.ini"}
2217.  
2218. Returned value:
2219.  
2220. null
2221.  
2222. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
2223. Arguments:
2224.  
2225. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x8000000","lpFileName":"C:\\Users\\<USER>\\Downloads\\desktop.ini","dwDesiredAccess":"0x80000000","dwShareMode":"0x7"}
2226.  
2227. Returned value:
2228.  
2229. 0x1f0
2230.  
2231. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2232. Arguments:
2233.  
2234. {"OpenOptions":"0x0","KeyHandle":"0x18ef30","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
2235.  
2236. Returned value:
2237.  
2238. 0x0
2239.  
2240. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2241. Arguments:
2242.  
2243. {"OpenOptions":"0x0","KeyHandle":"0x18f06c","objectName":"{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}","DesiredAccess":"0x20019"}
2244.  
2245. Returned value:
2246.  
2247. 0x0
2248.  
2249. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2250. Arguments:
2251.  
2252. {"OpenOptions":"0x0","KeyHandle":"0x7ca6c4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
2253.  
2254. Returned value:
2255.  
2256. 0x0
2257.  
2258. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2259. Arguments:
2260.  
2261. {"OpenOptions":"0x0","KeyHandle":"0x18ee30","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
2262.  
2263. Returned value:
2264.  
2265. 0x0
2266.  
2267. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2268. Arguments:
2269.  
2270. {"OpenOptions":"0x0","KeyHandle":"0x18eea8","objectName":"KnownFolders","DesiredAccess":"0x1"}
2271.  
2272. Returned value:
2273.  
2274. 0xc0000034
2275.  
2276. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
2277. Arguments:
2278.  
2279. {"DesiredAccess":"0x20019","KeyHandle":"0x18f178","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001"}
2280.  
2281. Returned value:
2282.  
2283. 0x0
2284.  
2285. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2286. Arguments:
2287.  
2288. {"OpenOptions":"0x0","KeyHandle":"0x18f1c0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
2289.  
2290. Returned value:
2291.  
2292. 0x0
2293.  
2294. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
2295. Arguments:
2296.  
2297. {"FileHandle":"0x18d7c4","objectName":"\\??\\C:\\Users\\<USER>\\Desktop\\desktop.ini"}
2298.  
2299. Returned value:
2300.  
2301. null
2302.  
2303. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
2304. Arguments:
2305.  
2306. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x8000000","lpFileName":"C:\\Users\\<USER>\\Desktop\\desktop.ini","dwDesiredAccess":"0x80000000","dwShareMode":"0x7"}
2307.  
2308. Returned value:
2309.  
2310. 0x1f8
2311.  
2312. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2313. Arguments:
2314.  
2315. {"OpenOptions":"0x0","KeyHandle":"0x18f35c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings","DesiredAccess":"0x1"}
2316.  
2317. Returned value:
2318.  
2319. 0xc0000034
2320.  
2321. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2322. Arguments:
2323.  
2324. {"OpenOptions":"0x0","KeyHandle":"0x18f35c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings","DesiredAccess":"0x1"}
2325.  
2326. Returned value:
2327.  
2328. 0xc0000034
2329.  
2330. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2331. Arguments:
2332.  
2333. {"OpenOptions":"0x0","KeyHandle":"0x18ef30","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
2334.  
2335. Returned value:
2336.  
2337. 0x0
2338.  
2339. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2340. Arguments:
2341.  
2342. {"OpenOptions":"0x0","KeyHandle":"0x18f06c","objectName":"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}","DesiredAccess":"0x20019"}
2343.  
2344. Returned value:
2345.  
2346. 0x0
2347.  
2348. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2349. Arguments:
2350.  
2351. {"OpenOptions":"0x0","KeyHandle":"0x7e6934","objectName":"PropertyBag","DesiredAccess":"0x20019"}
2352.  
2353. Returned value:
2354.  
2355. 0xc0000034
2356.  
2357. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2358. Arguments:
2359.  
2360. {"OpenOptions":"0x0","KeyHandle":"0x18ee30","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
2361.  
2362. Returned value:
2363.  
2364. 0x0
2365.  
2366. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2367. Arguments:
2368.  
2369. {"OpenOptions":"0x0","KeyHandle":"0x18eea8","objectName":"KnownFolders","DesiredAccess":"0x1"}
2370.  
2371. Returned value:
2372.  
2373. 0xc0000034
2374.  
2375. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
2376. Arguments:
2377.  
2378. {"DesiredAccess":"0x20019","KeyHandle":"0x18f178","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001"}
2379.  
2380. Returned value:
2381.  
2382. 0x0
2383.  
2384. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2385. Arguments:
2386.  
2387. {"OpenOptions":"0x0","KeyHandle":"0x18f1c0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
2388.  
2389. Returned value:
2390.  
2391. 0x0
2392.  
2393. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2394. Arguments:
2395.  
2396. {"OpenOptions":"0x0","KeyHandle":"0x18ed1c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
2397.  
2398. Returned value:
2399.  
2400. 0x0
2401.  
2402. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2403. Arguments:
2404.  
2405. {"OpenOptions":"0x0","KeyHandle":"0x18ee58","objectName":"{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}","DesiredAccess":"0x20019"}
2406.  
2407. Returned value:
2408.  
2409. 0x0
2410.  
2411. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2412. Arguments:
2413.  
2414. {"OpenOptions":"0x0","KeyHandle":"0x7e6954","objectName":"PropertyBag","DesiredAccess":"0x20019"}
2415.  
2416. Returned value:
2417.  
2418. 0xc0000034
2419.  
2420. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2421. Arguments:
2422.  
2423. {"OpenOptions":"0x0","KeyHandle":"0x18ee30","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
2424.  
2425. Returned value:
2426.  
2427. 0x0
2428.  
2429. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2430. Arguments:
2431.  
2432. {"OpenOptions":"0x0","KeyHandle":"0x18eea8","objectName":"KnownFolders","DesiredAccess":"0x1"}
2433.  
2434. Returned value:
2435.  
2436. 0xc0000034
2437.  
2438. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2439. Arguments:
2440.  
2441. {"OpenOptions":"0x0","KeyHandle":"0x18ef30","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
2442.  
2443. Returned value:
2444.  
2445. 0x0
2446.  
2447. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2448. Arguments:
2449.  
2450. {"OpenOptions":"0x0","KeyHandle":"0x18f06c","objectName":"{5E6C858F-0E22-4760-9AFE-EA3317B67173}","DesiredAccess":"0x20019"}
2451.  
2452. Returned value:
2453.  
2454. 0x0
2455.  
2456. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2457. Arguments:
2458.  
2459. {"OpenOptions":"0x0","KeyHandle":"0x7e6974","objectName":"PropertyBag","DesiredAccess":"0x20019"}
2460.  
2461. Returned value:
2462.  
2463. 0xc0000034
2464.  
2465. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2466. Arguments:
2467.  
2468. {"OpenOptions":"0x0","KeyHandle":"0x18cf0c","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-364843204-231886559-199882026-1001","DesiredAccess":"0x20019"}
2469.  
2470. Returned value:
2471.  
2472. 0x0
2473.  
2474. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2475. Arguments:
2476.  
2477. {"OpenOptions":"0x0","KeyHandle":"0x18ef30","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
2478.  
2479. Returned value:
2480.  
2481. 0x0
2482.  
2483. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2484. Arguments:
2485.  
2486. {"OpenOptions":"0x0","KeyHandle":"0x18f06c","objectName":"{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}","DesiredAccess":"0x20019"}
2487.  
2488. Returned value:
2489.  
2490. 0x0
2491.  
2492. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2493. Arguments:
2494.  
2495. {"OpenOptions":"0x0","KeyHandle":"0x7e6994","objectName":"PropertyBag","DesiredAccess":"0x20019"}
2496.  
2497. Returned value:
2498.  
2499. 0x0
2500.  
2501. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2502. Arguments:
2503.  
2504. {"OpenOptions":"0x0","KeyHandle":"0x18f128","objectName":"CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x1"}
2505.  
2506. Returned value:
2507.  
2508. 0xc0000034
2509.  
2510. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2511. Arguments:
2512.  
2513. {"OpenOptions":"0x0","KeyHandle":"0x18f128","objectName":"\\Registry\\Machine\\Software\\Classes\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x1"}
2514.  
2515. Returned value:
2516.  
2517. 0x0
2518.  
2519. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2520. Arguments:
2521.  
2522. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2523.  
2524. Returned value:
2525.  
2526. 0xc0000034
2527.  
2528. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2529. Arguments:
2530.  
2531. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2532.  
2533. Returned value:
2534.  
2535. 0xc0000034
2536.  
2537. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2538. Arguments:
2539.  
2540. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2541.  
2542. Returned value:
2543.  
2544. 0xc0000034
2545.  
2546. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2547. Arguments:
2548.  
2549. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2550.  
2551. Returned value:
2552.  
2553. 0xc0000034
2554.  
2555. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2556. Arguments:
2557.  
2558. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2559.  
2560. Returned value:
2561.  
2562. 0xc0000034
2563.  
2564. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2565. Arguments:
2566.  
2567. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2568.  
2569. Returned value:
2570.  
2571. 0xc0000034
2572.  
2573. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2574. Arguments:
2575.  
2576. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2577.  
2578. Returned value:
2579.  
2580. 0xc0000034
2581.  
2582. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2583. Arguments:
2584.  
2585. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2586.  
2587. Returned value:
2588.  
2589. 0xc0000034
2590.  
2591. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2592. Arguments:
2593.  
2594. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2595.  
2596. Returned value:
2597.  
2598. 0xc0000034
2599.  
2600. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2601. Arguments:
2602.  
2603. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2604.  
2605. Returned value:
2606.  
2607. 0xc0000034
2608.  
2609. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2610. Arguments:
2611.  
2612. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2613.  
2614. Returned value:
2615.  
2616. 0xc0000034
2617.  
2618. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2619. Arguments:
2620.  
2621. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2622.  
2623. Returned value:
2624.  
2625. 0xc0000034
2626.  
2627. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2628. Arguments:
2629.  
2630. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2631.  
2632. Returned value:
2633.  
2634. 0xc0000034
2635.  
2636. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2637. Arguments:
2638.  
2639. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2640.  
2641. Returned value:
2642.  
2643. 0xc0000034
2644.  
2645. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2646. Arguments:
2647.  
2648. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2649.  
2650. Returned value:
2651.  
2652. 0xc0000034
2653.  
2654. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2655. Arguments:
2656.  
2657. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2658.  
2659. Returned value:
2660.  
2661. 0xc0000034
2662.  
2663. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2664. Arguments:
2665.  
2666. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2667.  
2668. Returned value:
2669.  
2670. 0xc0000034
2671.  
2672. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2673. Arguments:
2674.  
2675. {"OpenOptions":"0x0","KeyHandle":"0x18ef38","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001_Classes\\Wow6432Node\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x2000000"}
2676.  
2677. Returned value:
2678.  
2679. 0xc0000034
2680.  
2681. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2682. Arguments:
2683.  
2684. {"OpenOptions":"0x0","KeyHandle":"0x18f0c8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x1"}
2685.  
2686. Returned value:
2687.  
2688. 0xc0000034
2689.  
2690. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2691. Arguments:
2692.  
2693. {"OpenOptions":"0x0","KeyHandle":"0x18f0c8","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder","DesiredAccess":"0x1"}
2694.  
2695. Returned value:
2696.  
2697. 0xc0000034
2698.  
2699. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2700. Arguments:
2701.  
2702. {"OpenOptions":"0x0","KeyHandle":"0x18f05c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum","DesiredAccess":"0x1"}
2703.  
2704. Returned value:
2705.  
2706. 0xc0000034
2707.  
2708. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2709. Arguments:
2710.  
2711. {"OpenOptions":"0x0","KeyHandle":"0x18f05c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum","DesiredAccess":"0x1"}
2712.  
2713. Returned value:
2714.  
2715. 0x0
2716.  
2717. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2718. Arguments:
2719.  
2720. {"OpenOptions":"0x0","KeyHandle":"0x18ee34","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
2721.  
2722. Returned value:
2723.  
2724. 0x0
2725.  
2726. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2727. Arguments:
2728.  
2729. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
2730.  
2731. Returned value:
2732.  
2733. 0x0
2734.  
2735. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2736. Arguments:
2737.  
2738. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}","DesiredAccess":"0x20019"}
2739.  
2740. Returned value:
2741.  
2742. 0x0
2743.  
2744. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2745. Arguments:
2746.  
2747. {"OpenOptions":"0x0","KeyHandle":"0x7e6ab4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
2748.  
2749. Returned value:
2750.  
2751. 0xc0000034
2752.  
2753. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2754. Arguments:
2755.  
2756. {"OpenOptions":"0x0","KeyHandle":"0x18e96c","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
2757.  
2758. Returned value:
2759.  
2760. 0x0
2761.  
2762. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2763. Arguments:
2764.  
2765. {"OpenOptions":"0x0","KeyHandle":"0x18e9e4","objectName":"KnownFolders","DesiredAccess":"0x1"}
2766.  
2767. Returned value:
2768.  
2769. 0xc0000034
2770.  
2771. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
2772. Arguments:
2773.  
2774. {"DesiredAccess":"0x20019","KeyHandle":"0x18ecb4","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001"}
2775.  
2776. Returned value:
2777.  
2778. 0x0
2779.  
2780. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2781. Arguments:
2782.  
2783. {"OpenOptions":"0x0","KeyHandle":"0x18ecfc","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
2784.  
2785. Returned value:
2786.  
2787. 0x0
2788.  
2789. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2790. Arguments:
2791.  
2792. {"OpenOptions":"0x0","KeyHandle":"0x18ca48","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-364843204-231886559-199882026-1001","DesiredAccess":"0x20019"}
2793.  
2794. Returned value:
2795.  
2796. 0x0
2797.  
2798. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2799. Arguments:
2800.  
2801. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
2802.  
2803. Returned value:
2804.  
2805. 0x0
2806.  
2807. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2808. Arguments:
2809.  
2810. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}","DesiredAccess":"0x20019"}
2811.  
2812. Returned value:
2813.  
2814. 0x0
2815.  
2816. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2817. Arguments:
2818.  
2819. {"OpenOptions":"0x0","KeyHandle":"0x7e6ad4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
2820.  
2821. Returned value:
2822.  
2823. 0x0
2824.  
2825. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2826. Arguments:
2827.  
2828. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
2829.  
2830. Returned value:
2831.  
2832. 0x0
2833.  
2834. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2835. Arguments:
2836.  
2837. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}","DesiredAccess":"0x20019"}
2838.  
2839. Returned value:
2840.  
2841. 0x0
2842.  
2843. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2844. Arguments:
2845.  
2846. {"OpenOptions":"0x0","KeyHandle":"0x7e6ab4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
2847.  
2848. Returned value:
2849.  
2850. 0xc0000034
2851.  
2852. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2853. Arguments:
2854.  
2855. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
2856.  
2857. Returned value:
2858.  
2859. 0x0
2860.  
2861. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2862. Arguments:
2863.  
2864. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{2112AB0A-C86A-4FFE-A368-0DE96E47012E}","DesiredAccess":"0x20019"}
2865.  
2866. Returned value:
2867.  
2868. 0x0
2869.  
2870. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2871. Arguments:
2872.  
2873. {"OpenOptions":"0x0","KeyHandle":"0x7e6ab4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
2874.  
2875. Returned value:
2876.  
2877. 0x0
2878.  
2879. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2880. Arguments:
2881.  
2882. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
2883.  
2884. Returned value:
2885.  
2886. 0x0
2887.  
2888. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2889. Arguments:
2890.  
2891. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{48DAF80B-E6CF-4F4E-B800-0E69D84EE384}","DesiredAccess":"0x20019"}
2892.  
2893. Returned value:
2894.  
2895. 0x0
2896.  
2897. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2898. Arguments:
2899.  
2900. {"OpenOptions":"0x0","KeyHandle":"0x7e6b14","objectName":"PropertyBag","DesiredAccess":"0x20019"}
2901.  
2902. Returned value:
2903.  
2904. 0xc0000034
2905.  
2906. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2907. Arguments:
2908.  
2909. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
2910.  
2911. Returned value:
2912.  
2913. 0x0
2914.  
2915. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2916. Arguments:
2917.  
2918. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}","DesiredAccess":"0x20019"}
2919.  
2920. Returned value:
2921.  
2922. 0x0
2923.  
2924. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2925. Arguments:
2926.  
2927. {"OpenOptions":"0x0","KeyHandle":"0x7e6b14","objectName":"PropertyBag","DesiredAccess":"0x20019"}
2928.  
2929. Returned value:
2930.  
2931. 0xc0000034
2932.  
2933. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2934. Arguments:
2935.  
2936. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
2937.  
2938. Returned value:
2939.  
2940. 0x0
2941.  
2942. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2943. Arguments:
2944.  
2945. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{9E52AB10-F80D-49DF-ACB8-4330F5687855}","DesiredAccess":"0x20019"}
2946.  
2947. Returned value:
2948.  
2949. 0x0
2950.  
2951. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2952. Arguments:
2953.  
2954. {"OpenOptions":"0x0","KeyHandle":"0x7e6b34","objectName":"PropertyBag","DesiredAccess":"0x20019"}
2955.  
2956. Returned value:
2957.  
2958. 0xc0000034
2959.  
2960. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2961. Arguments:
2962.  
2963. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
2964.  
2965. Returned value:
2966.  
2967. 0x0
2968.  
2969. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2970. Arguments:
2971.  
2972. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{98EC0E18-2098-4D44-8644-66979315A281}","DesiredAccess":"0x20019"}
2973.  
2974. Returned value:
2975.  
2976. 0x0
2977.  
2978. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2979. Arguments:
2980.  
2981. {"OpenOptions":"0x0","KeyHandle":"0x7e6b54","objectName":"PropertyBag","DesiredAccess":"0x20019"}
2982.  
2983. Returned value:
2984.  
2985. 0xc0000034
2986.  
2987. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2988. Arguments:
2989.  
2990. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
2991.  
2992. Returned value:
2993.  
2994. 0x0
2995.  
2996. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
2997. Arguments:
2998.  
2999. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{A4115719-D62E-491D-AA7C-E74B8BE3B067}","DesiredAccess":"0x20019"}
3000.  
3001. Returned value:
3002.  
3003. 0x0
3004.  
3005. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3006. Arguments:
3007.  
3008. {"OpenOptions":"0x0","KeyHandle":"0x7e6b54","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3009.  
3010. Returned value:
3011.  
3012. 0xc0000034
3013.  
3014. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3015. Arguments:
3016.  
3017. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3018.  
3019. Returned value:
3020.  
3021. 0x0
3022.  
3023. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3024. Arguments:
3025.  
3026. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}","DesiredAccess":"0x20019"}
3027.  
3028. Returned value:
3029.  
3030. 0x0
3031.  
3032. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3033. Arguments:
3034.  
3035. {"OpenOptions":"0x0","KeyHandle":"0x7e6b54","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3036.  
3037. Returned value:
3038.  
3039. 0xc0000034
3040.  
3041. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3042. Arguments:
3043.  
3044. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3045.  
3046. Returned value:
3047.  
3048. 0x0
3049.  
3050. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3051. Arguments:
3052.  
3053. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{18989B1D-99B5-455B-841C-AB7C74E4DDFC}","DesiredAccess":"0x20019"}
3054.  
3055. Returned value:
3056.  
3057. 0x0
3058.  
3059. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3060. Arguments:
3061.  
3062. {"OpenOptions":"0x0","KeyHandle":"0x7e6b74","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3063.  
3064. Returned value:
3065.  
3066. 0x0
3067.  
3068. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3069. Arguments:
3070.  
3071. {"OpenOptions":"0x0","KeyHandle":"0x18e96c","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
3072.  
3073. Returned value:
3074.  
3075. 0x0
3076.  
3077. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3078. Arguments:
3079.  
3080. {"OpenOptions":"0x0","KeyHandle":"0x18e9e4","objectName":"KnownFolders","DesiredAccess":"0x1"}
3081.  
3082. Returned value:
3083.  
3084. 0xc0000034
3085.  
3086. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
3087. Arguments:
3088.  
3089. {"DesiredAccess":"0x20019","KeyHandle":"0x18ecb4","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001"}
3090.  
3091. Returned value:
3092.  
3093. 0x0
3094.  
3095. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3096. Arguments:
3097.  
3098. {"OpenOptions":"0x0","KeyHandle":"0x18ecfc","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
3099.  
3100. Returned value:
3101.  
3102. 0x0
3103.  
3104. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3105. Arguments:
3106.  
3107. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3108.  
3109. Returned value:
3110.  
3111. 0x0
3112.  
3113. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3114. Arguments:
3115.  
3116. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}","DesiredAccess":"0x20019"}
3117.  
3118. Returned value:
3119.  
3120. 0x0
3121.  
3122. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3123. Arguments:
3124.  
3125. {"OpenOptions":"0x0","KeyHandle":"0x7e6b94","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3126.  
3127. Returned value:
3128.  
3129. 0xc0000034
3130.  
3131. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3132. Arguments:
3133.  
3134. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3135.  
3136. Returned value:
3137.  
3138. 0x0
3139.  
3140. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3141. Arguments:
3142.  
3143. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{DE974D24-D9C6-4D3E-BF91-F4455120B917}","DesiredAccess":"0x20019"}
3144.  
3145. Returned value:
3146.  
3147. 0x0
3148.  
3149. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3150. Arguments:
3151.  
3152. {"OpenOptions":"0x0","KeyHandle":"0x7e6b94","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3153.  
3154. Returned value:
3155.  
3156. 0xc0000034
3157.  
3158. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3159. Arguments:
3160.  
3161. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3162.  
3163. Returned value:
3164.  
3165. 0x0
3166.  
3167. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3168. Arguments:
3169.  
3170. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}","DesiredAccess":"0x20019"}
3171.  
3172. Returned value:
3173.  
3174. 0x0
3175.  
3176. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3177. Arguments:
3178.  
3179. {"OpenOptions":"0x0","KeyHandle":"0x7e6b94","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3180.  
3181. Returned value:
3182.  
3183. 0xc0000034
3184.  
3185. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3186. Arguments:
3187.  
3188. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3189.  
3190. Returned value:
3191.  
3192. 0x0
3193.  
3194. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3195. Arguments:
3196.  
3197. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{76FC4E2D-D6AD-4519-A663-37BD56068185}","DesiredAccess":"0x20019"}
3198.  
3199. Returned value:
3200.  
3201. 0x0
3202.  
3203. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3204. Arguments:
3205.  
3206. {"OpenOptions":"0x0","KeyHandle":"0x7e6b94","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3207.  
3208. Returned value:
3209.  
3210. 0xc0000034
3211.  
3212. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3213. Arguments:
3214.  
3215. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3216.  
3217. Returned value:
3218.  
3219. 0x0
3220.  
3221. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3222. Arguments:
3223.  
3224. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{A75D362E-50FC-4FB7-AC2C-A8BEAA314493}","DesiredAccess":"0x20019"}
3225.  
3226. Returned value:
3227.  
3228. 0x0
3229.  
3230. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3231. Arguments:
3232.  
3233. {"OpenOptions":"0x0","KeyHandle":"0x7e6b94","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3234.  
3235. Returned value:
3236.  
3237. 0xc0000034
3238.  
3239. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3240. Arguments:
3241.  
3242. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3243.  
3244. Returned value:
3245.  
3246. 0x0
3247.  
3248. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3249. Arguments:
3250.  
3251. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{491E922F-5643-4AF4-A7EB-4E7A138D8174}","DesiredAccess":"0x20019"}
3252.  
3253. Returned value:
3254.  
3255. 0x0
3256.  
3257. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3258. Arguments:
3259.  
3260. {"OpenOptions":"0x0","KeyHandle":"0x7e6b94","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3261.  
3262. Returned value:
3263.  
3264. 0x0
3265.  
3266. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3267. Arguments:
3268.  
3269. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3270.  
3271. Returned value:
3272.  
3273. 0x0
3274.  
3275. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3276. Arguments:
3277.  
3278. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{33E28130-4E1E-4676-835A-98395C3BC3BB}","DesiredAccess":"0x20019"}
3279.  
3280. Returned value:
3281.  
3282. 0x0
3283.  
3284. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3285. Arguments:
3286.  
3287. {"OpenOptions":"0x0","KeyHandle":"0x7e6bf4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3288.  
3289. Returned value:
3290.  
3291. 0x0
3292.  
3293. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3294. Arguments:
3295.  
3296. {"OpenOptions":"0x0","KeyHandle":"0x18e96c","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
3297.  
3298. Returned value:
3299.  
3300. 0x0
3301.  
3302. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3303. Arguments:
3304.  
3305. {"OpenOptions":"0x0","KeyHandle":"0x18e9e4","objectName":"KnownFolders","DesiredAccess":"0x1"}
3306.  
3307. Returned value:
3308.  
3309. 0xc0000034
3310.  
3311. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
3312. Arguments:
3313.  
3314. {"DesiredAccess":"0x20019","KeyHandle":"0x18ecb4","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001"}
3315.  
3316. Returned value:
3317.  
3318. 0x0
3319.  
3320. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3321. Arguments:
3322.  
3323. {"OpenOptions":"0x0","KeyHandle":"0x18ecfc","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
3324.  
3325. Returned value:
3326.  
3327. 0x0
3328.  
3329. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3330. Arguments:
3331.  
3332. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3333.  
3334. Returned value:
3335.  
3336. 0x0
3337.  
3338. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3339. Arguments:
3340.  
3341. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{8AD10C31-2ADB-4296-A8F7-E4701232C972}","DesiredAccess":"0x20019"}
3342.  
3343. Returned value:
3344.  
3345. 0x0
3346.  
3347. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3348. Arguments:
3349.  
3350. {"OpenOptions":"0x0","KeyHandle":"0x7e6c14","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3351.  
3352. Returned value:
3353.  
3354. 0xc0000034
3355.  
3356. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3357. Arguments:
3358.  
3359. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3360.  
3361. Returned value:
3362.  
3363. 0x0
3364.  
3365. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3366. Arguments:
3367.  
3368. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}","DesiredAccess":"0x20019"}
3369.  
3370. Returned value:
3371.  
3372. 0x0
3373.  
3374. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3375. Arguments:
3376.  
3377. {"OpenOptions":"0x0","KeyHandle":"0x7e6c14","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3378.  
3379. Returned value:
3380.  
3381. 0xc0000034
3382.  
3383. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3384. Arguments:
3385.  
3386. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3387.  
3388. Returned value:
3389.  
3390. 0x0
3391.  
3392. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3393. Arguments:
3394.  
3395. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{DEBF2536-E1A8-4C59-B6A2-414586476AEA}","DesiredAccess":"0x20019"}
3396.  
3397. Returned value:
3398.  
3399. 0x0
3400.  
3401. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3402. Arguments:
3403.  
3404. {"OpenOptions":"0x0","KeyHandle":"0x7e6c14","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3405.  
3406. Returned value:
3407.  
3408. 0xc0000034
3409.  
3410. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3411. Arguments:
3412.  
3413. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3414.  
3415. Returned value:
3416.  
3417. 0x0
3418.  
3419. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3420. Arguments:
3421.  
3422. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{0F214138-B1D3-4A90-BBA9-27CBC0C5389A}","DesiredAccess":"0x20019"}
3423.  
3424. Returned value:
3425.  
3426. 0x0
3427.  
3428. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3429. Arguments:
3430.  
3431. {"OpenOptions":"0x0","KeyHandle":"0x7e6c14","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3432.  
3433. Returned value:
3434.  
3435. 0xc0000034
3436.  
3437. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3438. Arguments:
3439.  
3440. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3441.  
3442. Returned value:
3443.  
3444. 0x0
3445.  
3446. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3447. Arguments:
3448.  
3449. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{2400183A-6185-49FB-A2D8-4A392A602BA3}","DesiredAccess":"0x20019"}
3450.  
3451. Returned value:
3452.  
3453. 0x0
3454.  
3455. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3456. Arguments:
3457.  
3458. {"OpenOptions":"0x0","KeyHandle":"0x7e6c54","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3459.  
3460. Returned value:
3461.  
3462. 0x0
3463.  
3464. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3465. Arguments:
3466.  
3467. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3468.  
3469. Returned value:
3470.  
3471. 0x0
3472.  
3473. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3474. Arguments:
3475.  
3476. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{D9DC8A3B-B784-432E-A781-5A1130A75963}","DesiredAccess":"0x20019"}
3477.  
3478. Returned value:
3479.  
3480. 0x0
3481.  
3482. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3483. Arguments:
3484.  
3485. {"OpenOptions":"0x0","KeyHandle":"0x7e6c74","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3486.  
3487. Returned value:
3488.  
3489. 0xc0000034
3490.  
3491. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3492. Arguments:
3493.  
3494. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3495.  
3496. Returned value:
3497.  
3498. 0x0
3499.  
3500. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3501. Arguments:
3502.  
3503. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{C4900540-2379-4C75-844B-64E6FAF8716B}","DesiredAccess":"0x20019"}
3504.  
3505. Returned value:
3506.  
3507. 0x0
3508.  
3509. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3510. Arguments:
3511.  
3512. {"OpenOptions":"0x0","KeyHandle":"0x7e6c74","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3513.  
3514. Returned value:
3515.  
3516. 0xc0000034
3517.  
3518. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3519. Arguments:
3520.  
3521. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3522.  
3523. Returned value:
3524.  
3525. 0x0
3526.  
3527. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3528. Arguments:
3529.  
3530. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{289A9A43-BE44-4057-A41B-587A76D7E7F9}","DesiredAccess":"0x20019"}
3531.  
3532. Returned value:
3533.  
3534. 0x0
3535.  
3536. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3537. Arguments:
3538.  
3539. {"OpenOptions":"0x0","KeyHandle":"0x7e6c74","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3540.  
3541. Returned value:
3542.  
3543. 0xc0000034
3544.  
3545. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3546. Arguments:
3547.  
3548. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3549.  
3550. Returned value:
3551.  
3552. 0x0
3553.  
3554. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3555. Arguments:
3556.  
3557. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{4BFEFB45-347D-4006-A5BE-AC0CB0567192}","DesiredAccess":"0x20019"}
3558.  
3559. Returned value:
3560.  
3561. 0x0
3562.  
3563. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3564. Arguments:
3565.  
3566. {"OpenOptions":"0x0","KeyHandle":"0x7e6c74","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3567.  
3568. Returned value:
3569.  
3570. 0xc0000034
3571.  
3572. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3573. Arguments:
3574.  
3575. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3576.  
3577. Returned value:
3578.  
3579. 0x0
3580.  
3581. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3582. Arguments:
3583.  
3584. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}","DesiredAccess":"0x20019"}
3585.  
3586. Returned value:
3587.  
3588. 0x0
3589.  
3590. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3591. Arguments:
3592.  
3593. {"OpenOptions":"0x0","KeyHandle":"0x7e6c74","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3594.  
3595. Returned value:
3596.  
3597. 0xc0000034
3598.  
3599. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3600. Arguments:
3601.  
3602. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3603.  
3604. Returned value:
3605.  
3606. 0x0
3607.  
3608. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3609. Arguments:
3610.  
3611. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}","DesiredAccess":"0x20019"}
3612.  
3613. Returned value:
3614.  
3615. 0x0
3616.  
3617. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3618. Arguments:
3619.  
3620. {"OpenOptions":"0x0","KeyHandle":"0x7e6c94","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3621.  
3622. Returned value:
3623.  
3624. 0xc0000034
3625.  
3626. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3627. Arguments:
3628.  
3629. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3630.  
3631. Returned value:
3632.  
3633. 0x0
3634.  
3635. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3636. Arguments:
3637.  
3638. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{C870044B-F49E-4126-A9C3-B52A1FF411E8}","DesiredAccess":"0x20019"}
3639.  
3640. Returned value:
3641.  
3642. 0x0
3643.  
3644. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3645. Arguments:
3646.  
3647. {"OpenOptions":"0x0","KeyHandle":"0x7e6cb4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3648.  
3649. Returned value:
3650.  
3651. 0xc0000034
3652.  
3653. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3654. Arguments:
3655.  
3656. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3657.  
3658. Returned value:
3659.  
3660. 0x0
3661.  
3662. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3663. Arguments:
3664.  
3665. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}","DesiredAccess":"0x20019"}
3666.  
3667. Returned value:
3668.  
3669. 0x0
3670.  
3671. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3672. Arguments:
3673.  
3674. {"OpenOptions":"0x0","KeyHandle":"0x7e6cd4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3675.  
3676. Returned value:
3677.  
3678. 0xc0000034
3679.  
3680. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3681. Arguments:
3682.  
3683. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3684.  
3685. Returned value:
3686.  
3687. 0x0
3688.  
3689. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3690. Arguments:
3691.  
3692. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{C5ABBF53-E17F-4121-8900-86626FC2C973}","DesiredAccess":"0x20019"}
3693.  
3694. Returned value:
3695.  
3696. 0x0
3697.  
3698. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3699. Arguments:
3700.  
3701. {"OpenOptions":"0x0","KeyHandle":"0x7e6cd4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3702.  
3703. Returned value:
3704.  
3705. 0xc0000034
3706.  
3707. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3708. Arguments:
3709.  
3710. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3711.  
3712. Returned value:
3713.  
3714. 0x0
3715.  
3716. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3717. Arguments:
3718.  
3719. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{56784854-C6CB-462B-8169-88E350ACB882}","DesiredAccess":"0x20019"}
3720.  
3721. Returned value:
3722.  
3723. 0x0
3724.  
3725. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3726. Arguments:
3727.  
3728. {"OpenOptions":"0x0","KeyHandle":"0x7e6d14","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3729.  
3730. Returned value:
3731.  
3732. 0x0
3733.  
3734. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3735. Arguments:
3736.  
3737. {"OpenOptions":"0x0","KeyHandle":"0x18e96c","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
3738.  
3739. Returned value:
3740.  
3741. 0x0
3742.  
3743. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3744. Arguments:
3745.  
3746. {"OpenOptions":"0x0","KeyHandle":"0x18e9e4","objectName":"KnownFolders","DesiredAccess":"0x1"}
3747.  
3748. Returned value:
3749.  
3750. 0xc0000034
3751.  
3752. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
3753. Arguments:
3754.  
3755. {"DesiredAccess":"0x20019","KeyHandle":"0x18ecb4","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001"}
3756.  
3757. Returned value:
3758.  
3759. 0x0
3760.  
3761. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3762. Arguments:
3763.  
3764. {"OpenOptions":"0x0","KeyHandle":"0x18ecfc","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
3765.  
3766. Returned value:
3767.  
3768. 0x0
3769.  
3770. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3771. Arguments:
3772.  
3773. {"OpenOptions":"0x0","KeyHandle":"0x18ca48","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-364843204-231886559-199882026-1001","DesiredAccess":"0x20019"}
3774.  
3775. Returned value:
3776.  
3777. 0x0
3778.  
3779. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3780. Arguments:
3781.  
3782. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3783.  
3784. Returned value:
3785.  
3786. 0x0
3787.  
3788. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3789. Arguments:
3790.  
3791. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{7B396E54-9EC5-4300-BE0A-2482EBAE1A26}","DesiredAccess":"0x20019"}
3792.  
3793. Returned value:
3794.  
3795. 0x0
3796.  
3797. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3798. Arguments:
3799.  
3800. {"OpenOptions":"0x0","KeyHandle":"0x7e6d54","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3801.  
3802. Returned value:
3803.  
3804. 0xc0000034
3805.  
3806. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3807. Arguments:
3808.  
3809. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3810.  
3811. Returned value:
3812.  
3813. 0x0
3814.  
3815. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3816. Arguments:
3817.  
3818. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}","DesiredAccess":"0x20019"}
3819.  
3820. Returned value:
3821.  
3822. 0x0
3823.  
3824. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3825. Arguments:
3826.  
3827. {"OpenOptions":"0x0","KeyHandle":"0x7e6d54","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3828.  
3829. Returned value:
3830.  
3831. 0xc0000034
3832.  
3833. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3834. Arguments:
3835.  
3836. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3837.  
3838. Returned value:
3839.  
3840. 0x0
3841.  
3842. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3843. Arguments:
3844.  
3845. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{A302545D-DEFF-464B-ABE8-61C8648D939B}","DesiredAccess":"0x20019"}
3846.  
3847. Returned value:
3848.  
3849. 0x0
3850.  
3851. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3852. Arguments:
3853.  
3854. {"OpenOptions":"0x0","KeyHandle":"0x7e6d54","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3855.  
3856. Returned value:
3857.  
3858. 0x0
3859.  
3860. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3861. Arguments:
3862.  
3863. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3864.  
3865. Returned value:
3866.  
3867. 0x0
3868.  
3869. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3870. Arguments:
3871.  
3872. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{2B0F765D-C0E9-4171-908E-08A611B84FF6}","DesiredAccess":"0x20019"}
3873.  
3874. Returned value:
3875.  
3876. 0x0
3877.  
3878. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3879. Arguments:
3880.  
3881. {"OpenOptions":"0x0","KeyHandle":"0x7e6d34","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3882.  
3883. Returned value:
3884.  
3885. 0xc0000034
3886.  
3887. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3888. Arguments:
3889.  
3890. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3891.  
3892. Returned value:
3893.  
3894. 0x0
3895.  
3896. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3897. Arguments:
3898.  
3899. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}","DesiredAccess":"0x20019"}
3900.  
3901. Returned value:
3902.  
3903. 0x0
3904.  
3905. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3906. Arguments:
3907.  
3908. {"OpenOptions":"0x0","KeyHandle":"0x7e6d34","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3909.  
3910. Returned value:
3911.  
3912. 0xc0000034
3913.  
3914. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3915. Arguments:
3916.  
3917. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3918.  
3919. Returned value:
3920.  
3921. 0x0
3922.  
3923. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3924. Arguments:
3925.  
3926. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{E555AB60-153B-4D17-9F04-A5FE99FC15EC}","DesiredAccess":"0x20019"}
3927.  
3928. Returned value:
3929.  
3930. 0x0
3931.  
3932. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3933. Arguments:
3934.  
3935. {"OpenOptions":"0x0","KeyHandle":"0x7e6d34","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3936.  
3937. Returned value:
3938.  
3939. 0xc0000034
3940.  
3941. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3942. Arguments:
3943.  
3944. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3945.  
3946. Returned value:
3947.  
3948. 0x0
3949.  
3950. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3951. Arguments:
3952.  
3953. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{054FAE61-4DD8-4787-80B6-090220C4B700}","DesiredAccess":"0x20019"}
3954.  
3955. Returned value:
3956.  
3957. 0x0
3958.  
3959. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3960. Arguments:
3961.  
3962. {"OpenOptions":"0x0","KeyHandle":"0x7e6d74","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3963.  
3964. Returned value:
3965.  
3966. 0xc0000034
3967.  
3968. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3969. Arguments:
3970.  
3971. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
3972.  
3973. Returned value:
3974.  
3975. 0x0
3976.  
3977. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3978. Arguments:
3979.  
3980. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{1777F761-68AD-4D8A-87BD-30B759FA33DD}","DesiredAccess":"0x20019"}
3981.  
3982. Returned value:
3983.  
3984. 0x0
3985.  
3986. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3987. Arguments:
3988.  
3989. {"OpenOptions":"0x0","KeyHandle":"0x7e6db4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
3990.  
3991. Returned value:
3992.  
3993. 0xc0000034
3994.  
3995. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
3996. Arguments:
3997.  
3998. {"OpenOptions":"0x0","KeyHandle":"0x18e96c","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
3999.  
4000. Returned value:
4001.  
4002. 0x0
4003.  
4004. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4005. Arguments:
4006.  
4007. {"OpenOptions":"0x0","KeyHandle":"0x18e9e4","objectName":"KnownFolders","DesiredAccess":"0x1"}
4008.  
4009. Returned value:
4010.  
4011. 0xc0000034
4012.  
4013. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
4014. Arguments:
4015.  
4016. {"DesiredAccess":"0x20019","KeyHandle":"0x18ecb4","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001"}
4017.  
4018. Returned value:
4019.  
4020. 0x0
4021.  
4022. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4023. Arguments:
4024.  
4025. {"OpenOptions":"0x0","KeyHandle":"0x18ecfc","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
4026.  
4027. Returned value:
4028.  
4029. 0x0
4030.  
4031. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4032. Arguments:
4033.  
4034. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4035.  
4036. Returned value:
4037.  
4038. 0x0
4039.  
4040. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4041. Arguments:
4042.  
4043. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}","DesiredAccess":"0x20019"}
4044.  
4045. Returned value:
4046.  
4047. 0x0
4048.  
4049. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4050. Arguments:
4051.  
4052. {"OpenOptions":"0x0","KeyHandle":"0x7e6db4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4053.  
4054. Returned value:
4055.  
4056. 0xc0000034
4057.  
4058. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4059. Arguments:
4060.  
4061. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4062.  
4063. Returned value:
4064.  
4065. 0x0
4066.  
4067. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4068. Arguments:
4069.  
4070. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}","DesiredAccess":"0x20019"}
4071.  
4072. Returned value:
4073.  
4074. 0x0
4075.  
4076. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4077. Arguments:
4078.  
4079. {"OpenOptions":"0x0","KeyHandle":"0x7e6db4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4080.  
4081. Returned value:
4082.  
4083. 0x0
4084.  
4085. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4086. Arguments:
4087.  
4088. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4089.  
4090. Returned value:
4091.  
4092. 0x0
4093.  
4094. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4095. Arguments:
4096.  
4097. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{8983036C-27C0-404B-8F08-102D10DCFD74}","DesiredAccess":"0x20019"}
4098.  
4099. Returned value:
4100.  
4101. 0x0
4102.  
4103. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4104. Arguments:
4105.  
4106. {"OpenOptions":"0x0","KeyHandle":"0x7e6df4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4107.  
4108. Returned value:
4109.  
4110. 0xc0000034
4111.  
4112. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4113. Arguments:
4114.  
4115. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4116.  
4117. Returned value:
4118.  
4119. 0x0
4120.  
4121. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4122. Arguments:
4123.  
4124. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{BCB5256F-79F6-4CEE-B725-DC34E402FD46}","DesiredAccess":"0x20019"}
4125.  
4126. Returned value:
4127.  
4128. 0x0
4129.  
4130. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4131. Arguments:
4132.  
4133. {"OpenOptions":"0x0","KeyHandle":"0x7e6df4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4134.  
4135. Returned value:
4136.  
4137. 0xc0000034
4138.  
4139. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4140. Arguments:
4141.  
4142. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4143.  
4144. Returned value:
4145.  
4146. 0x0
4147.  
4148. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4149. Arguments:
4150.  
4151. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{724EF170-A42D-4FEF-9F26-B60E846FBA4F}","DesiredAccess":"0x20019"}
4152.  
4153. Returned value:
4154.  
4155. 0x0
4156.  
4157. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4158. Arguments:
4159.  
4160. {"OpenOptions":"0x0","KeyHandle":"0x7e6df4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4161.  
4162. Returned value:
4163.  
4164. 0xc0000034
4165.  
4166. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4167. Arguments:
4168.  
4169. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4170.  
4171. Returned value:
4172.  
4173. 0x0
4174.  
4175. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4176. Arguments:
4177.  
4178. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{4BD8D571-6D19-48D3-BE97-422220080E43}","DesiredAccess":"0x20019"}
4179.  
4180. Returned value:
4181.  
4182. 0x0
4183.  
4184. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4185. Arguments:
4186.  
4187. {"OpenOptions":"0x0","KeyHandle":"0x7e6e14","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4188.  
4189. Returned value:
4190.  
4191. 0x0
4192.  
4193. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4194. Arguments:
4195.  
4196. {"OpenOptions":"0x0","KeyHandle":"0x18e96c","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
4197.  
4198. Returned value:
4199.  
4200. 0x0
4201.  
4202. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4203. Arguments:
4204.  
4205. {"OpenOptions":"0x0","KeyHandle":"0x18e9e4","objectName":"KnownFolders","DesiredAccess":"0x1"}
4206.  
4207. Returned value:
4208.  
4209. 0xc0000034
4210.  
4211. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
4212. Arguments:
4213.  
4214. {"DesiredAccess":"0x20019","KeyHandle":"0x18ecb4","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001"}
4215.  
4216. Returned value:
4217.  
4218. 0x0
4219.  
4220. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4221. Arguments:
4222.  
4223. {"OpenOptions":"0x0","KeyHandle":"0x18ecfc","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
4224.  
4225. Returned value:
4226.  
4227. 0x0
4228.  
4229. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4230. Arguments:
4231.  
4232. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4233.  
4234. Returned value:
4235.  
4236. 0x0
4237.  
4238. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4239. Arguments:
4240.  
4241. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{DE61D971-5EBC-4F02-A3A9-6C82895E5C04}","DesiredAccess":"0x20019"}
4242.  
4243. Returned value:
4244.  
4245. 0x0
4246.  
4247. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4248. Arguments:
4249.  
4250. {"OpenOptions":"0x0","KeyHandle":"0x7e6e34","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4251.  
4252. Returned value:
4253.  
4254. 0xc0000034
4255.  
4256. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4257. Arguments:
4258.  
4259. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4260.  
4261. Returned value:
4262.  
4263. 0x0
4264.  
4265. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4266. Arguments:
4267.  
4268. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{0762D272-C50A-4BB0-A382-697DCD729B80}","DesiredAccess":"0x20019"}
4269.  
4270. Returned value:
4271.  
4272. 0x0
4273.  
4274. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4275. Arguments:
4276.  
4277. {"OpenOptions":"0x0","KeyHandle":"0x7e6e34","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4278.  
4279. Returned value:
4280.  
4281. 0xc0000034
4282.  
4283. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4284. Arguments:
4285.  
4286. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4287.  
4288. Returned value:
4289.  
4290. 0x0
4291.  
4292. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4293. Arguments:
4294.  
4295. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}","DesiredAccess":"0x20019"}
4296.  
4297. Returned value:
4298.  
4299. 0x0
4300.  
4301. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4302. Arguments:
4303.  
4304. {"OpenOptions":"0x0","KeyHandle":"0x7e6e34","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4305.  
4306. Returned value:
4307.  
4308. 0xc0000034
4309.  
4310. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4311. Arguments:
4312.  
4313. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4314.  
4315. Returned value:
4316.  
4317. 0x0
4318.  
4319. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4320. Arguments:
4321.  
4322. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}","DesiredAccess":"0x20019"}
4323.  
4324. Returned value:
4325.  
4326. 0x0
4327.  
4328. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4329. Arguments:
4330.  
4331. {"OpenOptions":"0x0","KeyHandle":"0x7e6e34","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4332.  
4333. Returned value:
4334.  
4335. 0x0
4336.  
4337. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4338. Arguments:
4339.  
4340. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4341.  
4342. Returned value:
4343.  
4344. 0x0
4345.  
4346. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4347. Arguments:
4348.  
4349. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}","DesiredAccess":"0x20019"}
4350.  
4351. Returned value:
4352.  
4353. 0x0
4354.  
4355. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4356. Arguments:
4357.  
4358. {"OpenOptions":"0x0","KeyHandle":"0x7e6e94","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4359.  
4360. Returned value:
4361.  
4362. 0xc0000034
4363.  
4364. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4365. Arguments:
4366.  
4367. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4368.  
4369. Returned value:
4370.  
4371. 0x0
4372.  
4373. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4374. Arguments:
4375.  
4376. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{0AC0837C-BBF8-452A-850D-79D08E667CA7}","DesiredAccess":"0x20019"}
4377.  
4378. Returned value:
4379.  
4380. 0x0
4381.  
4382. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4383. Arguments:
4384.  
4385. {"OpenOptions":"0x0","KeyHandle":"0x7e6eb4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4386.  
4387. Returned value:
4388.  
4389. 0xc0000034
4390.  
4391. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4392. Arguments:
4393.  
4394. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4395.  
4396. Returned value:
4397.  
4398. 0x0
4399.  
4400. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4401. Arguments:
4402.  
4403. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{D0384E7D-BAC3-4797-8F14-CBA229B392B5}","DesiredAccess":"0x20019"}
4404.  
4405. Returned value:
4406.  
4407. 0x0
4408.  
4409. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4410. Arguments:
4411.  
4412. {"OpenOptions":"0x0","KeyHandle":"0x7e6eb4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4413.  
4414. Returned value:
4415.  
4416. 0xc0000034
4417.  
4418. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4419. Arguments:
4420.  
4421. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4422.  
4423. Returned value:
4424.  
4425. 0x0
4426.  
4427. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4428. Arguments:
4429.  
4430. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}","DesiredAccess":"0x20019"}
4431.  
4432. Returned value:
4433.  
4434. 0x0
4435.  
4436. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4437. Arguments:
4438.  
4439. {"OpenOptions":"0x0","KeyHandle":"0x7e6eb4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4440.  
4441. Returned value:
4442.  
4443. 0x0
4444.  
4445. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4446. Arguments:
4447.  
4448. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4449.  
4450. Returned value:
4451.  
4452. 0x0
4453.  
4454. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4455. Arguments:
4456.  
4457. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{AE50C081-EBD2-438A-8655-8A092E34987A}","DesiredAccess":"0x20019"}
4458.  
4459. Returned value:
4460.  
4461. 0x0
4462.  
4463. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4464. Arguments:
4465.  
4466. {"OpenOptions":"0x0","KeyHandle":"0x7e6e94","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4467.  
4468. Returned value:
4469.  
4470. 0xc0000034
4471.  
4472. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4473. Arguments:
4474.  
4475. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4476.  
4477. Returned value:
4478.  
4479. 0x0
4480.  
4481. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4482. Arguments:
4483.  
4484. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}","DesiredAccess":"0x20019"}
4485.  
4486. Returned value:
4487.  
4488. 0x0
4489.  
4490. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4491. Arguments:
4492.  
4493. {"OpenOptions":"0x0","KeyHandle":"0x7e6e94","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4494.  
4495. Returned value:
4496.  
4497. 0xc0000034
4498.  
4499. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4500. Arguments:
4501.  
4502. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4503.  
4504. Returned value:
4505.  
4506. 0x0
4507.  
4508. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4509. Arguments:
4510.  
4511. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}","DesiredAccess":"0x20019"}
4512.  
4513. Returned value:
4514.  
4515. 0x0
4516.  
4517. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4518. Arguments:
4519.  
4520. {"OpenOptions":"0x0","KeyHandle":"0x7e6e94","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4521.  
4522. Returned value:
4523.  
4524. 0xc0000034
4525.  
4526. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4527. Arguments:
4528.  
4529. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4530.  
4531. Returned value:
4532.  
4533. 0x0
4534.  
4535. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4536. Arguments:
4537.  
4538. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}","DesiredAccess":"0x20019"}
4539.  
4540. Returned value:
4541.  
4542. 0x0
4543.  
4544. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4545. Arguments:
4546.  
4547. {"OpenOptions":"0x0","KeyHandle":"0x7e6ed4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4548.  
4549. Returned value:
4550.  
4551. 0x0
4552.  
4553. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4554. Arguments:
4555.  
4556. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4557.  
4558. Returned value:
4559.  
4560. 0x0
4561.  
4562. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4563. Arguments:
4564.  
4565. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}","DesiredAccess":"0x20019"}
4566.  
4567. Returned value:
4568.  
4569. 0x0
4570.  
4571. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4572. Arguments:
4573.  
4574. {"OpenOptions":"0x0","KeyHandle":"0x7e6f14","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4575.  
4576. Returned value:
4577.  
4578. 0xc0000034
4579.  
4580. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4581. Arguments:
4582.  
4583. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4584.  
4585. Returned value:
4586.  
4587. 0x0
4588.  
4589. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4590. Arguments:
4591.  
4592. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}","DesiredAccess":"0x20019"}
4593.  
4594. Returned value:
4595.  
4596. 0x0
4597.  
4598. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4599. Arguments:
4600.  
4601. {"OpenOptions":"0x0","KeyHandle":"0x7e6f54","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4602.  
4603. Returned value:
4604.  
4605. 0xc0000034
4606.  
4607. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4608. Arguments:
4609.  
4610. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4611.  
4612. Returned value:
4613.  
4614. 0x0
4615.  
4616. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4617. Arguments:
4618.  
4619. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{374DE290-123F-4565-9164-39C4925E467B}","DesiredAccess":"0x20019"}
4620.  
4621. Returned value:
4622.  
4623. 0x0
4624.  
4625. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4626. Arguments:
4627.  
4628. {"OpenOptions":"0x0","KeyHandle":"0x7e6f94","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4629.  
4630. Returned value:
4631.  
4632. 0xc0000034
4633.  
4634. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4635. Arguments:
4636.  
4637. {"OpenOptions":"0x0","KeyHandle":"0x18e96c","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
4638.  
4639. Returned value:
4640.  
4641. 0x0
4642.  
4643. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4644. Arguments:
4645.  
4646. {"OpenOptions":"0x0","KeyHandle":"0x18e9e4","objectName":"KnownFolders","DesiredAccess":"0x1"}
4647.  
4648. Returned value:
4649.  
4650. 0xc0000034
4651.  
4652. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
4653. Arguments:
4654.  
4655. {"DesiredAccess":"0x20019","KeyHandle":"0x18ecb4","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001"}
4656.  
4657. Returned value:
4658.  
4659. 0x0
4660.  
4661. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4662. Arguments:
4663.  
4664. {"OpenOptions":"0x0","KeyHandle":"0x18ecfc","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
4665.  
4666. Returned value:
4667.  
4668. 0x0
4669.  
4670. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4671. Arguments:
4672.  
4673. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4674.  
4675. Returned value:
4676.  
4677. 0x0
4678.  
4679. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4680. Arguments:
4681.  
4682. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{859EAD94-2E85-48AD-A71A-0969CB56A6CD}","DesiredAccess":"0x20019"}
4683.  
4684. Returned value:
4685.  
4686. 0x0
4687.  
4688. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4689. Arguments:
4690.  
4691. {"OpenOptions":"0x0","KeyHandle":"0x7e6fb4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4692.  
4693. Returned value:
4694.  
4695. 0xc0000034
4696.  
4697. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4698. Arguments:
4699.  
4700. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4701.  
4702. Returned value:
4703.  
4704. 0x0
4705.  
4706. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4707. Arguments:
4708.  
4709. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{A305CE99-F527-492B-8B1A-7E76FA98D6E4}","DesiredAccess":"0x20019"}
4710.  
4711. Returned value:
4712.  
4713. 0x0
4714.  
4715. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4716. Arguments:
4717.  
4718. {"OpenOptions":"0x0","KeyHandle":"0x7e6fb4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4719.  
4720. Returned value:
4721.  
4722. 0xc0000034
4723.  
4724. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4725. Arguments:
4726.  
4727. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4728.  
4729. Returned value:
4730.  
4731. 0x0
4732.  
4733. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4734. Arguments:
4735.  
4736. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{3D644C9B-1FB8-4F30-9B45-F670235F79C0}","DesiredAccess":"0x20019"}
4737.  
4738. Returned value:
4739.  
4740. 0x0
4741.  
4742. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4743. Arguments:
4744.  
4745. {"OpenOptions":"0x0","KeyHandle":"0x7e6f94","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4746.  
4747. Returned value:
4748.  
4749. 0xc0000034
4750.  
4751. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4752. Arguments:
4753.  
4754. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4755.  
4756. Returned value:
4757.  
4758. 0x0
4759.  
4760. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4761. Arguments:
4762.  
4763. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{A990AE9F-A03B-4E80-94BC-9912D7504104}","DesiredAccess":"0x20019"}
4764.  
4765. Returned value:
4766.  
4767. 0x0
4768.  
4769. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4770. Arguments:
4771.  
4772. {"OpenOptions":"0x0","KeyHandle":"0x7e6f94","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4773.  
4774. Returned value:
4775.  
4776. 0x0
4777.  
4778. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4779. Arguments:
4780.  
4781. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4782.  
4783. Returned value:
4784.  
4785. 0x0
4786.  
4787. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4788. Arguments:
4789.  
4790. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{DFDF76A2-C82A-4D63-906A-5644AC457385}","DesiredAccess":"0x20019"}
4791.  
4792. Returned value:
4793.  
4794. 0x0
4795.  
4796. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4797. Arguments:
4798.  
4799. {"OpenOptions":"0x0","KeyHandle":"0x7e6fd4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4800.  
4801. Returned value:
4802.  
4803. 0xc0000034
4804.  
4805. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4806. Arguments:
4807.  
4808. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4809.  
4810. Returned value:
4811.  
4812. 0x0
4813.  
4814. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4815. Arguments:
4816.  
4817. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{1A6FDBA2-F42D-4358-A798-B74D745926C5}","DesiredAccess":"0x20019"}
4818.  
4819. Returned value:
4820.  
4821. 0x0
4822.  
4823. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4824. Arguments:
4825.  
4826. {"OpenOptions":"0x0","KeyHandle":"0x7e6fd4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4827.  
4828. Returned value:
4829.  
4830. 0xc0000034
4831.  
4832. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4833. Arguments:
4834.  
4835. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4836.  
4837. Returned value:
4838.  
4839. 0x0
4840.  
4841. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4842. Arguments:
4843.  
4844. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{A520A1A4-1780-4FF6-BD18-167343C5AF16}","DesiredAccess":"0x20019"}
4845.  
4846. Returned value:
4847.  
4848. 0x0
4849.  
4850. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4851. Arguments:
4852.  
4853. {"OpenOptions":"0x0","KeyHandle":"0x7e6fd4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4854.  
4855. Returned value:
4856.  
4857. 0xc0000034
4858.  
4859. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4860. Arguments:
4861.  
4862. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4863.  
4864. Returned value:
4865.  
4866. 0x0
4867.  
4868. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4869. Arguments:
4870.  
4871. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{B88F4DAA-E7BD-49A9-B74D-02885A5DC765}","DesiredAccess":"0x20019"}
4872.  
4873. Returned value:
4874.  
4875. 0x0
4876.  
4877. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4878. Arguments:
4879.  
4880. {"OpenOptions":"0x0","KeyHandle":"0x7e6ff4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4881.  
4882. Returned value:
4883.  
4884. 0xc0000034
4885.  
4886. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4887. Arguments:
4888.  
4889. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4890.  
4891. Returned value:
4892.  
4893. 0x0
4894.  
4895. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4896. Arguments:
4897.  
4898. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{2C36C0AA-5812-4B87-BFD0-4CD0DFB19B39}","DesiredAccess":"0x20019"}
4899.  
4900. Returned value:
4901.  
4902. 0x0
4903.  
4904. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4905. Arguments:
4906.  
4907. {"OpenOptions":"0x0","KeyHandle":"0x7e6ff4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4908.  
4909. Returned value:
4910.  
4911. 0xc0000034
4912.  
4913. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4914. Arguments:
4915.  
4916. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4917.  
4918. Returned value:
4919.  
4920. 0x0
4921.  
4922. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4923. Arguments:
4924.  
4925. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{9E3995AB-1F9C-4F13-B827-48B24B6C7174}","DesiredAccess":"0x20019"}
4926.  
4927. Returned value:
4928.  
4929. 0x0
4930.  
4931. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4932. Arguments:
4933.  
4934. {"OpenOptions":"0x0","KeyHandle":"0x7e7034","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4935.  
4936. Returned value:
4937.  
4938. 0xc0000034
4939.  
4940. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4941. Arguments:
4942.  
4943. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4944.  
4945. Returned value:
4946.  
4947. 0x0
4948.  
4949. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4950. Arguments:
4951.  
4952. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{DF7266AC-9274-4867-8D55-3BD661DE872D}","DesiredAccess":"0x20019"}
4953.  
4954. Returned value:
4955.  
4956. 0x0
4957.  
4958. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4959. Arguments:
4960.  
4961. {"OpenOptions":"0x0","KeyHandle":"0x7e7054","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4962.  
4963. Returned value:
4964.  
4965. 0xc0000034
4966.  
4967. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4968. Arguments:
4969.  
4970. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4971.  
4972. Returned value:
4973.  
4974. 0x0
4975.  
4976. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4977. Arguments:
4978.  
4979. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{ED4824AF-DCE4-45A8-81E2-FC7965083634}","DesiredAccess":"0x20019"}
4980.  
4981. Returned value:
4982.  
4983. 0x0
4984.  
4985. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4986. Arguments:
4987.  
4988. {"OpenOptions":"0x0","KeyHandle":"0x7e7034","objectName":"PropertyBag","DesiredAccess":"0x20019"}
4989.  
4990. Returned value:
4991.  
4992. 0x0
4993.  
4994. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
4995. Arguments:
4996.  
4997. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
4998.  
4999. Returned value:
5000.  
5001. 0x0
5002.  
5003. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5004. Arguments:
5005.  
5006. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}","DesiredAccess":"0x20019"}
5007.  
5008. Returned value:
5009.  
5010. 0x0
5011.  
5012. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5013. Arguments:
5014.  
5015. {"OpenOptions":"0x0","KeyHandle":"0x7e7094","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5016.  
5017. Returned value:
5018.  
5019. 0x0
5020.  
5021. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5022. Arguments:
5023.  
5024. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5025.  
5026. Returned value:
5027.  
5028. 0x0
5029.  
5030. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5031. Arguments:
5032.  
5033. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{15CA69B3-30EE-49C1-ACE1-6B5EC372AFB5}","DesiredAccess":"0x20019"}
5034.  
5035. Returned value:
5036.  
5037. 0x0
5038.  
5039. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5040. Arguments:
5041.  
5042. {"OpenOptions":"0x0","KeyHandle":"0x7f52c4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5043.  
5044. Returned value:
5045.  
5046. 0xc0000034
5047.  
5048. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5049. Arguments:
5050.  
5051. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5052.  
5053. Returned value:
5054.  
5055. 0x0
5056.  
5057. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5058. Arguments:
5059.  
5060. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{3214FAB5-9757-4298-BB61-92A9DEAA44FF}","DesiredAccess":"0x20019"}
5061.  
5062. Returned value:
5063.  
5064. 0x0
5065.  
5066. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5067. Arguments:
5068.  
5069. {"OpenOptions":"0x0","KeyHandle":"0x7f52e4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5070.  
5071. Returned value:
5072.  
5073. 0x0
5074.  
5075. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5076. Arguments:
5077.  
5078. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5079.  
5080. Returned value:
5081.  
5082. 0x0
5083.  
5084. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5085. Arguments:
5086.  
5087. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}","DesiredAccess":"0x20019"}
5088.  
5089. Returned value:
5090.  
5091. 0x0
5092.  
5093. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5094. Arguments:
5095.  
5096. {"OpenOptions":"0x0","KeyHandle":"0x7f5304","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5097.  
5098. Returned value:
5099.  
5100. 0x0
5101.  
5102. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5103. Arguments:
5104.  
5105. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5106.  
5107. Returned value:
5108.  
5109. 0x0
5110.  
5111. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5112. Arguments:
5113.  
5114. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}","DesiredAccess":"0x20019"}
5115.  
5116. Returned value:
5117.  
5118. 0x0
5119.  
5120. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5121. Arguments:
5122.  
5123. {"OpenOptions":"0x0","KeyHandle":"0x7f5324","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5124.  
5125. Returned value:
5126.  
5127. 0x0
5128.  
5129. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5130. Arguments:
5131.  
5132. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5133.  
5134. Returned value:
5135.  
5136. 0x0
5137.  
5138. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5139. Arguments:
5140.  
5141. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{B97D20BB-F46A-4C97-BA10-5E3608430854}","DesiredAccess":"0x20019"}
5142.  
5143. Returned value:
5144.  
5145. 0x0
5146.  
5147. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5148. Arguments:
5149.  
5150. {"OpenOptions":"0x0","KeyHandle":"0x7f5344","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5151.  
5152. Returned value:
5153.  
5154. 0xc0000034
5155.  
5156. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5157. Arguments:
5158.  
5159. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5160.  
5161. Returned value:
5162.  
5163. 0x0
5164.  
5165. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5166. Arguments:
5167.  
5168. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}","DesiredAccess":"0x20019"}
5169.  
5170. Returned value:
5171.  
5172. 0x0
5173.  
5174. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5175. Arguments:
5176.  
5177. {"OpenOptions":"0x0","KeyHandle":"0x7f5364","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5178.  
5179. Returned value:
5180.  
5181. 0xc0000034
5182.  
5183. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5184. Arguments:
5185.  
5186. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5187.  
5188. Returned value:
5189.  
5190. 0x0
5191.  
5192. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5193. Arguments:
5194.  
5195. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}","DesiredAccess":"0x20019"}
5196.  
5197. Returned value:
5198.  
5199. 0x0
5200.  
5201. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5202. Arguments:
5203.  
5204. {"OpenOptions":"0x0","KeyHandle":"0x7f5364","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5205.  
5206. Returned value:
5207.  
5208. 0xc0000034
5209.  
5210. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5211. Arguments:
5212.  
5213. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5214.  
5215. Returned value:
5216.  
5217. 0x0
5218.  
5219. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5220. Arguments:
5221.  
5222. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{DE92C1C7-837F-4F69-A3BB-86E631204A23}","DesiredAccess":"0x20019"}
5223.  
5224. Returned value:
5225.  
5226. 0x0
5227.  
5228. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5229. Arguments:
5230.  
5231. {"OpenOptions":"0x0","KeyHandle":"0x7f53a4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5232.  
5233. Returned value:
5234.  
5235. 0xc0000034
5236.  
5237. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5238. Arguments:
5239.  
5240. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5241.  
5242. Returned value:
5243.  
5244. 0x0
5245.  
5246. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5247. Arguments:
5248.  
5249. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{10C07CD0-EF91-4567-B850-448B77CB37F9}","DesiredAccess":"0x20019"}
5250.  
5251. Returned value:
5252.  
5253. 0x0
5254.  
5255. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5256. Arguments:
5257.  
5258. {"OpenOptions":"0x0","KeyHandle":"0x7f53a4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5259.  
5260. Returned value:
5261.  
5262. 0xc0000034
5263.  
5264. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5265. Arguments:
5266.  
5267. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5268.  
5269. Returned value:
5270.  
5271. 0x0
5272.  
5273. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5274. Arguments:
5275.  
5276. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{FDD39AD0-238F-46AF-ADB4-6C85480369C7}","DesiredAccess":"0x20019"}
5277.  
5278. Returned value:
5279.  
5280. 0x0
5281.  
5282. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5283. Arguments:
5284.  
5285. {"OpenOptions":"0x0","KeyHandle":"0x7f5404","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5286.  
5287. Returned value:
5288.  
5289. 0x0
5290.  
5291. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5292. Arguments:
5293.  
5294. {"OpenOptions":"0x0","KeyHandle":"0x18e96c","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
5295.  
5296. Returned value:
5297.  
5298. 0x0
5299.  
5300. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5301. Arguments:
5302.  
5303. {"OpenOptions":"0x0","KeyHandle":"0x18e9e4","objectName":"KnownFolders","DesiredAccess":"0x1"}
5304.  
5305. Returned value:
5306.  
5307. 0xc0000034
5308.  
5309. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
5310. Arguments:
5311.  
5312. {"DesiredAccess":"0x20019","KeyHandle":"0x18ecb4","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001"}
5313.  
5314. Returned value:
5315.  
5316. 0x0
5317.  
5318. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5319. Arguments:
5320.  
5321. {"OpenOptions":"0x0","KeyHandle":"0x18ecfc","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
5322.  
5323. Returned value:
5324.  
5325. 0x0
5326.  
5327. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5328. Arguments:
5329.  
5330. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5331.  
5332. Returned value:
5333.  
5334. 0x0
5335.  
5336. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5337. Arguments:
5338.  
5339. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}","DesiredAccess":"0x20019"}
5340.  
5341. Returned value:
5342.  
5343. 0x0
5344.  
5345. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5346. Arguments:
5347.  
5348. {"OpenOptions":"0x0","KeyHandle":"0x7f5464","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5349.  
5350. Returned value:
5351.  
5352. 0xc0000034
5353.  
5354. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5355. Arguments:
5356.  
5357. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5358.  
5359. Returned value:
5360.  
5361. 0x0
5362.  
5363. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5364. Arguments:
5365.  
5366. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{190337D1-B8CA-4121-A639-6D472D16972A}","DesiredAccess":"0x20019"}
5367.  
5368. Returned value:
5369.  
5370. 0x0
5371.  
5372. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5373. Arguments:
5374.  
5375. {"OpenOptions":"0x0","KeyHandle":"0x7f5484","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5376.  
5377. Returned value:
5378.  
5379. 0xc0000034
5380.  
5381. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5382. Arguments:
5383.  
5384. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5385.  
5386. Returned value:
5387.  
5388. 0x0
5389.  
5390. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5391. Arguments:
5392.  
5393. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{54EED2E0-E7CA-4FDB-9148-0F4247291CFA}","DesiredAccess":"0x20019"}
5394.  
5395. Returned value:
5396.  
5397. 0x0
5398.  
5399. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5400. Arguments:
5401.  
5402. {"OpenOptions":"0x0","KeyHandle":"0x7f5484","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5403.  
5404. Returned value:
5405.  
5406. 0xc0000034
5407.  
5408. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5409. Arguments:
5410.  
5411. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5412.  
5413. Returned value:
5414.  
5415. 0x0
5416.  
5417. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5418. Arguments:
5419.  
5420. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}","DesiredAccess":"0x20019"}
5421.  
5422. Returned value:
5423.  
5424. 0x0
5425.  
5426. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5427. Arguments:
5428.  
5429. {"OpenOptions":"0x0","KeyHandle":"0x7f5484","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5430.  
5431. Returned value:
5432.  
5433. 0xc0000034
5434.  
5435. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5436. Arguments:
5437.  
5438. {"OpenOptions":"0x0","KeyHandle":"0x18e96c","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
5439.  
5440. Returned value:
5441.  
5442. 0x0
5443.  
5444. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5445. Arguments:
5446.  
5447. {"OpenOptions":"0x0","KeyHandle":"0x18e9e4","objectName":"KnownFolders","DesiredAccess":"0x1"}
5448.  
5449. Returned value:
5450.  
5451. 0xc0000034
5452.  
5453. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
5454. Arguments:
5455.  
5456. {"DesiredAccess":"0x20019","KeyHandle":"0x18ecb4","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001"}
5457.  
5458. Returned value:
5459.  
5460. 0x0
5461.  
5462. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5463. Arguments:
5464.  
5465. {"OpenOptions":"0x0","KeyHandle":"0x18ecfc","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
5466.  
5467. Returned value:
5468.  
5469. 0x0
5470.  
5471. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5472. Arguments:
5473.  
5474. {"OpenOptions":"0x0","KeyHandle":"0x18ca48","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-364843204-231886559-199882026-1001","DesiredAccess":"0x20019"}
5475.  
5476. Returned value:
5477.  
5478. 0x0
5479.  
5480. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5481. Arguments:
5482.  
5483. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5484.  
5485. Returned value:
5486.  
5487. 0x0
5488.  
5489. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5490. Arguments:
5491.  
5492. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}","DesiredAccess":"0x20019"}
5493.  
5494. Returned value:
5495.  
5496. 0x0
5497.  
5498. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5499. Arguments:
5500.  
5501. {"OpenOptions":"0x0","KeyHandle":"0x7f5464","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5502.  
5503. Returned value:
5504.  
5505. 0xc0000034
5506.  
5507. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5508. Arguments:
5509.  
5510. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5511.  
5512. Returned value:
5513.  
5514. 0x0
5515.  
5516. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5517. Arguments:
5518.  
5519. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{B94237E7-57AC-4347-9151-B08C6C32D1F7}","DesiredAccess":"0x20019"}
5520.  
5521. Returned value:
5522.  
5523. 0x0
5524.  
5525. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5526. Arguments:
5527.  
5528. {"OpenOptions":"0x0","KeyHandle":"0x7f5464","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5529.  
5530. Returned value:
5531.  
5532. 0xc0000034
5533.  
5534. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5535. Arguments:
5536.  
5537. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5538.  
5539. Returned value:
5540.  
5541. 0x0
5542.  
5543. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5544. Arguments:
5545.  
5546. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{352481E8-33BE-4251-BA85-6007CAEDCF9D}","DesiredAccess":"0x20019"}
5547.  
5548. Returned value:
5549.  
5550. 0x0
5551.  
5552. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5553. Arguments:
5554.  
5555. {"OpenOptions":"0x0","KeyHandle":"0x7f5464","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5556.  
5557. Returned value:
5558.  
5559. 0xc0000034
5560.  
5561. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5562. Arguments:
5563.  
5564. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5565.  
5566. Returned value:
5567.  
5568. 0x0
5569.  
5570. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5571. Arguments:
5572.  
5573. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{A63293E8-664E-48DB-A079-DF759E0509F7}","DesiredAccess":"0x20019"}
5574.  
5575. Returned value:
5576.  
5577. 0x0
5578.  
5579. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5580. Arguments:
5581.  
5582. {"OpenOptions":"0x0","KeyHandle":"0x7f54a4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5583.  
5584. Returned value:
5585.  
5586. 0xc0000034
5587.  
5588. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5589. Arguments:
5590.  
5591. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5592.  
5593. Returned value:
5594.  
5595. 0x0
5596.  
5597. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5598. Arguments:
5599.  
5600. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{5CE4A5E9-E4EB-479D-B89F-130C02886155}","DesiredAccess":"0x20019"}
5601.  
5602. Returned value:
5603.  
5604. 0x0
5605.  
5606. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5607. Arguments:
5608.  
5609. {"OpenOptions":"0x0","KeyHandle":"0x7f54a4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5610.  
5611. Returned value:
5612.  
5613. 0xc0000034
5614.  
5615. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5616. Arguments:
5617.  
5618. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5619.  
5620. Returned value:
5621.  
5622. 0x0
5623.  
5624. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5625. Arguments:
5626.  
5627. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{82A74AEB-AEB4-465C-A014-D097EE346D63}","DesiredAccess":"0x20019"}
5628.  
5629. Returned value:
5630.  
5631. 0x0
5632.  
5633. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5634. Arguments:
5635.  
5636. {"OpenOptions":"0x0","KeyHandle":"0x7f54a4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5637.  
5638. Returned value:
5639.  
5640. 0xc0000034
5641.  
5642. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5643. Arguments:
5644.  
5645. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5646.  
5647. Returned value:
5648.  
5649. 0x0
5650.  
5651. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5652. Arguments:
5653.  
5654. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}","DesiredAccess":"0x20019"}
5655.  
5656. Returned value:
5657.  
5658. 0x0
5659.  
5660. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5661. Arguments:
5662.  
5663. {"OpenOptions":"0x0","KeyHandle":"0x7f54a4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5664.  
5665. Returned value:
5666.  
5667. 0x0
5668.  
5669. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5670. Arguments:
5671.  
5672. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5673.  
5674. Returned value:
5675.  
5676. 0x0
5677.  
5678. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5679. Arguments:
5680.  
5681. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{43668BF8-C14E-49B2-97C9-747784D784B7}","DesiredAccess":"0x20019"}
5682.  
5683. Returned value:
5684.  
5685. 0x0
5686.  
5687. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5688. Arguments:
5689.  
5690. {"OpenOptions":"0x0","KeyHandle":"0x7f54c4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5691.  
5692. Returned value:
5693.  
5694. 0xc0000034
5695.  
5696. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5697. Arguments:
5698.  
5699. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5700.  
5701. Returned value:
5702.  
5703. 0x0
5704.  
5705. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5706. Arguments:
5707.  
5708. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{915221FB-9EFE-4BDA-8FD7-F78DCA774F87}","DesiredAccess":"0x20019"}
5709.  
5710. Returned value:
5711.  
5712. 0x0
5713.  
5714. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5715. Arguments:
5716.  
5717. {"OpenOptions":"0x0","KeyHandle":"0x7f54c4","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5718.  
5719. Returned value:
5720.  
5721. 0xc0000034
5722.  
5723. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5724. Arguments:
5725.  
5726. {"OpenOptions":"0x0","KeyHandle":"0x18ea8c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions","DesiredAccess":"0x20019"}
5727.  
5728. Returned value:
5729.  
5730. 0x0
5731.  
5732. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5733. Arguments:
5734.  
5735. {"OpenOptions":"0x0","KeyHandle":"0x18ebc8","objectName":"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}","DesiredAccess":"0x20019"}
5736.  
5737. Returned value:
5738.  
5739. 0x0
5740.  
5741. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5742. Arguments:
5743.  
5744. {"OpenOptions":"0x0","KeyHandle":"0x7f5504","objectName":"PropertyBag","DesiredAccess":"0x20019"}
5745.  
5746. Returned value:
5747.  
5748. 0xc0000034
5749.  
5750. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5751. Arguments:
5752.  
5753. {"OpenOptions":"0x0","KeyHandle":"0x18e96c","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
5754.  
5755. Returned value:
5756.  
5757. 0x0
5758.  
5759. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5760. Arguments:
5761.  
5762. {"OpenOptions":"0x0","KeyHandle":"0x18e9e4","objectName":"KnownFolders","DesiredAccess":"0x1"}
5763.  
5764. Returned value:
5765.  
5766. 0xc0000034
5767.  
5768. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
5769. Arguments:
5770.  
5771. {"DesiredAccess":"0x20019","KeyHandle":"0x18ecb4","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001"}
5772.  
5773. Returned value:
5774.  
5775. 0x0
5776.  
5777. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5778. Arguments:
5779.  
5780. {"OpenOptions":"0x0","KeyHandle":"0x18ecfc","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
5781.  
5782. Returned value:
5783.  
5784. 0x0
5785.  
5786. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5787. Arguments:
5788.  
5789. {"OpenOptions":"0x0","KeyHandle":"0x18ca48","objectName":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-364843204-231886559-199882026-1001","DesiredAccess":"0x20019"}
5790.  
5791. Returned value:
5792.  
5793. 0x0
5794.  
5795. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5796. Arguments:
5797.  
5798. {"OpenOptions":"0x0","KeyHandle":"0x18e710","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
5799.  
5800. Returned value:
5801.  
5802. 0x0
5803.  
5804. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5805. Arguments:
5806.  
5807. {"OpenOptions":"0x0","KeyHandle":"0x18e92c","objectName":"{e9b1a4f8-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
5808.  
5809. Returned value:
5810.  
5811. 0x0
5812.  
5813. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
5814. Arguments:
5815.  
5816. {"FileHandle":"0x18d694","objectName":"\\??\\C:\\"}
5817.  
5818. Returned value:
5819.  
5820. null
5821.  
5822. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
5823. Arguments:
5824.  
5825. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
5826.  
5827. Returned value:
5828.  
5829. 0x250
5830.  
5831. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
5832. Arguments:
5833.  
5834. {"FileHandle":"0x18d140","objectName":"\\??\\C:\\Users"}
5835.  
5836. Returned value:
5837.  
5838. null
5839.  
5840. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
5841. Arguments:
5842.  
5843. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
5844.  
5845. Returned value:
5846.  
5847. 0x250
5848.  
5849. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
5850. Arguments:
5851.  
5852. {"FileHandle":"0x18cbec","objectName":"\\??\\C:\\Users\\admin"}
5853.  
5854. Returned value:
5855.  
5856. null
5857.  
5858. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
5859. Arguments:
5860.  
5861. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users\\admin","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
5862.  
5863. Returned value:
5864.  
5865. 0x250
5866.  
5867. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
5868. Arguments:
5869.  
5870. {"FileHandle":"0x18d094","objectName":"\\??\\C:\\Users\\<USER>\\Searches\\desktop.ini"}
5871.  
5872. Returned value:
5873.  
5874. null
5875.  
5876. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
5877. Arguments:
5878.  
5879. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x8000000","lpFileName":"C:\\Users\\<USER>\\Searches\\desktop.ini","dwDesiredAccess":"0x80000000","dwShareMode":"0x7"}
5880.  
5881. Returned value:
5882.  
5883. 0x250
5884.  
5885. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
5886. Arguments:
5887.  
5888. {"lpProcName":"CoTaskMemFree","hModule":"ole32.dll"}
5889.  
5890. Returned value:
5891.  
5892. 0x75776f41
5893.  
5894. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5895. Arguments:
5896.  
5897. {"OpenOptions":"0x0","KeyHandle":"0x18e710","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
5898.  
5899. Returned value:
5900.  
5901. 0x0
5902.  
5903. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5904. Arguments:
5905.  
5906. {"OpenOptions":"0x0","KeyHandle":"0x18e92c","objectName":"{e9b1a4f8-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
5907.  
5908. Returned value:
5909.  
5910. 0x0
5911.  
5912. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
5913. Arguments:
5914.  
5915. {"FileHandle":"0x18d694","objectName":"\\??\\C:\\"}
5916.  
5917. Returned value:
5918.  
5919. null
5920.  
5921. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
5922. Arguments:
5923.  
5924. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
5925.  
5926. Returned value:
5927.  
5928. 0x24c
5929.  
5930. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
5931. Arguments:
5932.  
5933. {"FileHandle":"0x18d140","objectName":"\\??\\C:\\Users"}
5934.  
5935. Returned value:
5936.  
5937. null
5938.  
5939. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
5940. Arguments:
5941.  
5942. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
5943.  
5944. Returned value:
5945.  
5946. 0x24c
5947.  
5948. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
5949. Arguments:
5950.  
5951. {"FileHandle":"0x18cbec","objectName":"\\??\\C:\\Users\\admin"}
5952.  
5953. Returned value:
5954.  
5955. null
5956.  
5957. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
5958. Arguments:
5959.  
5960. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users\\admin","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
5961.  
5962. Returned value:
5963.  
5964. 0x24c
5965.  
5966. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
5967. Arguments:
5968.  
5969. {"FileHandle":"0x18d094","objectName":"\\??\\C:\\Users\\<USER>\\Videos\\desktop.ini"}
5970.  
5971. Returned value:
5972.  
5973. null
5974.  
5975. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
5976. Arguments:
5977.  
5978. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x8000000","lpFileName":"C:\\Users\\<USER>\\Videos\\desktop.ini","dwDesiredAccess":"0x80000000","dwShareMode":"0x7"}
5979.  
5980. Returned value:
5981.  
5982. 0x24c
5983.  
5984. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5985. Arguments:
5986.  
5987. {"OpenOptions":"0x0","KeyHandle":"0x18e710","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
5988.  
5989. Returned value:
5990.  
5991. 0x0
5992.  
5993. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
5994. Arguments:
5995.  
5996. {"OpenOptions":"0x0","KeyHandle":"0x18e92c","objectName":"{e9b1a4f8-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
5997.  
5998. Returned value:
5999.  
6000. 0x0
6001.  
6002. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6003. Arguments:
6004.  
6005. {"FileHandle":"0x18d694","objectName":"\\??\\C:\\"}
6006.  
6007. Returned value:
6008.  
6009. null
6010.  
6011. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6012. Arguments:
6013.  
6014. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6015.  
6016. Returned value:
6017.  
6018. 0x250
6019.  
6020. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6021. Arguments:
6022.  
6023. {"FileHandle":"0x18d140","objectName":"\\??\\C:\\Users"}
6024.  
6025. Returned value:
6026.  
6027. null
6028.  
6029. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6030. Arguments:
6031.  
6032. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6033.  
6034. Returned value:
6035.  
6036. 0x250
6037.  
6038. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6039. Arguments:
6040.  
6041. {"FileHandle":"0x18cbec","objectName":"\\??\\C:\\Users\\admin"}
6042.  
6043. Returned value:
6044.  
6045. null
6046.  
6047. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6048. Arguments:
6049.  
6050. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users\\admin","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6051.  
6052. Returned value:
6053.  
6054. 0x250
6055.  
6056. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6057. Arguments:
6058.  
6059. {"FileHandle":"0x18d094","objectName":"\\??\\C:\\Users\\<USER>\\Pictures\\desktop.ini"}
6060.  
6061. Returned value:
6062.  
6063. null
6064.  
6065. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6066. Arguments:
6067.  
6068. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x8000000","lpFileName":"C:\\Users\\<USER>\\Pictures\\desktop.ini","dwDesiredAccess":"0x80000000","dwShareMode":"0x7"}
6069.  
6070. Returned value:
6071.  
6072. 0x250
6073.  
6074. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6075. Arguments:
6076.  
6077. {"OpenOptions":"0x0","KeyHandle":"0x18e710","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
6078.  
6079. Returned value:
6080.  
6081. 0x0
6082.  
6083. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6084. Arguments:
6085.  
6086. {"OpenOptions":"0x0","KeyHandle":"0x18e92c","objectName":"{e9b1a4f8-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
6087.  
6088. Returned value:
6089.  
6090. 0x0
6091.  
6092. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6093. Arguments:
6094.  
6095. {"FileHandle":"0x18d694","objectName":"\\??\\C:\\"}
6096.  
6097. Returned value:
6098.  
6099. null
6100.  
6101. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6102. Arguments:
6103.  
6104. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6105.  
6106. Returned value:
6107.  
6108. 0x24c
6109.  
6110. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6111. Arguments:
6112.  
6113. {"FileHandle":"0x18d140","objectName":"\\??\\C:\\Users"}
6114.  
6115. Returned value:
6116.  
6117. null
6118.  
6119. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6120. Arguments:
6121.  
6122. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6123.  
6124. Returned value:
6125.  
6126. 0x24c
6127.  
6128. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6129. Arguments:
6130.  
6131. {"FileHandle":"0x18cbec","objectName":"\\??\\C:\\Users\\admin"}
6132.  
6133. Returned value:
6134.  
6135. null
6136.  
6137. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6138. Arguments:
6139.  
6140. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users\\admin","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6141.  
6142. Returned value:
6143.  
6144. 0x24c
6145.  
6146. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6147. Arguments:
6148.  
6149. {"OpenOptions":"0x0","KeyHandle":"0x18e710","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
6150.  
6151. Returned value:
6152.  
6153. 0x0
6154.  
6155. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6156. Arguments:
6157.  
6158. {"OpenOptions":"0x0","KeyHandle":"0x18e92c","objectName":"{e9b1a4f8-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
6159.  
6160. Returned value:
6161.  
6162. 0x0
6163.  
6164. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6165. Arguments:
6166.  
6167. {"FileHandle":"0x18d694","objectName":"\\??\\C:\\"}
6168.  
6169. Returned value:
6170.  
6171. null
6172.  
6173. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6174. Arguments:
6175.  
6176. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6177.  
6178. Returned value:
6179.  
6180. 0x250
6181.  
6182. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6183. Arguments:
6184.  
6185. {"FileHandle":"0x18d140","objectName":"\\??\\C:\\Users"}
6186.  
6187. Returned value:
6188.  
6189. null
6190.  
6191. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6192. Arguments:
6193.  
6194. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6195.  
6196. Returned value:
6197.  
6198. 0x250
6199.  
6200. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6201. Arguments:
6202.  
6203. {"FileHandle":"0x18cbec","objectName":"\\??\\C:\\Users\\admin"}
6204.  
6205. Returned value:
6206.  
6207. null
6208.  
6209. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6210. Arguments:
6211.  
6212. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users\\admin","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6213.  
6214. Returned value:
6215.  
6216. 0x250
6217.  
6218. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6219. Arguments:
6220.  
6221. {"FileHandle":"0x18d094","objectName":"\\??\\C:\\Users\\<USER>\\Contacts\\desktop.ini"}
6222.  
6223. Returned value:
6224.  
6225. null
6226.  
6227. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6228. Arguments:
6229.  
6230. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x8000000","lpFileName":"C:\\Users\\<USER>\\Contacts\\desktop.ini","dwDesiredAccess":"0x80000000","dwShareMode":"0x7"}
6231.  
6232. Returned value:
6233.  
6234. 0x250
6235.  
6236. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6237. Arguments:
6238.  
6239. {"OpenOptions":"0x0","KeyHandle":"0x18e710","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
6240.  
6241. Returned value:
6242.  
6243. 0x0
6244.  
6245. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6246. Arguments:
6247.  
6248. {"OpenOptions":"0x0","KeyHandle":"0x18e92c","objectName":"{e9b1a4f8-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
6249.  
6250. Returned value:
6251.  
6252. 0x0
6253.  
6254. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6255. Arguments:
6256.  
6257. {"FileHandle":"0x18d694","objectName":"\\??\\C:\\"}
6258.  
6259. Returned value:
6260.  
6261. null
6262.  
6263. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6264. Arguments:
6265.  
6266. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6267.  
6268. Returned value:
6269.  
6270. 0x24c
6271.  
6272. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6273. Arguments:
6274.  
6275. {"FileHandle":"0x18d140","objectName":"\\??\\C:\\Users"}
6276.  
6277. Returned value:
6278.  
6279. null
6280.  
6281. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6282. Arguments:
6283.  
6284. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6285.  
6286. Returned value:
6287.  
6288. 0x24c
6289.  
6290. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6291. Arguments:
6292.  
6293. {"FileHandle":"0x18cbec","objectName":"\\??\\C:\\Users\\admin"}
6294.  
6295. Returned value:
6296.  
6297. null
6298.  
6299. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6300. Arguments:
6301.  
6302. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users\\admin","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6303.  
6304. Returned value:
6305.  
6306. 0x24c
6307.  
6308. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6309. Arguments:
6310.  
6311. {"FileHandle":"0x18d094","objectName":"\\??\\C:\\Users\\<USER>\\Favorites\\desktop.ini"}
6312.  
6313. Returned value:
6314.  
6315. null
6316.  
6317. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6318. Arguments:
6319.  
6320. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x8000000","lpFileName":"C:\\Users\\<USER>\\Favorites\\desktop.ini","dwDesiredAccess":"0x80000000","dwShareMode":"0x7"}
6321.  
6322. Returned value:
6323.  
6324. 0x24c
6325.  
6326. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6327. Arguments:
6328.  
6329. {"OpenOptions":"0x0","KeyHandle":"0x18e710","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
6330.  
6331. Returned value:
6332.  
6333. 0x0
6334.  
6335. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6336. Arguments:
6337.  
6338. {"OpenOptions":"0x0","KeyHandle":"0x18e92c","objectName":"{e9b1a4f8-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
6339.  
6340. Returned value:
6341.  
6342. 0x0
6343.  
6344. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6345. Arguments:
6346.  
6347. {"FileHandle":"0x18d694","objectName":"\\??\\C:\\"}
6348.  
6349. Returned value:
6350.  
6351. null
6352.  
6353. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6354. Arguments:
6355.  
6356. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6357.  
6358. Returned value:
6359.  
6360. 0x250
6361.  
6362. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6363. Arguments:
6364.  
6365. {"FileHandle":"0x18d140","objectName":"\\??\\C:\\Users"}
6366.  
6367. Returned value:
6368.  
6369. null
6370.  
6371. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6372. Arguments:
6373.  
6374. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6375.  
6376. Returned value:
6377.  
6378. 0x250
6379.  
6380. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6381. Arguments:
6382.  
6383. {"FileHandle":"0x18cbec","objectName":"\\??\\C:\\Users\\admin"}
6384.  
6385. Returned value:
6386.  
6387. null
6388.  
6389. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6390. Arguments:
6391.  
6392. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users\\admin","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6393.  
6394. Returned value:
6395.  
6396. 0x250
6397.  
6398. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6399. Arguments:
6400.  
6401. {"FileHandle":"0x18d094","objectName":"\\??\\C:\\Users\\<USER>\\Music\\desktop.ini"}
6402.  
6403. Returned value:
6404.  
6405. null
6406.  
6407. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6408. Arguments:
6409.  
6410. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x8000000","lpFileName":"C:\\Users\\<USER>\\Music\\desktop.ini","dwDesiredAccess":"0x80000000","dwShareMode":"0x7"}
6411.  
6412. Returned value:
6413.  
6414. 0x250
6415.  
6416. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6417. Arguments:
6418.  
6419. {"OpenOptions":"0x0","KeyHandle":"0x18e710","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
6420.  
6421. Returned value:
6422.  
6423. 0x0
6424.  
6425. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6426. Arguments:
6427.  
6428. {"OpenOptions":"0x0","KeyHandle":"0x18e92c","objectName":"{e9b1a4f8-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
6429.  
6430. Returned value:
6431.  
6432. 0x0
6433.  
6434. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6435. Arguments:
6436.  
6437. {"FileHandle":"0x18d694","objectName":"\\??\\C:\\"}
6438.  
6439. Returned value:
6440.  
6441. null
6442.  
6443. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6444. Arguments:
6445.  
6446. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6447.  
6448. Returned value:
6449.  
6450. 0x24c
6451.  
6452. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6453. Arguments:
6454.  
6455. {"FileHandle":"0x18d140","objectName":"\\??\\C:\\Users"}
6456.  
6457. Returned value:
6458.  
6459. null
6460.  
6461. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6462. Arguments:
6463.  
6464. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6465.  
6466. Returned value:
6467.  
6468. 0x24c
6469.  
6470. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6471. Arguments:
6472.  
6473. {"FileHandle":"0x18cbec","objectName":"\\??\\C:\\Users\\admin"}
6474.  
6475. Returned value:
6476.  
6477. null
6478.  
6479. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6480. Arguments:
6481.  
6482. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users\\admin","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6483.  
6484. Returned value:
6485.  
6486. 0x24c
6487.  
6488. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6489. Arguments:
6490.  
6491. {"OpenOptions":"0x0","KeyHandle":"0x18e710","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
6492.  
6493. Returned value:
6494.  
6495. 0x0
6496.  
6497. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6498. Arguments:
6499.  
6500. {"OpenOptions":"0x0","KeyHandle":"0x18e92c","objectName":"{e9b1a4f8-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
6501.  
6502. Returned value:
6503.  
6504. 0x0
6505.  
6506. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6507. Arguments:
6508.  
6509. {"FileHandle":"0x18d694","objectName":"\\??\\C:\\"}
6510.  
6511. Returned value:
6512.  
6513. null
6514.  
6515. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6516. Arguments:
6517.  
6518. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6519.  
6520. Returned value:
6521.  
6522. 0x250
6523.  
6524. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6525. Arguments:
6526.  
6527. {"FileHandle":"0x18d140","objectName":"\\??\\C:\\Users"}
6528.  
6529. Returned value:
6530.  
6531. null
6532.  
6533. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6534. Arguments:
6535.  
6536. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6537.  
6538. Returned value:
6539.  
6540. 0x250
6541.  
6542. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6543. Arguments:
6544.  
6545. {"FileHandle":"0x18cbec","objectName":"\\??\\C:\\Users\\admin"}
6546.  
6547. Returned value:
6548.  
6549. null
6550.  
6551. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6552. Arguments:
6553.  
6554. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users\\admin","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6555.  
6556. Returned value:
6557.  
6558. 0x250
6559.  
6560. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6561. Arguments:
6562.  
6563. {"FileHandle":"0x18d094","objectName":"\\??\\C:\\Users\\<USER>\\Documents\\desktop.ini"}
6564.  
6565. Returned value:
6566.  
6567. null
6568.  
6569. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6570. Arguments:
6571.  
6572. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x8000000","lpFileName":"C:\\Users\\<USER>\\Documents\\desktop.ini","dwDesiredAccess":"0x80000000","dwShareMode":"0x7"}
6573.  
6574. Returned value:
6575.  
6576. 0x250
6577.  
6578. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6579. Arguments:
6580.  
6581. {"OpenOptions":"0x0","KeyHandle":"0x18e710","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
6582.  
6583. Returned value:
6584.  
6585. 0x0
6586.  
6587. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6588. Arguments:
6589.  
6590. {"OpenOptions":"0x0","KeyHandle":"0x18e92c","objectName":"{e9b1a4f8-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
6591.  
6592. Returned value:
6593.  
6594. 0x0
6595.  
6596. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6597. Arguments:
6598.  
6599. {"FileHandle":"0x18d694","objectName":"\\??\\C:\\"}
6600.  
6601. Returned value:
6602.  
6603. null
6604.  
6605. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6606. Arguments:
6607.  
6608. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6609.  
6610. Returned value:
6611.  
6612. 0x24c
6613.  
6614. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6615. Arguments:
6616.  
6617. {"FileHandle":"0x18d140","objectName":"\\??\\C:\\Users"}
6618.  
6619. Returned value:
6620.  
6621. null
6622.  
6623. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6624. Arguments:
6625.  
6626. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6627.  
6628. Returned value:
6629.  
6630. 0x24c
6631.  
6632. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6633. Arguments:
6634.  
6635. {"FileHandle":"0x18cbec","objectName":"\\??\\C:\\Users\\admin"}
6636.  
6637. Returned value:
6638.  
6639. null
6640.  
6641. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6642. Arguments:
6643.  
6644. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users\\admin","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6645.  
6646. Returned value:
6647.  
6648. 0x24c
6649.  
6650. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6651. Arguments:
6652.  
6653. {"FileHandle":"0x18d094","objectName":"\\??\\C:\\Users\\<USER>\\Links\\desktop.ini"}
6654.  
6655. Returned value:
6656.  
6657. null
6658.  
6659. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6660. Arguments:
6661.  
6662. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x8000000","lpFileName":"C:\\Users\\<USER>\\Links\\desktop.ini","dwDesiredAccess":"0x80000000","dwShareMode":"0x7"}
6663.  
6664. Returned value:
6665.  
6666. 0x24c
6667.  
6668. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6669. Arguments:
6670.  
6671. {"OpenOptions":"0x0","KeyHandle":"0x18e710","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","DesiredAccess":"0x20019"}
6672.  
6673. Returned value:
6674.  
6675. 0x0
6676.  
6677. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6678. Arguments:
6679.  
6680. {"OpenOptions":"0x0","KeyHandle":"0x18e92c","objectName":"{e9b1a4f8-a98b-11e9-a299-806e6f6e6963}\\","DesiredAccess":"0x20019"}
6681.  
6682. Returned value:
6683.  
6684. 0x0
6685.  
6686. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6687. Arguments:
6688.  
6689. {"FileHandle":"0x18d694","objectName":"\\??\\C:\\"}
6690.  
6691. Returned value:
6692.  
6693. null
6694.  
6695. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6696. Arguments:
6697.  
6698. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6699.  
6700. Returned value:
6701.  
6702. 0x250
6703.  
6704. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6705. Arguments:
6706.  
6707. {"FileHandle":"0x18d140","objectName":"\\??\\C:\\Users"}
6708.  
6709. Returned value:
6710.  
6711. null
6712.  
6713. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6714. Arguments:
6715.  
6716. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6717.  
6718. Returned value:
6719.  
6720. 0x250
6721.  
6722. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6723. Arguments:
6724.  
6725. {"FileHandle":"0x18cbec","objectName":"\\??\\C:\\Users\\admin"}
6726.  
6727. Returned value:
6728.  
6729. null
6730.  
6731. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6732. Arguments:
6733.  
6734. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x2000000","lpFileName":"C:\\Users\\admin","dwDesiredAccess":"0x100081","dwShareMode":"0x7"}
6735.  
6736. Returned value:
6737.  
6738. 0x250
6739.  
6740. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6741. Arguments:
6742.  
6743. {"FileHandle":"0x18d094","objectName":"\\??\\C:\\Users\\<USER>\\Saved Games\\desktop.ini"}
6744.  
6745. Returned value:
6746.  
6747. null
6748.  
6749. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6750. Arguments:
6751.  
6752. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x8000000","lpFileName":"C:\\Users\\<USER>\\Saved Games\\desktop.ini","dwDesiredAccess":"0x80000000","dwShareMode":"0x7"}
6753.  
6754. Returned value:
6755.  
6756. 0x250
6757.  
6758. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6759. Arguments:
6760.  
6761. {"FileHandle":"0x18fdbc","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\"}
6762.  
6763. Returned value:
6764.  
6765. null
6766.  
6767. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
6768. Arguments:
6769.  
6770. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp"}
6771.  
6772. Returned value:
6773.  
6774. 0x0
6775.  
6776. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6777. Arguments:
6778.  
6779. {"FileHandle":"0x18fd20","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsiFE32.tmp"}
6780.  
6781. Returned value:
6782.  
6783. null
6784.  
6785. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
6786. Arguments:
6787.  
6788. {"FileHandle":"0x18fdd0","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsiFE32.tmp"}
6789.  
6790. Returned value:
6791.  
6792. null
6793.  
6794. KernelBase.dll! DeleteFileA #file (#2236) important_document.exe
6795. Arguments:
6796.  
6797. {"lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsiFE32.tmp"}
6798.  
6799. Returned value:
6800.  
6801. 0x1
6802.  
6803. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
6804. Arguments:
6805.  
6806. {"objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\important_document.exe"}
6807.  
6808. Returned value:
6809.  
6810. 0x0
6811.  
6812. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6813. Arguments:
6814.  
6815. {"FileHandle":"0x18fd24","objectName":"\\??\\C:\\Users\\<USER>\\Downloads\\important_document.exe"}
6816.  
6817. Returned value:
6818.  
6819. null
6820.  
6821. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
6822. Arguments:
6823.  
6824. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x20","lpFileName":"C:\\Users\\<USER>\\Downloads\\important_document.exe","dwDesiredAccess":"0x80000000","dwShareMode":"0x1"}
6825.  
6826. Returned value:
6827.  
6828. 0x250
6829.  
6830. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
6831. Arguments:
6832.  
6833. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x20","lpFileName":"C:\\Users\\<USER>\\Downloads\\important_document.exe","dwDesiredAccess":"0x80000000","dwShareMode":"0x1"}
6834.  
6835. Returned value:
6836.  
6837. 0x250
6838.  
6839. KernelBase.dll! GetFileSize #file (#2236) important_document.exe
6840. Arguments:
6841.  
6842. {"lpFileSizeHigh":"0x5d3b680","hFile":"0x250"}
6843.  
6844. Returned value:
6845.  
6846. null
6847.  
6848. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
6849. Arguments:
6850.  
6851. {"lpProcName":"GetUserDefaultUILanguage","hModule":"KernelBase.dll"}
6852.  
6853. Returned value:
6854.  
6855. 0x773e44ab
6856.  
6857. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6858. Arguments:
6859.  
6860. {"OpenOptions":"0x0","KeyHandle":"0x18fdd0","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\lightfactory.exe","DesiredAccess":"0x20019"}
6861.  
6862. Returned value:
6863.  
6864. 0xc0000034
6865.  
6866. kernel32.dll! RegOpenKeyExA #registry (#2236) important_document.exe
6867. Arguments:
6868.  
6869. {"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\lightfactory.exe","phkResult":"0x0"}
6870.  
6871. Returned value:
6872.  
6873. 0x2
6874.  
6875. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
6876. Arguments:
6877.  
6878. {"OpenOptions":"0x0","KeyHandle":"0x18fd9c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion","DesiredAccess":"0x20019"}
6879.  
6880. Returned value:
6881.  
6882. 0x0
6883.  
6884. kernel32.dll! RegOpenKeyExA #registry (#2236) important_document.exe
6885. Arguments:
6886.  
6887. {"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x20019","lpSubKey":"Software\\Microsoft\\Windows\\CurrentVersion","phkResult":"0x260"}
6888.  
6889. Returned value:
6890.  
6891. 0x0
6892.  
6893. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
6894. Arguments:
6895.  
6896. {"objectName":"\\??\\C:\\Windows\\system32\\RichEd20.dll"}
6897.  
6898. Returned value:
6899.  
6900. 0x0
6901.  
6902. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
6903. Arguments:
6904.  
6905. {"FileHandle":"0x18fa44","objectName":"\\??\\C:\\Windows\\system32\\RichEd20.dll"}
6906.  
6907. Returned value:
6908.  
6909. null
6910.  
6911. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
6912. Arguments:
6913.  
6914. {"DesiredAccess":"0x20019","KeyHandle":"0x18f374","objectName":"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Locale"}
6915.  
6916. Returned value:
6917.  
6918. 0x0
6919.  
6920. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
6921. Arguments:
6922.  
6923. {"DesiredAccess":"0x20019","KeyHandle":"0x18f374","objectName":"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Locale\\Alternate Sorts"}
6924.  
6925. Returned value:
6926.  
6927. 0x0
6928.  
6929. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
6930. Arguments:
6931.  
6932. {"DesiredAccess":"0x20019","KeyHandle":"0x18f374","objectName":"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Language Groups"}
6933.  
6934. Returned value:
6935.  
6936. 0x0
6937.  
6938. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
6939. Arguments:
6940.  
6941. {"lpProcName":"RegisterClassNameW","hModule":"comctl32.dll"}
6942.  
6943. Returned value:
6944.  
6945. 0x74291339
6946.  
6947. KernelBase.dll! LoadLibraryExA #misc (#2236) important_document.exe
6948. Arguments:
6949.  
6950. {"lpFileName":"UxTheme.dll"}
6951.  
6952. Returned value:
6953.  
6954. 0x727d0000
6955.  
6956. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
6957. Arguments:
6958.  
6959. {"lpProcName":"EnableThemeDialogTexture","hModule":"uxtheme.dll"}
6960.  
6961. Returned value:
6962.  
6963. 0x727f786d
6964.  
6965. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
6966. Arguments:
6967.  
6968. {"lpProcName":"RegisterClassNameW","hModule":"comctl32.dll"}
6969.  
6970. Returned value:
6971.  
6972. 0x74291339
6973.  
6974. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
6975. Arguments:
6976.  
6977. {"lpProcName":"OpenThemeData","hModule":"uxtheme.dll"}
6978.  
6979. Returned value:
6980.  
6981. 0x727e5f29
6982.  
6983. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
6984. Arguments:
6985.  
6986. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp"}
6987.  
6988. Returned value:
6989.  
6990. 0x0
6991.  
6992. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
6993. Arguments:
6994.  
6995. {"FileHandle":"0x18f6ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp"}
6996.  
6997. Returned value:
6998.  
6999. null
7000.  
7001. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
7002. Arguments:
7003.  
7004. {"FileHandle":"0x18f0dc","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\"}
7005.  
7006. Returned value:
7007.  
7008. null
7009.  
7010. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
7011. Arguments:
7012.  
7013. {"FileHandle":"0x18f5f4","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp"}
7014.  
7015. Returned value:
7016.  
7017. null
7018.  
7019. KernelBase.dll! DeleteFileA #file (#2236) important_document.exe
7020. Arguments:
7021.  
7022. {"lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp"}
7023.  
7024. Returned value:
7025.  
7026. 0x1
7027.  
7028. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7029. Arguments:
7030.  
7031. {"FileHandle":"0x18f750","objectName":"\\??\\C:\\Users"}
7032.  
7033. Returned value:
7034.  
7035. null
7036.  
7037. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7038. Arguments:
7039.  
7040. {"objectName":"\\??\\C:\\Users"}
7041.  
7042. Returned value:
7043.  
7044. 0x0
7045.  
7046. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7047. Arguments:
7048.  
7049. {"FileHandle":"0x18f750","objectName":"\\??\\C:\\Users\\admin"}
7050.  
7051. Returned value:
7052.  
7053. null
7054.  
7055. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7056. Arguments:
7057.  
7058. {"objectName":"\\??\\C:\\Users\\admin"}
7059.  
7060. Returned value:
7061.  
7062. 0x0
7063.  
7064. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7065. Arguments:
7066.  
7067. {"FileHandle":"0x18f750","objectName":"\\??\\C:\\Users\\<USER>\\AppData"}
7068.  
7069. Returned value:
7070.  
7071. null
7072.  
7073. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7074. Arguments:
7075.  
7076. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData"}
7077.  
7078. Returned value:
7079.  
7080. 0x0
7081.  
7082. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7083. Arguments:
7084.  
7085. {"FileHandle":"0x18f750","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local"}
7086.  
7087. Returned value:
7088.  
7089. null
7090.  
7091. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7092. Arguments:
7093.  
7094. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local"}
7095.  
7096. Returned value:
7097.  
7098. 0x0
7099.  
7100. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7101. Arguments:
7102.  
7103. {"FileHandle":"0x18f750","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp"}
7104.  
7105. Returned value:
7106.  
7107. null
7108.  
7109. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7110. Arguments:
7111.  
7112. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp"}
7113.  
7114. Returned value:
7115.  
7116. 0x0
7117.  
7118. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7119. Arguments:
7120.  
7121. {"FileHandle":"0x18f750","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp"}
7122.  
7123. Returned value:
7124.  
7125. null
7126.  
7127. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7128. Arguments:
7129.  
7130. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users"}
7131.  
7132. Returned value:
7133.  
7134. null
7135.  
7136. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7137. Arguments:
7138.  
7139. {"objectName":"\\??\\C:\\Users"}
7140.  
7141. Returned value:
7142.  
7143. 0x0
7144.  
7145. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7146. Arguments:
7147.  
7148. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users\\admin"}
7149.  
7150. Returned value:
7151.  
7152. null
7153.  
7154. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7155. Arguments:
7156.  
7157. {"objectName":"\\??\\C:\\Users\\admin"}
7158.  
7159. Returned value:
7160.  
7161. 0x0
7162.  
7163. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7164. Arguments:
7165.  
7166. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users\\<USER>\\AppData"}
7167.  
7168. Returned value:
7169.  
7170. null
7171.  
7172. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7173. Arguments:
7174.  
7175. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData"}
7176.  
7177. Returned value:
7178.  
7179. 0x0
7180.  
7181. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7182. Arguments:
7183.  
7184. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local"}
7185.  
7186. Returned value:
7187.  
7188. null
7189.  
7190. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7191. Arguments:
7192.  
7193. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local"}
7194.  
7195. Returned value:
7196.  
7197. 0x0
7198.  
7199. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7200. Arguments:
7201.  
7202. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp"}
7203.  
7204. Returned value:
7205.  
7206. null
7207.  
7208. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7209. Arguments:
7210.  
7211. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp"}
7212.  
7213. Returned value:
7214.  
7215. 0x0
7216.  
7217. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7218. Arguments:
7219.  
7220. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp"}
7221.  
7222. Returned value:
7223.  
7224. null
7225.  
7226. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7227. Arguments:
7228.  
7229. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp"}
7230.  
7231. Returned value:
7232.  
7233. 0x0
7234.  
7235. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
7236. Arguments:
7237.  
7238. {"FileHandle":"0x18f8e8","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp"}
7239.  
7240. Returned value:
7241.  
7242. null
7243.  
7244. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7245. Arguments:
7246.  
7247. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\header.bmp"}
7248.  
7249. Returned value:
7250.  
7251. 0xc0000034
7252.  
7253. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7254. Arguments:
7255.  
7256. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\header.bmp"}
7257.  
7258. Returned value:
7259.  
7260. 0xc0000034
7261.  
7262. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7263. Arguments:
7264.  
7265. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\header.bmp"}
7266.  
7267. Returned value:
7268.  
7269. null
7270.  
7271. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
7272. Arguments:
7273.  
7274. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x2","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\header.bmp","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
7275.  
7276. Returned value:
7277.  
7278. 0x1c
7279.  
7280. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
7281. Arguments:
7282.  
7283. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x2","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\header.bmp","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
7284.  
7285. Returned value:
7286.  
7287. 0x1c
7288.  
7289. KernelBase.dll! WriteFile #file (#2236) important_document.exe
7290. Arguments:
7291.  
7292. {"nNumberOfBytesToWrite":"0x11a","lpBuffer":"BM\u001a\u0001","lpNumberOfBytesWritten":"0x18f91c","hFile":"0x1c"}
7293.  
7294. Returned value:
7295.  
7296. 0x1
7297.  
7298. KernelBase.dll! SetFileTime #highlighted (#2236) important_document.exe
7299. Arguments:
7300.  
7301. {"desc":"Tries to modify filetime by calling kernel32.dll!SetFileTime"}
7302.  
7303. Returned value:
7304.  
7305. null
7306.  
7307. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7308. Arguments:
7309.  
7310. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\btmimg.bmp"}
7311.  
7312. Returned value:
7313.  
7314. 0xc0000034
7315.  
7316. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7317. Arguments:
7318.  
7319. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\btmimg.bmp"}
7320.  
7321. Returned value:
7322.  
7323. 0xc0000034
7324.  
7325. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7326. Arguments:
7327.  
7328. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\btmimg.bmp"}
7329.  
7330. Returned value:
7331.  
7332. null
7333.  
7334. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
7335. Arguments:
7336.  
7337. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x2","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\btmimg.bmp","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
7338.  
7339. Returned value:
7340.  
7341. 0x1c
7342.  
7343. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
7344. Arguments:
7345.  
7346. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x2","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\btmimg.bmp","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
7347.  
7348. Returned value:
7349.  
7350. 0x1c
7351.  
7352. KernelBase.dll! SetFileTime #highlighted (#2236) important_document.exe
7353. Arguments:
7354.  
7355. {"desc":"Tries to modify filetime by calling kernel32.dll!SetFileTime"}
7356.  
7357. Returned value:
7358.  
7359. null
7360.  
7361. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7362. Arguments:
7363.  
7364. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\leftimg.bmp"}
7365.  
7366. Returned value:
7367.  
7368. 0xc0000034
7369.  
7370. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7371. Arguments:
7372.  
7373. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\leftimg.bmp"}
7374.  
7375. Returned value:
7376.  
7377. 0xc0000034
7378.  
7379. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7380. Arguments:
7381.  
7382. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\leftimg.bmp"}
7383.  
7384. Returned value:
7385.  
7386. null
7387.  
7388. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
7389. Arguments:
7390.  
7391. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x2","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\leftimg.bmp","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
7392.  
7393. Returned value:
7394.  
7395. 0x1c
7396.  
7397. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
7398. Arguments:
7399.  
7400. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x2","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\leftimg.bmp","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
7401.  
7402. Returned value:
7403.  
7404. 0x1c
7405.  
7406. KernelBase.dll! SetFileTime #highlighted (#2236) important_document.exe
7407. Arguments:
7408.  
7409. {"desc":"Tries to modify filetime by calling kernel32.dll!SetFileTime"}
7410.  
7411. Returned value:
7412.  
7413. null
7414.  
7415. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7416. Arguments:
7417.  
7418. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Header.bmp"}
7419.  
7420. Returned value:
7421.  
7422. 0x0
7423.  
7424. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7425. Arguments:
7426.  
7427. {"FileHandle":"0x18f324","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Header.bmp"}
7428.  
7429. Returned value:
7430.  
7431. null
7432.  
7433. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
7434. Arguments:
7435.  
7436. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Header.bmp","dwDesiredAccess":"0x80000000","dwShareMode":"0x1"}
7437.  
7438. Returned value:
7439.  
7440. 0x1c
7441.  
7442. KernelBase.dll! GetFileSize #file (#2236) important_document.exe
7443. Arguments:
7444.  
7445. {"lpFileSizeHigh":"0x11a","hFile":"0x1c"}
7446.  
7447. Returned value:
7448.  
7449. null
7450.  
7451. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7452. Arguments:
7453.  
7454. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Leftimg.bmp"}
7455.  
7456. Returned value:
7457.  
7458. 0x0
7459.  
7460. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7461. Arguments:
7462.  
7463. {"FileHandle":"0x18f324","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Leftimg.bmp"}
7464.  
7465. Returned value:
7466.  
7467. null
7468.  
7469. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
7470. Arguments:
7471.  
7472. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Leftimg.bmp","dwDesiredAccess":"0x80000000","dwShareMode":"0x1"}
7473.  
7474. Returned value:
7475.  
7476. 0x1c
7477.  
7478. KernelBase.dll! GetFileSize #file (#2236) important_document.exe
7479. Arguments:
7480.  
7481. {"lpFileSizeHigh":"0x3d5c6","hFile":"0x1c"}
7482.  
7483. Returned value:
7484.  
7485. null
7486.  
7487. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7488. Arguments:
7489.  
7490. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Btmimg.bmp"}
7491.  
7492. Returned value:
7493.  
7494. 0x0
7495.  
7496. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7497. Arguments:
7498.  
7499. {"FileHandle":"0x18f324","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Btmimg.bmp"}
7500.  
7501. Returned value:
7502.  
7503. null
7504.  
7505. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
7506. Arguments:
7507.  
7508. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Btmimg.bmp","dwDesiredAccess":"0x80000000","dwShareMode":"0x1"}
7509.  
7510. Returned value:
7511.  
7512. 0x1c
7513.  
7514. KernelBase.dll! GetFileSize #file (#2236) important_document.exe
7515. Arguments:
7516.  
7517. {"lpFileSizeHigh":"0x238f6","hFile":"0x1c"}
7518.  
7519. Returned value:
7520.  
7521. null
7522.  
7523. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7524. Arguments:
7525.  
7526. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users"}
7527.  
7528. Returned value:
7529.  
7530. null
7531.  
7532. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7533. Arguments:
7534.  
7535. {"objectName":"\\??\\C:\\Users"}
7536.  
7537. Returned value:
7538.  
7539. 0x0
7540.  
7541. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7542. Arguments:
7543.  
7544. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users\\admin"}
7545.  
7546. Returned value:
7547.  
7548. null
7549.  
7550. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7551. Arguments:
7552.  
7553. {"objectName":"\\??\\C:\\Users\\admin"}
7554.  
7555. Returned value:
7556.  
7557. 0x0
7558.  
7559. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7560. Arguments:
7561.  
7562. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users\\<USER>\\AppData"}
7563.  
7564. Returned value:
7565.  
7566. null
7567.  
7568. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7569. Arguments:
7570.  
7571. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData"}
7572.  
7573. Returned value:
7574.  
7575. 0x0
7576.  
7577. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7578. Arguments:
7579.  
7580. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local"}
7581.  
7582. Returned value:
7583.  
7584. null
7585.  
7586. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7587. Arguments:
7588.  
7589. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local"}
7590.  
7591. Returned value:
7592.  
7593. 0x0
7594.  
7595. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7596. Arguments:
7597.  
7598. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp"}
7599.  
7600. Returned value:
7601.  
7602. null
7603.  
7604. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7605. Arguments:
7606.  
7607. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp"}
7608.  
7609. Returned value:
7610.  
7611. 0x0
7612.  
7613. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7614. Arguments:
7615.  
7616. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp"}
7617.  
7618. Returned value:
7619.  
7620. null
7621.  
7622. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7623. Arguments:
7624.  
7625. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp"}
7626.  
7627. Returned value:
7628.  
7629. 0x0
7630.  
7631. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7632. Arguments:
7633.  
7634. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
7635.  
7636. Returned value:
7637.  
7638. 0xc0000034
7639.  
7640. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7641. Arguments:
7642.  
7643. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
7644.  
7645. Returned value:
7646.  
7647. 0xc0000034
7648.  
7649. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7650. Arguments:
7651.  
7652. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
7653.  
7654. Returned value:
7655.  
7656. null
7657.  
7658. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
7659. Arguments:
7660.  
7661. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x2","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
7662.  
7663. Returned value:
7664.  
7665. 0x1c
7666.  
7667. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
7668. Arguments:
7669.  
7670. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x2","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
7671.  
7672. Returned value:
7673.  
7674. 0x1c
7675.  
7676. KernelBase.dll! SetFileTime #highlighted (#2236) important_document.exe
7677. Arguments:
7678.  
7679. {"desc":"Tries to modify filetime by calling kernel32.dll!SetFileTime"}
7680.  
7681. Returned value:
7682.  
7683. null
7684.  
7685. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7686. Arguments:
7687.  
7688. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Finish.ini"}
7689.  
7690. Returned value:
7691.  
7692. 0xc0000034
7693.  
7694. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7695. Arguments:
7696.  
7697. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Finish.ini"}
7698.  
7699. Returned value:
7700.  
7701. 0xc0000034
7702.  
7703. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7704. Arguments:
7705.  
7706. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Finish.ini"}
7707.  
7708. Returned value:
7709.  
7710. null
7711.  
7712. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
7713. Arguments:
7714.  
7715. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x2","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Finish.ini","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
7716.  
7717. Returned value:
7718.  
7719. 0x1c
7720.  
7721. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
7722. Arguments:
7723.  
7724. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x2","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Finish.ini","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
7725.  
7726. Returned value:
7727.  
7728. 0x1c
7729.  
7730. KernelBase.dll! SetFileTime #highlighted (#2236) important_document.exe
7731. Arguments:
7732.  
7733. {"desc":"Tries to modify filetime by calling kernel32.dll!SetFileTime"}
7734.  
7735. Returned value:
7736.  
7737. null
7738.  
7739. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7740. Arguments:
7741.  
7742. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users"}
7743.  
7744. Returned value:
7745.  
7746. null
7747.  
7748. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7749. Arguments:
7750.  
7751. {"objectName":"\\??\\C:\\Users"}
7752.  
7753. Returned value:
7754.  
7755. 0x0
7756.  
7757. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7758. Arguments:
7759.  
7760. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users\\admin"}
7761.  
7762. Returned value:
7763.  
7764. null
7765.  
7766. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7767. Arguments:
7768.  
7769. {"objectName":"\\??\\C:\\Users\\admin"}
7770.  
7771. Returned value:
7772.  
7773. 0x0
7774.  
7775. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7776. Arguments:
7777.  
7778. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users\\<USER>\\AppData"}
7779.  
7780. Returned value:
7781.  
7782. null
7783.  
7784. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7785. Arguments:
7786.  
7787. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData"}
7788.  
7789. Returned value:
7790.  
7791. 0x0
7792.  
7793. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7794. Arguments:
7795.  
7796. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local"}
7797.  
7798. Returned value:
7799.  
7800. null
7801.  
7802. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7803. Arguments:
7804.  
7805. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local"}
7806.  
7807. Returned value:
7808.  
7809. 0x0
7810.  
7811. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7812. Arguments:
7813.  
7814. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp"}
7815.  
7816. Returned value:
7817.  
7818. null
7819.  
7820. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7821. Arguments:
7822.  
7823. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp"}
7824.  
7825. Returned value:
7826.  
7827. 0x0
7828.  
7829. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7830. Arguments:
7831.  
7832. {"FileHandle":"0x18f914","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp"}
7833.  
7834. Returned value:
7835.  
7836. null
7837.  
7838. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7839. Arguments:
7840.  
7841. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp"}
7842.  
7843. Returned value:
7844.  
7845. 0x0
7846.  
7847. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
7848. Arguments:
7849.  
7850. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\"}
7851.  
7852. Returned value:
7853.  
7854. null
7855.  
7856. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7857. Arguments:
7858.  
7859. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\StartMenu.ini"}
7860.  
7861. Returned value:
7862.  
7863. 0xc0000034
7864.  
7865. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7866. Arguments:
7867.  
7868. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\StartMenu.ini"}
7869.  
7870. Returned value:
7871.  
7872. 0xc0000034
7873.  
7874. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7875. Arguments:
7876.  
7877. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\StartMenu.ini"}
7878.  
7879. Returned value:
7880.  
7881. null
7882.  
7883. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
7884. Arguments:
7885.  
7886. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x2","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\StartMenu.ini","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
7887.  
7888. Returned value:
7889.  
7890. 0x1c
7891.  
7892. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
7893. Arguments:
7894.  
7895. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x2","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\StartMenu.ini","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
7896.  
7897. Returned value:
7898.  
7899. 0x1c
7900.  
7901. KernelBase.dll! SetFileTime #highlighted (#2236) important_document.exe
7902. Arguments:
7903.  
7904. {"desc":"Tries to modify filetime by calling kernel32.dll!SetFileTime"}
7905.  
7906. Returned value:
7907.  
7908. null
7909.  
7910. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7911. Arguments:
7912.  
7913. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
7914.  
7915. Returned value:
7916.  
7917. 0xc0000034
7918.  
7919. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
7920. Arguments:
7921.  
7922. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
7923.  
7924. Returned value:
7925.  
7926. null
7927.  
7928. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
7929. Arguments:
7930.  
7931. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
7932.  
7933. Returned value:
7934.  
7935. 0x1c
7936.  
7937. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
7938. Arguments:
7939.  
7940. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
7941.  
7942. Returned value:
7943.  
7944. 0x1c
7945.  
7946. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7947. Arguments:
7948.  
7949. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
7950.  
7951. Returned value:
7952.  
7953. 0x0
7954.  
7955. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
7956. Arguments:
7957.  
7958. {"FileHandle":"0x18f29c","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
7959.  
7960. Returned value:
7961.  
7962. null
7963.  
7964. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7965. Arguments:
7966.  
7967. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
7968.  
7969. Returned value:
7970.  
7971. 0x0
7972.  
7973. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
7974. Arguments:
7975.  
7976. {"FileHandle":"0x18f29c","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
7977.  
7978. Returned value:
7979.  
7980. null
7981.  
7982. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
7983. Arguments:
7984.  
7985. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
7986.  
7987. Returned value:
7988.  
7989. 0x0
7990.  
7991. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
7992. Arguments:
7993.  
7994. {"FileHandle":"0x18f6f8","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
7995.  
7996. Returned value:
7997.  
7998. null
7999.  
8000. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
8001. Arguments:
8002.  
8003. {"DesiredAccess":"0x9","KeyHandle":"0x18f3ec","objectName":"DllNXOptions"}
8004.  
8005. Returned value:
8006.  
8007. 0x0
8008.  
8009. KernelBase.dll! LoadLibraryExA #misc (#2236) important_document.exe
8010. Arguments:
8011.  
8012. {"lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8013.  
8014. Returned value:
8015.  
8016. 0x10000000
8017.  
8018. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8019. Arguments:
8020.  
8021. {"lpProcName":"ErrorStyle","hModule":null}
8022.  
8023. Returned value:
8024.  
8025. 0x10001151
8026.  
8027. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8028. Arguments:
8029.  
8030. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8031.  
8032. Returned value:
8033.  
8034. 0x0
8035.  
8036. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
8037. Arguments:
8038.  
8039. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8040.  
8041. Returned value:
8042.  
8043. null
8044.  
8045. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
8046. Arguments:
8047.  
8048. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8049.  
8050. Returned value:
8051.  
8052. 0xffffffff
8053.  
8054. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
8055. Arguments:
8056.  
8057. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8058.  
8059. Returned value:
8060.  
8061. 0xffffffff
8062.  
8063. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8064. Arguments:
8065.  
8066. {"lpProcName":"ErrorStyle","hModule":null}
8067.  
8068. Returned value:
8069.  
8070. 0x10001151
8071.  
8072. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8073. Arguments:
8074.  
8075. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8076.  
8077. Returned value:
8078.  
8079. 0x0
8080.  
8081. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
8082. Arguments:
8083.  
8084. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8085.  
8086. Returned value:
8087.  
8088. null
8089.  
8090. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
8091. Arguments:
8092.  
8093. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8094.  
8095. Returned value:
8096.  
8097. 0xffffffff
8098.  
8099. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
8100. Arguments:
8101.  
8102. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8103.  
8104. Returned value:
8105.  
8106. 0xffffffff
8107.  
8108. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8109. Arguments:
8110.  
8111. {"lpProcName":"New","hModule":null}
8112.  
8113. Returned value:
8114.  
8115. 0x1000127d
8116.  
8117. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
8118. Arguments:
8119.  
8120. {"OpenOptions":"0x0","KeyHandle":"0x18f078","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
8121.  
8122. Returned value:
8123.  
8124. 0x0
8125.  
8126. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
8127. Arguments:
8128.  
8129. {"OpenOptions":"0x0","KeyHandle":"0x18f0f0","objectName":"KnownFolders","DesiredAccess":"0x1"}
8130.  
8131. Returned value:
8132.  
8133. 0xc0000034
8134.  
8135. ntdll.dll! NtOpenKey #native (#2236) important_document.exe
8136. Arguments:
8137.  
8138. {"DesiredAccess":"0x20019","KeyHandle":"0x18f3c0","objectName":"\\REGISTRY\\USER\\S-1-5-21-364843204-231886559-199882026-1001"}
8139.  
8140. Returned value:
8141.  
8142. 0x0
8143.  
8144. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
8145. Arguments:
8146.  
8147. {"OpenOptions":"0x0","KeyHandle":"0x18f408","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
8148.  
8149. Returned value:
8150.  
8151. 0x0
8152.  
8153. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8154. Arguments:
8155.  
8156. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs"}
8157.  
8158. Returned value:
8159.  
8160. 0x0
8161.  
8162. KernelBase.dll! GetFileAttributesW #file (#2236) important_document.exe
8163. Arguments:
8164.  
8165. {"lpFileName":"C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs"}
8166.  
8167. Returned value:
8168.  
8169. 0x11
8170.  
8171. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8172. Arguments:
8173.  
8174. {"FileHandle":"0x18f41c","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\"}
8175.  
8176. Returned value:
8177.  
8178. null
8179.  
8180. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8181. Arguments:
8182.  
8183. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\"}
8184.  
8185. Returned value:
8186.  
8187. null
8188.  
8189. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8190. Arguments:
8191.  
8192. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8193.  
8194. Returned value:
8195.  
8196. 0x0
8197.  
8198. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
8199. Arguments:
8200.  
8201. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8202.  
8203. Returned value:
8204.  
8205. null
8206.  
8207. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
8208. Arguments:
8209.  
8210. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8211.  
8212. Returned value:
8213.  
8214. 0xffffffff
8215.  
8216. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
8217. Arguments:
8218.  
8219. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8220.  
8221. Returned value:
8222.  
8223. 0xffffffff
8224.  
8225. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8226. Arguments:
8227.  
8228. {"lpProcName":"ExistsI","hModule":null}
8229.  
8230. Returned value:
8231.  
8232. 0x100030ec
8233.  
8234. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8235. Arguments:
8236.  
8237. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8238.  
8239. Returned value:
8240.  
8241. 0x0
8242.  
8243. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
8244. Arguments:
8245.  
8246. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8247.  
8248. Returned value:
8249.  
8250. null
8251.  
8252. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
8253. Arguments:
8254.  
8255. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8256.  
8257. Returned value:
8258.  
8259. 0xffffffff
8260.  
8261. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
8262. Arguments:
8263.  
8264. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8265.  
8266. Returned value:
8267.  
8268. 0xffffffff
8269.  
8270. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8271. Arguments:
8272.  
8273. {"lpProcName":"Push","hModule":null}
8274.  
8275. Returned value:
8276.  
8277. 0x10001ed7
8278.  
8279. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8280. Arguments:
8281.  
8282. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\"}
8283.  
8284. Returned value:
8285.  
8286. null
8287.  
8288. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8289. Arguments:
8290.  
8291. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8292.  
8293. Returned value:
8294.  
8295. 0x0
8296.  
8297. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
8298. Arguments:
8299.  
8300. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8301.  
8302. Returned value:
8303.  
8304. null
8305.  
8306. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
8307. Arguments:
8308.  
8309. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8310.  
8311. Returned value:
8312.  
8313. 0xffffffff
8314.  
8315. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
8316. Arguments:
8317.  
8318. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8319.  
8320. Returned value:
8321.  
8322. 0xffffffff
8323.  
8324. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8325. Arguments:
8326.  
8327. {"lpProcName":"ExistsI","hModule":null}
8328.  
8329. Returned value:
8330.  
8331. 0x100030ec
8332.  
8333. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8334. Arguments:
8335.  
8336. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8337.  
8338. Returned value:
8339.  
8340. 0x0
8341.  
8342. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
8343. Arguments:
8344.  
8345. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8346.  
8347. Returned value:
8348.  
8349. null
8350.  
8351. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
8352. Arguments:
8353.  
8354. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8355.  
8356. Returned value:
8357.  
8358. 0xffffffff
8359.  
8360. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
8361. Arguments:
8362.  
8363. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8364.  
8365. Returned value:
8366.  
8367. 0xffffffff
8368.  
8369. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8370. Arguments:
8371.  
8372. {"lpProcName":"Push","hModule":null}
8373.  
8374. Returned value:
8375.  
8376. 0x10001ed7
8377.  
8378. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8379. Arguments:
8380.  
8381. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini\\"}
8382.  
8383. Returned value:
8384.  
8385. null
8386.  
8387. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8388. Arguments:
8389.  
8390. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk\\"}
8391.  
8392. Returned value:
8393.  
8394. null
8395.  
8396. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8397. Arguments:
8398.  
8399. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk\\"}
8400.  
8401. Returned value:
8402.  
8403. null
8404.  
8405. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8406. Arguments:
8407.  
8408. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\"}
8409.  
8410. Returned value:
8411.  
8412. null
8413.  
8414. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8415. Arguments:
8416.  
8417. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8418.  
8419. Returned value:
8420.  
8421. 0x0
8422.  
8423. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
8424. Arguments:
8425.  
8426. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8427.  
8428. Returned value:
8429.  
8430. null
8431.  
8432. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
8433. Arguments:
8434.  
8435. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8436.  
8437. Returned value:
8438.  
8439. 0xffffffff
8440.  
8441. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
8442. Arguments:
8443.  
8444. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8445.  
8446. Returned value:
8447.  
8448. 0xffffffff
8449.  
8450. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8451. Arguments:
8452.  
8453. {"lpProcName":"ExistsI","hModule":null}
8454.  
8455. Returned value:
8456.  
8457. 0x100030ec
8458.  
8459. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8460. Arguments:
8461.  
8462. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8463.  
8464. Returned value:
8465.  
8466. 0x0
8467.  
8468. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
8469. Arguments:
8470.  
8471. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8472.  
8473. Returned value:
8474.  
8475. null
8476.  
8477. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
8478. Arguments:
8479.  
8480. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8481.  
8482. Returned value:
8483.  
8484. 0xffffffff
8485.  
8486. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
8487. Arguments:
8488.  
8489. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8490.  
8491. Returned value:
8492.  
8493. 0xffffffff
8494.  
8495. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8496. Arguments:
8497.  
8498. {"lpProcName":"Push","hModule":null}
8499.  
8500. Returned value:
8501.  
8502. 0x10001ed7
8503.  
8504. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8505. Arguments:
8506.  
8507. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Python 3.7\\"}
8508.  
8509. Returned value:
8510.  
8511. null
8512.  
8513. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8514. Arguments:
8515.  
8516. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8517.  
8518. Returned value:
8519.  
8520. 0x0
8521.  
8522. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
8523. Arguments:
8524.  
8525. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8526.  
8527. Returned value:
8528.  
8529. null
8530.  
8531. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
8532. Arguments:
8533.  
8534. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8535.  
8536. Returned value:
8537.  
8538. 0xffffffff
8539.  
8540. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
8541. Arguments:
8542.  
8543. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8544.  
8545. Returned value:
8546.  
8547. 0xffffffff
8548.  
8549. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8550. Arguments:
8551.  
8552. {"lpProcName":"ExistsI","hModule":null}
8553.  
8554. Returned value:
8555.  
8556. 0x100030ec
8557.  
8558. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8559. Arguments:
8560.  
8561. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8562.  
8563. Returned value:
8564.  
8565. 0x0
8566.  
8567. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
8568. Arguments:
8569.  
8570. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8571.  
8572. Returned value:
8573.  
8574. null
8575.  
8576. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
8577. Arguments:
8578.  
8579. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8580.  
8581. Returned value:
8582.  
8583. 0xffffffff
8584.  
8585. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
8586. Arguments:
8587.  
8588. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8589.  
8590. Returned value:
8591.  
8592. 0xffffffff
8593.  
8594. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8595. Arguments:
8596.  
8597. {"lpProcName":"Push","hModule":null}
8598.  
8599. Returned value:
8600.  
8601. 0x10001ed7
8602.  
8603. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8604. Arguments:
8605.  
8606. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\"}
8607.  
8608. Returned value:
8609.  
8610. null
8611.  
8612. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8613. Arguments:
8614.  
8615. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8616.  
8617. Returned value:
8618.  
8619. 0x0
8620.  
8621. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
8622. Arguments:
8623.  
8624. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8625.  
8626. Returned value:
8627.  
8628. null
8629.  
8630. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
8631. Arguments:
8632.  
8633. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8634.  
8635. Returned value:
8636.  
8637. 0xffffffff
8638.  
8639. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
8640. Arguments:
8641.  
8642. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8643.  
8644. Returned value:
8645.  
8646. 0xffffffff
8647.  
8648. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8649. Arguments:
8650.  
8651. {"lpProcName":"ExistsI","hModule":null}
8652.  
8653. Returned value:
8654.  
8655. 0x100030ec
8656.  
8657. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8658. Arguments:
8659.  
8660. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8661.  
8662. Returned value:
8663.  
8664. 0x0
8665.  
8666. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
8667. Arguments:
8668.  
8669. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8670.  
8671. Returned value:
8672.  
8673. null
8674.  
8675. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
8676. Arguments:
8677.  
8678. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8679.  
8680. Returned value:
8681.  
8682. 0xffffffff
8683.  
8684. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
8685. Arguments:
8686.  
8687. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8688.  
8689. Returned value:
8690.  
8691. 0xffffffff
8692.  
8693. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8694. Arguments:
8695.  
8696. {"lpProcName":"Push","hModule":null}
8697.  
8698. Returned value:
8699.  
8700. 0x10001ed7
8701.  
8702. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
8703. Arguments:
8704.  
8705. {"OpenOptions":"0x0","KeyHandle":"0x18f078","objectName":"SessionInfo\\1","DesiredAccess":"0x1"}
8706.  
8707. Returned value:
8708.  
8709. 0x0
8710.  
8711. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
8712. Arguments:
8713.  
8714. {"OpenOptions":"0x0","KeyHandle":"0x18f0f0","objectName":"KnownFolders","DesiredAccess":"0x1"}
8715.  
8716. Returned value:
8717.  
8718. 0xc0000034
8719.  
8720. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
8721. Arguments:
8722.  
8723. {"OpenOptions":"0x0","KeyHandle":"0x18f40c","objectName":"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","DesiredAccess":"0x20019"}
8724.  
8725. Returned value:
8726.  
8727. 0x0
8728.  
8729. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8730. Arguments:
8731.  
8732. {"objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs"}
8733.  
8734. Returned value:
8735.  
8736. 0x0
8737.  
8738. KernelBase.dll! GetFileAttributesW #file (#2236) important_document.exe
8739. Arguments:
8740.  
8741. {"lpFileName":"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs"}
8742.  
8743. Returned value:
8744.  
8745. 0x11
8746.  
8747. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8748. Arguments:
8749.  
8750. {"FileHandle":"0x18f41c","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\"}
8751.  
8752. Returned value:
8753.  
8754. null
8755.  
8756. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8757. Arguments:
8758.  
8759. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\"}
8760.  
8761. Returned value:
8762.  
8763. null
8764.  
8765. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8766. Arguments:
8767.  
8768. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8769.  
8770. Returned value:
8771.  
8772. 0x0
8773.  
8774. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
8775. Arguments:
8776.  
8777. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8778.  
8779. Returned value:
8780.  
8781. null
8782.  
8783. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
8784. Arguments:
8785.  
8786. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8787.  
8788. Returned value:
8789.  
8790. 0xffffffff
8791.  
8792. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
8793. Arguments:
8794.  
8795. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8796.  
8797. Returned value:
8798.  
8799. 0xffffffff
8800.  
8801. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8802. Arguments:
8803.  
8804. {"lpProcName":"ExistsI","hModule":null}
8805.  
8806. Returned value:
8807.  
8808. 0x100030ec
8809.  
8810. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8811. Arguments:
8812.  
8813. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Acrobat Reader DC.lnk\\"}
8814.  
8815. Returned value:
8816.  
8817. null
8818.  
8819. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8820. Arguments:
8821.  
8822. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\"}
8823.  
8824. Returned value:
8825.  
8826. null
8827.  
8828. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8829. Arguments:
8830.  
8831. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8832.  
8833. Returned value:
8834.  
8835. 0x0
8836.  
8837. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
8838. Arguments:
8839.  
8840. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8841.  
8842. Returned value:
8843.  
8844. null
8845.  
8846. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
8847. Arguments:
8848.  
8849. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8850.  
8851. Returned value:
8852.  
8853. 0xffffffff
8854.  
8855. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
8856. Arguments:
8857.  
8858. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8859.  
8860. Returned value:
8861.  
8862. 0xffffffff
8863.  
8864. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8865. Arguments:
8866.  
8867. {"lpProcName":"ExistsI","hModule":null}
8868.  
8869. Returned value:
8870.  
8871. 0x100030ec
8872.  
8873. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8874. Arguments:
8875.  
8876. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini\\"}
8877.  
8878. Returned value:
8879.  
8880. null
8881.  
8882. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8883. Arguments:
8884.  
8885. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Firefox.lnk\\"}
8886.  
8887. Returned value:
8888.  
8889. null
8890.  
8891. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8892. Arguments:
8893.  
8894. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\"}
8895.  
8896. Returned value:
8897.  
8898. null
8899.  
8900. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8901. Arguments:
8902.  
8903. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8904.  
8905. Returned value:
8906.  
8907. 0x0
8908.  
8909. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
8910. Arguments:
8911.  
8912. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8913.  
8914. Returned value:
8915.  
8916. null
8917.  
8918. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
8919. Arguments:
8920.  
8921. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8922.  
8923. Returned value:
8924.  
8925. 0xffffffff
8926.  
8927. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
8928. Arguments:
8929.  
8930. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8931.  
8932. Returned value:
8933.  
8934. 0xffffffff
8935.  
8936. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8937. Arguments:
8938.  
8939. {"lpProcName":"ExistsI","hModule":null}
8940.  
8941. Returned value:
8942.  
8943. 0x100030ec
8944.  
8945. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
8946. Arguments:
8947.  
8948. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8949.  
8950. Returned value:
8951.  
8952. 0x0
8953.  
8954. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
8955. Arguments:
8956.  
8957. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
8958.  
8959. Returned value:
8960.  
8961. null
8962.  
8963. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
8964. Arguments:
8965.  
8966. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8967.  
8968. Returned value:
8969.  
8970. 0xffffffff
8971.  
8972. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
8973. Arguments:
8974.  
8975. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
8976.  
8977. Returned value:
8978.  
8979. 0xffffffff
8980.  
8981. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
8982. Arguments:
8983.  
8984. {"lpProcName":"Push","hModule":null}
8985.  
8986. Returned value:
8987.  
8988. 0x10001ed7
8989.  
8990. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
8991. Arguments:
8992.  
8993. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk\\"}
8994.  
8995. Returned value:
8996.  
8997. null
8998.  
8999. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
9000. Arguments:
9001.  
9002. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\"}
9003.  
9004. Returned value:
9005.  
9006. null
9007.  
9008. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9009. Arguments:
9010.  
9011. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9012.  
9013. Returned value:
9014.  
9015. 0x0
9016.  
9017. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9018. Arguments:
9019.  
9020. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9021.  
9022. Returned value:
9023.  
9024. null
9025.  
9026. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9027. Arguments:
9028.  
9029. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9030.  
9031. Returned value:
9032.  
9033. 0xffffffff
9034.  
9035. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9036. Arguments:
9037.  
9038. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9039.  
9040. Returned value:
9041.  
9042. 0xffffffff
9043.  
9044. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9045. Arguments:
9046.  
9047. {"lpProcName":"ExistsI","hModule":null}
9048.  
9049. Returned value:
9050.  
9051. 0x100030ec
9052.  
9053. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9054. Arguments:
9055.  
9056. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9057.  
9058. Returned value:
9059.  
9060. 0x0
9061.  
9062. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9063. Arguments:
9064.  
9065. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9066.  
9067. Returned value:
9068.  
9069. null
9070.  
9071. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9072. Arguments:
9073.  
9074. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9075.  
9076. Returned value:
9077.  
9078. 0xffffffff
9079.  
9080. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9081. Arguments:
9082.  
9083. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9084.  
9085. Returned value:
9086.  
9087. 0xffffffff
9088.  
9089. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9090. Arguments:
9091.  
9092. {"lpProcName":"Push","hModule":null}
9093.  
9094. Returned value:
9095.  
9096. 0x10001ed7
9097.  
9098. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
9099. Arguments:
9100.  
9101. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\"}
9102.  
9103. Returned value:
9104.  
9105. null
9106.  
9107. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9108. Arguments:
9109.  
9110. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9111.  
9112. Returned value:
9113.  
9114. 0x0
9115.  
9116. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9117. Arguments:
9118.  
9119. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9120.  
9121. Returned value:
9122.  
9123. null
9124.  
9125. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9126. Arguments:
9127.  
9128. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9129.  
9130. Returned value:
9131.  
9132. 0xffffffff
9133.  
9134. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9135. Arguments:
9136.  
9137. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9138.  
9139. Returned value:
9140.  
9141. 0xffffffff
9142.  
9143. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9144. Arguments:
9145.  
9146. {"lpProcName":"ExistsI","hModule":null}
9147.  
9148. Returned value:
9149.  
9150. 0x100030ec
9151.  
9152. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
9153. Arguments:
9154.  
9155. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Media Center.lnk\\"}
9156.  
9157. Returned value:
9158.  
9159. null
9160.  
9161. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
9162. Arguments:
9163.  
9164. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\OpenOffice 4.1.6\\"}
9165.  
9166. Returned value:
9167.  
9168. null
9169.  
9170. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9171. Arguments:
9172.  
9173. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9174.  
9175. Returned value:
9176.  
9177. 0x0
9178.  
9179. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9180. Arguments:
9181.  
9182. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9183.  
9184. Returned value:
9185.  
9186. null
9187.  
9188. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9189. Arguments:
9190.  
9191. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9192.  
9193. Returned value:
9194.  
9195. 0xffffffff
9196.  
9197. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9198. Arguments:
9199.  
9200. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9201.  
9202. Returned value:
9203.  
9204. 0xffffffff
9205.  
9206. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9207. Arguments:
9208.  
9209. {"lpProcName":"ExistsI","hModule":null}
9210.  
9211. Returned value:
9212.  
9213. 0x100030ec
9214.  
9215. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9216. Arguments:
9217.  
9218. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9219.  
9220. Returned value:
9221.  
9222. 0x0
9223.  
9224. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9225. Arguments:
9226.  
9227. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9228.  
9229. Returned value:
9230.  
9231. null
9232.  
9233. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9234. Arguments:
9235.  
9236. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9237.  
9238. Returned value:
9239.  
9240. 0xffffffff
9241.  
9242. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9243. Arguments:
9244.  
9245. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9246.  
9247. Returned value:
9248.  
9249. 0xffffffff
9250.  
9251. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9252. Arguments:
9253.  
9254. {"lpProcName":"Push","hModule":null}
9255.  
9256. Returned value:
9257.  
9258. 0x10001ed7
9259.  
9260. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
9261. Arguments:
9262.  
9263. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Sidebar.lnk\\"}
9264.  
9265. Returned value:
9266.  
9267. null
9268.  
9269. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
9270. Arguments:
9271.  
9272. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\"}
9273.  
9274. Returned value:
9275.  
9276. null
9277.  
9278. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9279. Arguments:
9280.  
9281. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9282.  
9283. Returned value:
9284.  
9285. 0x0
9286.  
9287. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9288. Arguments:
9289.  
9290. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9291.  
9292. Returned value:
9293.  
9294. null
9295.  
9296. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9297. Arguments:
9298.  
9299. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9300.  
9301. Returned value:
9302.  
9303. 0xffffffff
9304.  
9305. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9306. Arguments:
9307.  
9308. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9309.  
9310. Returned value:
9311.  
9312. 0xffffffff
9313.  
9314. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9315. Arguments:
9316.  
9317. {"lpProcName":"ExistsI","hModule":null}
9318.  
9319. Returned value:
9320.  
9321. 0x100030ec
9322.  
9323. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
9324. Arguments:
9325.  
9326. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Steam\\"}
9327.  
9328. Returned value:
9329.  
9330. null
9331.  
9332. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9333. Arguments:
9334.  
9335. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9336.  
9337. Returned value:
9338.  
9339. 0x0
9340.  
9341. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9342. Arguments:
9343.  
9344. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9345.  
9346. Returned value:
9347.  
9348. null
9349.  
9350. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9351. Arguments:
9352.  
9353. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9354.  
9355. Returned value:
9356.  
9357. 0xffffffff
9358.  
9359. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9360. Arguments:
9361.  
9362. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9363.  
9364. Returned value:
9365.  
9366. 0xffffffff
9367.  
9368. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9369. Arguments:
9370.  
9371. {"lpProcName":"ExistsI","hModule":null}
9372.  
9373. Returned value:
9374.  
9375. 0x100030ec
9376.  
9377. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9378. Arguments:
9379.  
9380. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9381.  
9382. Returned value:
9383.  
9384. 0x0
9385.  
9386. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9387. Arguments:
9388.  
9389. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9390.  
9391. Returned value:
9392.  
9393. null
9394.  
9395. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9396. Arguments:
9397.  
9398. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9399.  
9400. Returned value:
9401.  
9402. 0xffffffff
9403.  
9404. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9405. Arguments:
9406.  
9407. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9408.  
9409. Returned value:
9410.  
9411. 0xffffffff
9412.  
9413. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9414. Arguments:
9415.  
9416. {"lpProcName":"Push","hModule":null}
9417.  
9418. Returned value:
9419.  
9420. 0x10001ed7
9421.  
9422. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
9423. Arguments:
9424.  
9425. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Sublime Text 3.lnk\\"}
9426.  
9427. Returned value:
9428.  
9429. null
9430.  
9431. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
9432. Arguments:
9433.  
9434. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Tablet PC\\"}
9435.  
9436. Returned value:
9437.  
9438. null
9439.  
9440. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9441. Arguments:
9442.  
9443. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9444.  
9445. Returned value:
9446.  
9447. 0x0
9448.  
9449. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9450. Arguments:
9451.  
9452. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9453.  
9454. Returned value:
9455.  
9456. null
9457.  
9458. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9459. Arguments:
9460.  
9461. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9462.  
9463. Returned value:
9464.  
9465. 0xffffffff
9466.  
9467. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9468. Arguments:
9469.  
9470. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9471.  
9472. Returned value:
9473.  
9474. 0xffffffff
9475.  
9476. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9477. Arguments:
9478.  
9479. {"lpProcName":"ExistsI","hModule":null}
9480.  
9481. Returned value:
9482.  
9483. 0x100030ec
9484.  
9485. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9486. Arguments:
9487.  
9488. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9489.  
9490. Returned value:
9491.  
9492. 0x0
9493.  
9494. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9495. Arguments:
9496.  
9497. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9498.  
9499. Returned value:
9500.  
9501. null
9502.  
9503. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9504. Arguments:
9505.  
9506. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9507.  
9508. Returned value:
9509.  
9510. 0xffffffff
9511.  
9512. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9513. Arguments:
9514.  
9515. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9516.  
9517. Returned value:
9518.  
9519. 0xffffffff
9520.  
9521. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9522. Arguments:
9523.  
9524. {"lpProcName":"Push","hModule":null}
9525.  
9526. Returned value:
9527.  
9528. 0x10001ed7
9529.  
9530. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
9531. Arguments:
9532.  
9533. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows DVD Maker.lnk\\"}
9534.  
9535. Returned value:
9536.  
9537. null
9538.  
9539. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
9540. Arguments:
9541.  
9542. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk\\"}
9543.  
9544. Returned value:
9545.  
9546. null
9547.  
9548. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
9549. Arguments:
9550.  
9551. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Media Player.lnk\\"}
9552.  
9553. Returned value:
9554.  
9555. null
9556.  
9557. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
9558. Arguments:
9559.  
9560. {"FileHandle":"0x18f410","objectName":"\\??\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk\\"}
9561.  
9562. Returned value:
9563.  
9564. null
9565.  
9566. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9567. Arguments:
9568.  
9569. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9570.  
9571. Returned value:
9572.  
9573. 0x0
9574.  
9575. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9576. Arguments:
9577.  
9578. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9579.  
9580. Returned value:
9581.  
9582. null
9583.  
9584. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9585. Arguments:
9586.  
9587. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9588.  
9589. Returned value:
9590.  
9591. 0xffffffff
9592.  
9593. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9594. Arguments:
9595.  
9596. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9597.  
9598. Returned value:
9599.  
9600. 0xffffffff
9601.  
9602. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9603. Arguments:
9604.  
9605. {"lpProcName":"Sort","hModule":null}
9606.  
9607. Returned value:
9608.  
9609. 0x10002aa0
9610.  
9611. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9612. Arguments:
9613.  
9614. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9615.  
9616. Returned value:
9617.  
9618. 0x0
9619.  
9620. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9621. Arguments:
9622.  
9623. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9624.  
9625. Returned value:
9626.  
9627. null
9628.  
9629. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9630. Arguments:
9631.  
9632. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9633.  
9634. Returned value:
9635.  
9636. 0xffffffff
9637.  
9638. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9639. Arguments:
9640.  
9641. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9642.  
9643. Returned value:
9644.  
9645. 0xffffffff
9646.  
9647. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9648. Arguments:
9649.  
9650. {"lpProcName":"SizeOf","hModule":null}
9651.  
9652. Returned value:
9653.  
9654. 0x10003491
9655.  
9656. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9657. Arguments:
9658.  
9659. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9660.  
9661. Returned value:
9662.  
9663. 0x0
9664.  
9665. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9666. Arguments:
9667.  
9668. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9669.  
9670. Returned value:
9671.  
9672. null
9673.  
9674. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9675. Arguments:
9676.  
9677. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9678.  
9679. Returned value:
9680.  
9681. 0xffffffff
9682.  
9683. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9684. Arguments:
9685.  
9686. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9687.  
9688. Returned value:
9689.  
9690. 0xffffffff
9691.  
9692. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9693. Arguments:
9694.  
9695. {"lpProcName":"Read","hModule":null}
9696.  
9697. Returned value:
9698.  
9699. 0x10001b73
9700.  
9701. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9702. Arguments:
9703.  
9704. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9705.  
9706. Returned value:
9707.  
9708. 0x0
9709.  
9710. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9711. Arguments:
9712.  
9713. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9714.  
9715. Returned value:
9716.  
9717. null
9718.  
9719. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9720. Arguments:
9721.  
9722. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9723.  
9724. Returned value:
9725.  
9726. 0xffffffff
9727.  
9728. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9729. Arguments:
9730.  
9731. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9732.  
9733. Returned value:
9734.  
9735. 0xffffffff
9736.  
9737. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9738. Arguments:
9739.  
9740. {"lpProcName":"SizeOf","hModule":null}
9741.  
9742. Returned value:
9743.  
9744. 0x10003491
9745.  
9746. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9747. Arguments:
9748.  
9749. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9750.  
9751. Returned value:
9752.  
9753. 0x0
9754.  
9755. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9756. Arguments:
9757.  
9758. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9759.  
9760. Returned value:
9761.  
9762. null
9763.  
9764. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9765. Arguments:
9766.  
9767. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9768.  
9769. Returned value:
9770.  
9771. 0xffffffff
9772.  
9773. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9774. Arguments:
9775.  
9776. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9777.  
9778. Returned value:
9779.  
9780. 0xffffffff
9781.  
9782. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9783. Arguments:
9784.  
9785. {"lpProcName":"Read","hModule":null}
9786.  
9787. Returned value:
9788.  
9789. 0x10001b73
9790.  
9791. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9792. Arguments:
9793.  
9794. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9795.  
9796. Returned value:
9797.  
9798. 0x0
9799.  
9800. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9801. Arguments:
9802.  
9803. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9804.  
9805. Returned value:
9806.  
9807. null
9808.  
9809. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9810. Arguments:
9811.  
9812. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9813.  
9814. Returned value:
9815.  
9816. 0xffffffff
9817.  
9818. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9819. Arguments:
9820.  
9821. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9822.  
9823. Returned value:
9824.  
9825. 0xffffffff
9826.  
9827. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9828. Arguments:
9829.  
9830. {"lpProcName":"SizeOf","hModule":null}
9831.  
9832. Returned value:
9833.  
9834. 0x10003491
9835.  
9836. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9837. Arguments:
9838.  
9839. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9840.  
9841. Returned value:
9842.  
9843. 0x0
9844.  
9845. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9846. Arguments:
9847.  
9848. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9849.  
9850. Returned value:
9851.  
9852. null
9853.  
9854. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9855. Arguments:
9856.  
9857. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9858.  
9859. Returned value:
9860.  
9861. 0xffffffff
9862.  
9863. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9864. Arguments:
9865.  
9866. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9867.  
9868. Returned value:
9869.  
9870. 0xffffffff
9871.  
9872. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9873. Arguments:
9874.  
9875. {"lpProcName":"Read","hModule":null}
9876.  
9877. Returned value:
9878.  
9879. 0x10001b73
9880.  
9881. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9882. Arguments:
9883.  
9884. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9885.  
9886. Returned value:
9887.  
9888. 0x0
9889.  
9890. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9891. Arguments:
9892.  
9893. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9894.  
9895. Returned value:
9896.  
9897. null
9898.  
9899. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9900. Arguments:
9901.  
9902. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9903.  
9904. Returned value:
9905.  
9906. 0xffffffff
9907.  
9908. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9909. Arguments:
9910.  
9911. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9912.  
9913. Returned value:
9914.  
9915. 0xffffffff
9916.  
9917. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9918. Arguments:
9919.  
9920. {"lpProcName":"SizeOf","hModule":null}
9921.  
9922. Returned value:
9923.  
9924. 0x10003491
9925.  
9926. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9927. Arguments:
9928.  
9929. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9930.  
9931. Returned value:
9932.  
9933. 0x0
9934.  
9935. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9936. Arguments:
9937.  
9938. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9939.  
9940. Returned value:
9941.  
9942. null
9943.  
9944. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9945. Arguments:
9946.  
9947. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9948.  
9949. Returned value:
9950.  
9951. 0xffffffff
9952.  
9953. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9954. Arguments:
9955.  
9956. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9957.  
9958. Returned value:
9959.  
9960. 0xffffffff
9961.  
9962. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
9963. Arguments:
9964.  
9965. {"lpProcName":"Read","hModule":null}
9966.  
9967. Returned value:
9968.  
9969. 0x10001b73
9970.  
9971. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
9972. Arguments:
9973.  
9974. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9975.  
9976. Returned value:
9977.  
9978. 0x0
9979.  
9980. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
9981. Arguments:
9982.  
9983. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
9984.  
9985. Returned value:
9986.  
9987. null
9988.  
9989. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
9990. Arguments:
9991.  
9992. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
9993.  
9994. Returned value:
9995.  
9996. 0xffffffff
9997.  
9998. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
9999. Arguments:
10000.  
10001. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10002.  
10003. Returned value:
10004.  
10005. 0xffffffff
10006.  
10007. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10008. Arguments:
10009.  
10010. {"lpProcName":"SizeOf","hModule":null}
10011.  
10012. Returned value:
10013.  
10014. 0x10003491
10015.  
10016. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10017. Arguments:
10018.  
10019. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10020.  
10021. Returned value:
10022.  
10023. 0x0
10024.  
10025. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10026. Arguments:
10027.  
10028. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10029.  
10030. Returned value:
10031.  
10032. null
10033.  
10034. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
10035. Arguments:
10036.  
10037. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10038.  
10039. Returned value:
10040.  
10041. 0xffffffff
10042.  
10043. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
10044. Arguments:
10045.  
10046. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10047.  
10048. Returned value:
10049.  
10050. 0xffffffff
10051.  
10052. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10053. Arguments:
10054.  
10055. {"lpProcName":"Read","hModule":null}
10056.  
10057. Returned value:
10058.  
10059. 0x10001b73
10060.  
10061. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10062. Arguments:
10063.  
10064. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10065.  
10066. Returned value:
10067.  
10068. 0x0
10069.  
10070. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10071. Arguments:
10072.  
10073. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10074.  
10075. Returned value:
10076.  
10077. null
10078.  
10079. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
10080. Arguments:
10081.  
10082. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10083.  
10084. Returned value:
10085.  
10086. 0xffffffff
10087.  
10088. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
10089. Arguments:
10090.  
10091. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10092.  
10093. Returned value:
10094.  
10095. 0xffffffff
10096.  
10097. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10098. Arguments:
10099.  
10100. {"lpProcName":"SizeOf","hModule":null}
10101.  
10102. Returned value:
10103.  
10104. 0x10003491
10105.  
10106. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10107. Arguments:
10108.  
10109. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10110.  
10111. Returned value:
10112.  
10113. 0x0
10114.  
10115. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10116. Arguments:
10117.  
10118. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10119.  
10120. Returned value:
10121.  
10122. null
10123.  
10124. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
10125. Arguments:
10126.  
10127. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10128.  
10129. Returned value:
10130.  
10131. 0xffffffff
10132.  
10133. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
10134. Arguments:
10135.  
10136. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10137.  
10138. Returned value:
10139.  
10140. 0xffffffff
10141.  
10142. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10143. Arguments:
10144.  
10145. {"lpProcName":"Read","hModule":null}
10146.  
10147. Returned value:
10148.  
10149. 0x10001b73
10150.  
10151. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10152. Arguments:
10153.  
10154. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10155.  
10156. Returned value:
10157.  
10158. 0x0
10159.  
10160. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10161. Arguments:
10162.  
10163. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10164.  
10165. Returned value:
10166.  
10167. null
10168.  
10169. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
10170. Arguments:
10171.  
10172. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10173.  
10174. Returned value:
10175.  
10176. 0xffffffff
10177.  
10178. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
10179. Arguments:
10180.  
10181. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10182.  
10183. Returned value:
10184.  
10185. 0xffffffff
10186.  
10187. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10188. Arguments:
10189.  
10190. {"lpProcName":"SizeOf","hModule":null}
10191.  
10192. Returned value:
10193.  
10194. 0x10003491
10195.  
10196. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10197. Arguments:
10198.  
10199. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10200.  
10201. Returned value:
10202.  
10203. 0x0
10204.  
10205. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10206. Arguments:
10207.  
10208. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10209.  
10210. Returned value:
10211.  
10212. null
10213.  
10214. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
10215. Arguments:
10216.  
10217. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10218.  
10219. Returned value:
10220.  
10221. 0xffffffff
10222.  
10223. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
10224. Arguments:
10225.  
10226. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10227.  
10228. Returned value:
10229.  
10230. 0xffffffff
10231.  
10232. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10233. Arguments:
10234.  
10235. {"lpProcName":"Read","hModule":null}
10236.  
10237. Returned value:
10238.  
10239. 0x10001b73
10240.  
10241. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10242. Arguments:
10243.  
10244. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10245.  
10246. Returned value:
10247.  
10248. 0x0
10249.  
10250. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10251. Arguments:
10252.  
10253. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10254.  
10255. Returned value:
10256.  
10257. null
10258.  
10259. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
10260. Arguments:
10261.  
10262. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10263.  
10264. Returned value:
10265.  
10266. 0xffffffff
10267.  
10268. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
10269. Arguments:
10270.  
10271. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10272.  
10273. Returned value:
10274.  
10275. 0xffffffff
10276.  
10277. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10278. Arguments:
10279.  
10280. {"lpProcName":"SizeOf","hModule":null}
10281.  
10282. Returned value:
10283.  
10284. 0x10003491
10285.  
10286. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10287. Arguments:
10288.  
10289. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10290.  
10291. Returned value:
10292.  
10293. 0x0
10294.  
10295. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10296. Arguments:
10297.  
10298. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10299.  
10300. Returned value:
10301.  
10302. null
10303.  
10304. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
10305. Arguments:
10306.  
10307. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10308.  
10309. Returned value:
10310.  
10311. 0xffffffff
10312.  
10313. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
10314. Arguments:
10315.  
10316. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10317.  
10318. Returned value:
10319.  
10320. 0xffffffff
10321.  
10322. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10323. Arguments:
10324.  
10325. {"lpProcName":"Read","hModule":null}
10326.  
10327. Returned value:
10328.  
10329. 0x10001b73
10330.  
10331. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10332. Arguments:
10333.  
10334. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10335.  
10336. Returned value:
10337.  
10338. 0x0
10339.  
10340. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10341. Arguments:
10342.  
10343. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10344.  
10345. Returned value:
10346.  
10347. null
10348.  
10349. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
10350. Arguments:
10351.  
10352. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10353.  
10354. Returned value:
10355.  
10356. 0xffffffff
10357.  
10358. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
10359. Arguments:
10360.  
10361. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10362.  
10363. Returned value:
10364.  
10365. 0xffffffff
10366.  
10367. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10368. Arguments:
10369.  
10370. {"lpProcName":"SizeOf","hModule":null}
10371.  
10372. Returned value:
10373.  
10374. 0x10003491
10375.  
10376. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10377. Arguments:
10378.  
10379. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10380.  
10381. Returned value:
10382.  
10383. 0x0
10384.  
10385. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10386. Arguments:
10387.  
10388. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10389.  
10390. Returned value:
10391.  
10392. null
10393.  
10394. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
10395. Arguments:
10396.  
10397. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10398.  
10399. Returned value:
10400.  
10401. 0xffffffff
10402.  
10403. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
10404. Arguments:
10405.  
10406. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10407.  
10408. Returned value:
10409.  
10410. 0xffffffff
10411.  
10412. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10413. Arguments:
10414.  
10415. {"lpProcName":"Read","hModule":null}
10416.  
10417. Returned value:
10418.  
10419. 0x10001b73
10420.  
10421. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10422. Arguments:
10423.  
10424. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10425.  
10426. Returned value:
10427.  
10428. 0x0
10429.  
10430. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10431. Arguments:
10432.  
10433. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10434.  
10435. Returned value:
10436.  
10437. null
10438.  
10439. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
10440. Arguments:
10441.  
10442. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10443.  
10444. Returned value:
10445.  
10446. 0xffffffff
10447.  
10448. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
10449. Arguments:
10450.  
10451. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10452.  
10453. Returned value:
10454.  
10455. 0xffffffff
10456.  
10457. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10458. Arguments:
10459.  
10460. {"lpProcName":"SizeOf","hModule":null}
10461.  
10462. Returned value:
10463.  
10464. 0x10003491
10465.  
10466. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10467. Arguments:
10468.  
10469. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10470.  
10471. Returned value:
10472.  
10473. 0x0
10474.  
10475. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10476. Arguments:
10477.  
10478. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10479.  
10480. Returned value:
10481.  
10482. null
10483.  
10484. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
10485. Arguments:
10486.  
10487. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10488.  
10489. Returned value:
10490.  
10491. 0xffffffff
10492.  
10493. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
10494. Arguments:
10495.  
10496. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10497.  
10498. Returned value:
10499.  
10500. 0xffffffff
10501.  
10502. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10503. Arguments:
10504.  
10505. {"lpProcName":"Read","hModule":null}
10506.  
10507. Returned value:
10508.  
10509. 0x10001b73
10510.  
10511. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10512. Arguments:
10513.  
10514. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10515.  
10516. Returned value:
10517.  
10518. 0x0
10519.  
10520. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10521. Arguments:
10522.  
10523. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10524.  
10525. Returned value:
10526.  
10527. null
10528.  
10529. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
10530. Arguments:
10531.  
10532. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10533.  
10534. Returned value:
10535.  
10536. 0xffffffff
10537.  
10538. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
10539. Arguments:
10540.  
10541. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10542.  
10543. Returned value:
10544.  
10545. 0xffffffff
10546.  
10547. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10548. Arguments:
10549.  
10550. {"lpProcName":"SizeOf","hModule":null}
10551.  
10552. Returned value:
10553.  
10554. 0x10003491
10555.  
10556. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10557. Arguments:
10558.  
10559. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10560.  
10561. Returned value:
10562.  
10563. 0x0
10564.  
10565. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10566. Arguments:
10567.  
10568. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10569.  
10570. Returned value:
10571.  
10572. null
10573.  
10574. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
10575. Arguments:
10576.  
10577. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10578.  
10579. Returned value:
10580.  
10581. 0xffffffff
10582.  
10583. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
10584. Arguments:
10585.  
10586. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10587.  
10588. Returned value:
10589.  
10590. 0xffffffff
10591.  
10592. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10593. Arguments:
10594.  
10595. {"lpProcName":"Delete","hModule":null}
10596.  
10597. Returned value:
10598.  
10599. 0x100021e0
10600.  
10601. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10602. Arguments:
10603.  
10604. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10605.  
10606. Returned value:
10607.  
10608. 0x0
10609.  
10610. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10611. Arguments:
10612.  
10613. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10614.  
10615. Returned value:
10616.  
10617. null
10618.  
10619. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
10620. Arguments:
10621.  
10622. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10623.  
10624. Returned value:
10625.  
10626. 0xffffffff
10627.  
10628. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
10629. Arguments:
10630.  
10631. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10632.  
10633. Returned value:
10634.  
10635. 0xffffffff
10636.  
10637. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10638. Arguments:
10639.  
10640. {"lpProcName":"ArrayCount","hModule":null}
10641.  
10642. Returned value:
10643.  
10644. 0x1000173d
10645.  
10646. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10647. Arguments:
10648.  
10649. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10650.  
10651. Returned value:
10652.  
10653. 0x0
10654.  
10655. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10656. Arguments:
10657.  
10658. {"FileHandle":"0x18f8ac","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll"}
10659.  
10660. Returned value:
10661.  
10662. null
10663.  
10664. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
10665. Arguments:
10666.  
10667. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10668.  
10669. Returned value:
10670.  
10671. 0xffffffff
10672.  
10673. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
10674. Arguments:
10675.  
10676. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\NSISArray.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10677.  
10678. Returned value:
10679.  
10680. 0xffffffff
10681.  
10682. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10683. Arguments:
10684.  
10685. {"lpProcName":"Unload","hModule":null}
10686.  
10687. Returned value:
10688.  
10689. 0x10003692
10690.  
10691. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10692. Arguments:
10693.  
10694. {"FileHandle":"0x82c59c","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\StartMenu.ini"}
10695.  
10696. Returned value:
10697.  
10698. null
10699.  
10700. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
10701. Arguments:
10702.  
10703. {"OpenOptions":"0x0","KeyHandle":"0x18f090","objectName":"SOFTWARE\\Microsoft\\CTF\\Compatibility\\important_document.exe","DesiredAccess":"0x20019"}
10704.  
10705. Returned value:
10706.  
10707. 0xc0000034
10708.  
10709. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10710. Arguments:
10711.  
10712. {"objectName":"\\??\\C:\\Windows\\system32\\ole32.dll"}
10713.  
10714. Returned value:
10715.  
10716. 0x0
10717.  
10718. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
10719. Arguments:
10720.  
10721. {"FileHandle":"0x18f264","objectName":"\\??\\C:\\Windows\\system32\\ole32.dll"}
10722.  
10723. Returned value:
10724.  
10725. null
10726.  
10727. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10728. Arguments:
10729.  
10730. {"lpProcName":"CoInitializeEx","hModule":"ole32.dll"}
10731.  
10732. Returned value:
10733.  
10734. 0x757609ad
10735.  
10736. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10737. Arguments:
10738.  
10739. {"lpProcName":"CoUninitialize","hModule":"ole32.dll"}
10740.  
10741. Returned value:
10742.  
10743. 0x757686d3
10744.  
10745. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10746. Arguments:
10747.  
10748. {"lpProcName":"CoRegisterInitializeSpy","hModule":"ole32.dll"}
10749.  
10750. Returned value:
10751.  
10752. 0x75767660
10753.  
10754. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10755. Arguments:
10756.  
10757. {"lpProcName":"CoRevokeInitializeSpy","hModule":"ole32.dll"}
10758.  
10759. Returned value:
10760.  
10761. 0x75769784
10762.  
10763. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
10764. Arguments:
10765.  
10766. {"OpenOptions":"0x0","KeyHandle":"0x18f644","objectName":"Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}","DesiredAccess":"0x20019"}
10767.  
10768. Returned value:
10769.  
10770. 0x0
10771.  
10772. ntdll.dll! NtOpenMutant #native (#2236) important_document.exe
10773. Arguments:
10774.  
10775. {"DesiredAccess":"0x100000","objectName":"CicLoadWinStaWinSta0","MutantHandle":"0x18f038"}
10776.  
10777. Returned value:
10778.  
10779. 0x0
10780.  
10781. KernelBase.dll! OpenMutexW #sync (#2236) important_document.exe
10782. Arguments:
10783.  
10784. {"lpName":"CicLoadWinStaWinSta0"}
10785.  
10786. Returned value:
10787.  
10788. 0x288
10789.  
10790. ntdll.dll! NtOpenMutant #native (#2236) important_document.exe
10791. Arguments:
10792.  
10793. {"DesiredAccess":"0x100000","objectName":"Local\\MSCTF.CtfMonitorInstMutexDefault1","MutantHandle":"0x18f244"}
10794.  
10795. Returned value:
10796.  
10797. 0x0
10798.  
10799. KernelBase.dll! OpenMutexW #sync (#2236) important_document.exe
10800. Arguments:
10801.  
10802. {"lpName":"Local\\MSCTF.CtfMonitorInstMutexDefault1"}
10803.  
10804. Returned value:
10805.  
10806. 0x288
10807.  
10808. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
10809. Arguments:
10810.  
10811. {"OpenOptions":"0x0","KeyHandle":"0x18f604","objectName":"SOFTWARE\\Microsoft\\CTF\\","DesiredAccess":"0x20019"}
10812.  
10813. Returned value:
10814.  
10815. 0x0
10816.  
10817. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10818. Arguments:
10819.  
10820. {"FileHandle":"0x850c0c","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
10821.  
10822. Returned value:
10823.  
10824. null
10825.  
10826. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10827. Arguments:
10828.  
10829. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
10830.  
10831. Returned value:
10832.  
10833. null
10834.  
10835. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10836. Arguments:
10837.  
10838. {"FileHandle":"0x850ba4","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
10839.  
10840. Returned value:
10841.  
10842. null
10843.  
10844. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10845. Arguments:
10846.  
10847. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\InstallOptions.dll"}
10848.  
10849. Returned value:
10850.  
10851. 0xc0000034
10852.  
10853. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
10854. Arguments:
10855.  
10856. {"FileHandle":"0x18f8b4","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\InstallOptions.dll"}
10857.  
10858. Returned value:
10859.  
10860. null
10861.  
10862. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
10863. Arguments:
10864.  
10865. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\InstallOptions.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10866.  
10867. Returned value:
10868.  
10869. 0x288
10870.  
10871. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
10872. Arguments:
10873.  
10874. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\InstallOptions.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
10875.  
10876. Returned value:
10877.  
10878. 0x288
10879.  
10880. KernelBase.dll! WriteFile #file (#2236) important_document.exe
10881. Arguments:
10882.  
10883. {"nNumberOfBytesToWrite":"0x3a00","lpBuffer":"MZ�","lpNumberOfBytesWritten":"0x18f924","hFile":"0x288"}
10884.  
10885. Returned value:
10886.  
10887. 0x1
10888.  
10889. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10890. Arguments:
10891.  
10892. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\InstallOptions.dll"}
10893.  
10894. Returned value:
10895.  
10896. 0x0
10897.  
10898. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
10899. Arguments:
10900.  
10901. {"FileHandle":"0x18f2a4","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\InstallOptions.dll"}
10902.  
10903. Returned value:
10904.  
10905. null
10906.  
10907. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10908. Arguments:
10909.  
10910. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\InstallOptions.dll"}
10911.  
10912. Returned value:
10913.  
10914. 0x0
10915.  
10916. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
10917. Arguments:
10918.  
10919. {"FileHandle":"0x18f2a4","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\InstallOptions.dll"}
10920.  
10921. Returned value:
10922.  
10923. null
10924.  
10925. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
10926. Arguments:
10927.  
10928. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\InstallOptions.dll"}
10929.  
10930. Returned value:
10931.  
10932. 0x0
10933.  
10934. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
10935. Arguments:
10936.  
10937. {"FileHandle":"0x18f700","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\InstallOptions.dll"}
10938.  
10939. Returned value:
10940.  
10941. null
10942.  
10943. KernelBase.dll! LoadLibraryExA #misc (#2236) important_document.exe
10944. Arguments:
10945.  
10946. {"lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\InstallOptions.dll"}
10947.  
10948. Returned value:
10949.  
10950. 0x10000000
10951.  
10952. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
10953. Arguments:
10954.  
10955. {"lpProcName":"initDialog","hModule":null}
10956.  
10957. Returned value:
10958.  
10959. 0x10002931
10960.  
10961. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
10962. Arguments:
10963.  
10964. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
10965.  
10966. Returned value:
10967.  
10968. null
10969.  
10970. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
10971. Arguments:
10972.  
10973. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
10974.  
10975. Returned value:
10976.  
10977. null
10978.  
10979. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
10980. Arguments:
10981.  
10982. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
10983.  
10984. Returned value:
10985.  
10986. null
10987.  
10988. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
10989. Arguments:
10990.  
10991. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
10992.  
10993. Returned value:
10994.  
10995. null
10996.  
10997. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
10998. Arguments:
10999.  
11000. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11001.  
11002. Returned value:
11003.  
11004. null
11005.  
11006. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11007. Arguments:
11008.  
11009. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11010.  
11011. Returned value:
11012.  
11013. null
11014.  
11015. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11016. Arguments:
11017.  
11018. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11019.  
11020. Returned value:
11021.  
11022. null
11023.  
11024. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11025. Arguments:
11026.  
11027. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11028.  
11029. Returned value:
11030.  
11031. null
11032.  
11033. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11034. Arguments:
11035.  
11036. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11037.  
11038. Returned value:
11039.  
11040. null
11041.  
11042. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11043. Arguments:
11044.  
11045. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11046.  
11047. Returned value:
11048.  
11049. null
11050.  
11051. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11052. Arguments:
11053.  
11054. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11055.  
11056. Returned value:
11057.  
11058. null
11059.  
11060. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11061. Arguments:
11062.  
11063. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11064.  
11065. Returned value:
11066.  
11067. null
11068.  
11069. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11070. Arguments:
11071.  
11072. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11073.  
11074. Returned value:
11075.  
11076. null
11077.  
11078. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11079. Arguments:
11080.  
11081. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11082.  
11083. Returned value:
11084.  
11085. null
11086.  
11087. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11088. Arguments:
11089.  
11090. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11091.  
11092. Returned value:
11093.  
11094. null
11095.  
11096. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11097. Arguments:
11098.  
11099. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11100.  
11101. Returned value:
11102.  
11103. null
11104.  
11105. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11106. Arguments:
11107.  
11108. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11109.  
11110. Returned value:
11111.  
11112. null
11113.  
11114. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11115. Arguments:
11116.  
11117. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11118.  
11119. Returned value:
11120.  
11121. null
11122.  
11123. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11124. Arguments:
11125.  
11126. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11127.  
11128. Returned value:
11129.  
11130. null
11131.  
11132. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11133. Arguments:
11134.  
11135. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11136.  
11137. Returned value:
11138.  
11139. null
11140.  
11141. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11142. Arguments:
11143.  
11144. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11145.  
11146. Returned value:
11147.  
11148. null
11149.  
11150. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11151. Arguments:
11152.  
11153. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11154.  
11155. Returned value:
11156.  
11157. null
11158.  
11159. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11160. Arguments:
11161.  
11162. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11163.  
11164. Returned value:
11165.  
11166. null
11167.  
11168. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11169. Arguments:
11170.  
11171. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11172.  
11173. Returned value:
11174.  
11175. null
11176.  
11177. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11178. Arguments:
11179.  
11180. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11181.  
11182. Returned value:
11183.  
11184. null
11185.  
11186. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11187. Arguments:
11188.  
11189. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11190.  
11191. Returned value:
11192.  
11193. null
11194.  
11195. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11196. Arguments:
11197.  
11198. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11199.  
11200. Returned value:
11201.  
11202. null
11203.  
11204. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11205. Arguments:
11206.  
11207. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11208.  
11209. Returned value:
11210.  
11211. null
11212.  
11213. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11214. Arguments:
11215.  
11216. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11217.  
11218. Returned value:
11219.  
11220. null
11221.  
11222. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11223. Arguments:
11224.  
11225. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11226.  
11227. Returned value:
11228.  
11229. null
11230.  
11231. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11232. Arguments:
11233.  
11234. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11235.  
11236. Returned value:
11237.  
11238. null
11239.  
11240. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11241. Arguments:
11242.  
11243. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11244.  
11245. Returned value:
11246.  
11247. null
11248.  
11249. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11250. Arguments:
11251.  
11252. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11253.  
11254. Returned value:
11255.  
11256. null
11257.  
11258. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11259. Arguments:
11260.  
11261. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11262.  
11263. Returned value:
11264.  
11265. null
11266.  
11267. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11268. Arguments:
11269.  
11270. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11271.  
11272. Returned value:
11273.  
11274. null
11275.  
11276. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11277. Arguments:
11278.  
11279. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11280.  
11281. Returned value:
11282.  
11283. null
11284.  
11285. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11286. Arguments:
11287.  
11288. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11289.  
11290. Returned value:
11291.  
11292. null
11293.  
11294. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11295. Arguments:
11296.  
11297. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11298.  
11299. Returned value:
11300.  
11301. null
11302.  
11303. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11304. Arguments:
11305.  
11306. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11307.  
11308. Returned value:
11309.  
11310. null
11311.  
11312. ntdll.dll! NtOpenFile #native (#2236) important_document.exe
11313. Arguments:
11314.  
11315. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11316.  
11317. Returned value:
11318.  
11319. null
11320.  
11321. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
11322. Arguments:
11323.  
11324. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11325.  
11326. Returned value:
11327.  
11328. null
11329.  
11330. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
11331. Arguments:
11332.  
11333. {"FileHandle":"0x853044","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\isWelcome.ini"}
11334.  
11335. Returned value:
11336.  
11337. null
11338.  
11339. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
11340. Arguments:
11341.  
11342. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Header.bmp"}
11343.  
11344. Returned value:
11345.  
11346. 0x0
11347.  
11348. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
11349. Arguments:
11350.  
11351. {"FileHandle":"0x18f32c","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Header.bmp"}
11352.  
11353. Returned value:
11354.  
11355. null
11356.  
11357. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
11358. Arguments:
11359.  
11360. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\Header.bmp","dwDesiredAccess":"0x80000000","dwShareMode":"0x1"}
11361.  
11362. Returned value:
11363.  
11364. 0x294
11365.  
11366. KernelBase.dll! GetFileSize #file (#2236) important_document.exe
11367. Arguments:
11368.  
11369. {"lpFileSizeHigh":"0x11a","hFile":"0x294"}
11370.  
11371. Returned value:
11372.  
11373. null
11374.  
11375. ntdll.dll! NtQueryAttributesFile #native (#2236) important_document.exe
11376. Arguments:
11377.  
11378. {"objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\InstallOptions.dll"}
11379.  
11380. Returned value:
11381.  
11382. 0x0
11383.  
11384. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
11385. Arguments:
11386.  
11387. {"FileHandle":"0x18f8b4","objectName":"\\??\\C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\InstallOptions.dll"}
11388.  
11389. Returned value:
11390.  
11391. null
11392.  
11393. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
11394. Arguments:
11395.  
11396. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\InstallOptions.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
11397.  
11398. Returned value:
11399.  
11400. 0xffffffff
11401.  
11402. KernelBase.dll! CreateFileA #file (#2236) important_document.exe
11403. Arguments:
11404.  
11405. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x1","dwFlagsAndAttributes":"0x2020","lpFileName":"C:\\Users\\<USER>\\AppData\\Local\\Temp\\nsk1EC.tmp\\InstallOptions.dll","dwDesiredAccess":"0x40000000","dwShareMode":"0x1"}
11406.  
11407. Returned value:
11408.  
11409. 0xffffffff
11410.  
11411. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
11412. Arguments:
11413.  
11414. {"lpProcName":"show","hModule":null}
11415.  
11416. Returned value:
11417.  
11418. 0x1000298e
11419.  
11420. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
11421. Arguments:
11422.  
11423. {"lpProcName":"GetLayout","hModule":"gdi32.dll"}
11424.  
11425. Returned value:
11426.  
11427. 0x76f77c90
11428.  
11429. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
11430. Arguments:
11431.  
11432. {"lpProcName":"GdiRealizationInfo","hModule":"gdi32.dll"}
11433.  
11434. Returned value:
11435.  
11436. 0x76f78078
11437.  
11438. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
11439. Arguments:
11440.  
11441. {"lpProcName":"FontIsLinked","hModule":"gdi32.dll"}
11442.  
11443. Returned value:
11444.  
11445. 0x76f799e2
11446.  
11447. KernelBase.dll! LoadLibraryExA #misc (#2236) important_document.exe
11448. Arguments:
11449.  
11450. {"lpFileName":"ADVAPI32.dll"}
11451.  
11452. Returned value:
11453.  
11454. 0x77300000
11455.  
11456. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
11457. Arguments:
11458.  
11459. {"lpProcName":"RegOpenKeyExW","hModule":"kernel32.dll"}
11460.  
11461. Returned value:
11462.  
11463. 0x7731468d
11464.  
11465. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
11466. Arguments:
11467.  
11468. {"OpenOptions":"0x0","KeyHandle":"0x18ee18","objectName":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink","DesiredAccess":"0x109"}
11469.  
11470. Returned value:
11471.  
11472. 0x0
11473.  
11474. kernel32.dll! RegOpenKeyExW #registry (#2236) important_document.exe
11475. Arguments:
11476.  
11477. {"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x109","lpSubKey":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink","phkResult":"0x294"}
11478.  
11479. Returned value:
11480.  
11481. 0x0
11482.  
11483. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
11484. Arguments:
11485.  
11486. {"lpProcName":"RegQueryInfoKeyW","hModule":"kernel32.dll"}
11487.  
11488. Returned value:
11489.  
11490. 0x773146e7
11491.  
11492. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
11493. Arguments:
11494.  
11495. {"lpProcName":"GetTextFaceAliasW","hModule":"gdi32.dll"}
11496.  
11497. Returned value:
11498.  
11499. 0x76f79a1c
11500.  
11501. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
11502. Arguments:
11503.  
11504. {"lpProcName":"RegEnumValueW","hModule":"kernel32.dll"}
11505.  
11506. Returned value:
11507.  
11508. 0x773148cc
11509.  
11510. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11511. Arguments:
11512.  
11513. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x0","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"MS PGothic MC","lpType":"0x0","lpData":null}
11514.  
11515. Returned value:
11516.  
11517. 0x0
11518.  
11519. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11520. Arguments:
11521.  
11522. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x1","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Segoe Media Center","lpType":"0x0","lpData":null}
11523.  
11524. Returned value:
11525.  
11526. 0x0
11527.  
11528. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11529. Arguments:
11530.  
11531. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x2","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Segoe Media Center Semibold","lpType":"0x0","lpData":null}
11532.  
11533. Returned value:
11534.  
11535. 0x0
11536.  
11537. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11538. Arguments:
11539.  
11540. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x3","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Segoe Media Center Light","lpType":"0x0","lpData":null}
11541.  
11542. Returned value:
11543.  
11544. 0x0
11545.  
11546. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11547. Arguments:
11548.  
11549. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x4","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Lucida Sans Unicode","lpType":"0x0","lpData":null}
11550.  
11551. Returned value:
11552.  
11553. 0x0
11554.  
11555. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11556. Arguments:
11557.  
11558. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x5","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Microsoft Sans Serif","lpType":"0x0","lpData":null}
11559.  
11560. Returned value:
11561.  
11562. 0x0
11563.  
11564. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11565. Arguments:
11566.  
11567. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x6","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Tahoma","lpType":"0x0","lpData":null}
11568.  
11569. Returned value:
11570.  
11571. 0x0
11572.  
11573. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11574. Arguments:
11575.  
11576. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x7","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Segoe UI","lpType":"0x0","lpData":null}
11577.  
11578. Returned value:
11579.  
11580. 0x0
11581.  
11582. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11583. Arguments:
11584.  
11585. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x8","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"MingLiU","lpType":"0x0","lpData":null}
11586.  
11587. Returned value:
11588.  
11589. 0x0
11590.  
11591. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11592. Arguments:
11593.  
11594. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x9","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"PMingLiU","lpType":"0x0","lpData":null}
11595.  
11596. Returned value:
11597.  
11598. 0x0
11599.  
11600. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11601. Arguments:
11602.  
11603. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0xa","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"MingLiU_HKSCS","lpType":"0x0","lpData":null}
11604.  
11605. Returned value:
11606.  
11607. 0x0
11608.  
11609. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11610. Arguments:
11611.  
11612. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0xb","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"MingLiU-ExtB","lpType":"0x0","lpData":null}
11613.  
11614. Returned value:
11615.  
11616. 0x0
11617.  
11618. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11619. Arguments:
11620.  
11621. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0xc","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"PMingLiU-ExtB","lpType":"0x0","lpData":null}
11622.  
11623. Returned value:
11624.  
11625. 0x0
11626.  
11627. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11628. Arguments:
11629.  
11630. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0xd","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"MingLiU_HKSCS-ExtB","lpType":"0x0","lpData":null}
11631.  
11632. Returned value:
11633.  
11634. 0x0
11635.  
11636. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11637. Arguments:
11638.  
11639. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0xe","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Microsoft JhengHei","lpType":"0x0","lpData":null}
11640.  
11641. Returned value:
11642.  
11643. 0x0
11644.  
11645. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11646. Arguments:
11647.  
11648. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0xf","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Microsoft JhengHei Bold","lpType":"0x0","lpData":null}
11649.  
11650. Returned value:
11651.  
11652. 0x0
11653.  
11654. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11655. Arguments:
11656.  
11657. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x10","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"SimSun","lpType":"0x0","lpData":null}
11658.  
11659. Returned value:
11660.  
11661. 0x0
11662.  
11663. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11664. Arguments:
11665.  
11666. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x11","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"SimSun-ExtB","lpType":"0x0","lpData":null}
11667.  
11668. Returned value:
11669.  
11670. 0x0
11671.  
11672. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11673. Arguments:
11674.  
11675. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x12","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"NSimSun","lpType":"0x0","lpData":null}
11676.  
11677. Returned value:
11678.  
11679. 0x0
11680.  
11681. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11682. Arguments:
11683.  
11684. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x13","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Microsoft YaHei","lpType":"0x0","lpData":null}
11685.  
11686. Returned value:
11687.  
11688. 0x0
11689.  
11690. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11691. Arguments:
11692.  
11693. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x14","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Microsoft YaHei Bold","lpType":"0x0","lpData":null}
11694.  
11695. Returned value:
11696.  
11697. 0x0
11698.  
11699. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11700. Arguments:
11701.  
11702. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x15","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Meiryo","lpType":"0x0","lpData":null}
11703.  
11704. Returned value:
11705.  
11706. 0x0
11707.  
11708. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11709. Arguments:
11710.  
11711. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x16","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Meiryo Bold","lpType":"0x0","lpData":null}
11712.  
11713. Returned value:
11714.  
11715. 0x0
11716.  
11717. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11718. Arguments:
11719.  
11720. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x17","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Meiryo UI","lpType":"0x0","lpData":null}
11721.  
11722. Returned value:
11723.  
11724. 0x0
11725.  
11726. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11727. Arguments:
11728.  
11729. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x18","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Meiryo UI Bold","lpType":"0x0","lpData":null}
11730.  
11731. Returned value:
11732.  
11733. 0x0
11734.  
11735. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11736. Arguments:
11737.  
11738. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x19","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"MS Gothic","lpType":"0x0","lpData":null}
11739.  
11740. Returned value:
11741.  
11742. 0x0
11743.  
11744. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11745. Arguments:
11746.  
11747. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x1a","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"MS PGothic","lpType":"0x0","lpData":null}
11748.  
11749. Returned value:
11750.  
11751. 0x0
11752.  
11753. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11754. Arguments:
11755.  
11756. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x1b","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"MS UI Gothic","lpType":"0x0","lpData":null}
11757.  
11758. Returned value:
11759.  
11760. 0x0
11761.  
11762. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11763. Arguments:
11764.  
11765. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x1c","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"MS Mincho","lpType":"0x0","lpData":null}
11766.  
11767. Returned value:
11768.  
11769. 0x0
11770.  
11771. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11772. Arguments:
11773.  
11774. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x1d","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"MS PMincho","lpType":"0x0","lpData":null}
11775.  
11776. Returned value:
11777.  
11778. 0x0
11779.  
11780. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11781. Arguments:
11782.  
11783. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x1e","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Batang","lpType":"0x0","lpData":null}
11784.  
11785. Returned value:
11786.  
11787. 0x0
11788.  
11789. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11790. Arguments:
11791.  
11792. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x1f","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"BatangChe","lpType":"0x0","lpData":null}
11793.  
11794. Returned value:
11795.  
11796. 0x0
11797.  
11798. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11799. Arguments:
11800.  
11801. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x20","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Dotum","lpType":"0x0","lpData":null}
11802.  
11803. Returned value:
11804.  
11805. 0x0
11806.  
11807. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11808. Arguments:
11809.  
11810. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x21","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"DotumChe","lpType":"0x0","lpData":null}
11811.  
11812. Returned value:
11813.  
11814. 0x0
11815.  
11816. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11817. Arguments:
11818.  
11819. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x22","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Gulim","lpType":"0x0","lpData":null}
11820.  
11821. Returned value:
11822.  
11823. 0x0
11824.  
11825. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11826. Arguments:
11827.  
11828. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x23","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"GulimChe","lpType":"0x0","lpData":null}
11829.  
11830. Returned value:
11831.  
11832. 0x0
11833.  
11834. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11835. Arguments:
11836.  
11837. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x24","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Gungsuh","lpType":"0x0","lpData":null}
11838.  
11839. Returned value:
11840.  
11841. 0x0
11842.  
11843. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11844. Arguments:
11845.  
11846. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x25","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"GungsuhChe","lpType":"0x0","lpData":null}
11847.  
11848. Returned value:
11849.  
11850. 0x0
11851.  
11852. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11853. Arguments:
11854.  
11855. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x26","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Malgun Gothic","lpType":"0x0","lpData":null}
11856.  
11857. Returned value:
11858.  
11859. 0x0
11860.  
11861. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11862. Arguments:
11863.  
11864. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x27","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"Malgun Gothic Bold","lpType":"0x0","lpData":null}
11865.  
11866. Returned value:
11867.  
11868. 0x0
11869.  
11870. kernel32.dll! RegEnumValueW #registry (#2236) important_document.exe
11871. Arguments:
11872.  
11873. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","dwIndex":"0x28","lpcbData":"0x0","lpReserved":"0x0","lpValueName":"","lpType":"0x0","lpData":null}
11874.  
11875. Returned value:
11876.  
11877. 0x103
11878.  
11879. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
11880. Arguments:
11881.  
11882. {"lpProcName":"RegCloseKey","hModule":"kernel32.dll"}
11883.  
11884. Returned value:
11885.  
11886. 0x7731469d
11887.  
11888. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
11889. Arguments:
11890.  
11891. {"OpenOptions":"0x0","KeyHandle":"0x18eaac","objectName":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","DesiredAccess":"0x101"}
11892.  
11893. Returned value:
11894.  
11895. 0x0
11896.  
11897. kernel32.dll! RegOpenKeyExW #registry (#2236) important_document.exe
11898. Arguments:
11899.  
11900. {"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x101","lpSubKey":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","phkResult":"0x294"}
11901.  
11902. Returned value:
11903.  
11904. 0x0
11905.  
11906. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
11907. Arguments:
11908.  
11909. {"lpProcName":"RegQueryValueExW","hModule":"kernel32.dll"}
11910.  
11911. Returned value:
11912.  
11913. 0x773146ad
11914.  
11915. kernel32.dll! RegQueryValueExW #registry (#2236) important_document.exe
11916. Arguments:
11917.  
11918. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","lpData":"","lpcbData":"0x18eaa0","lpType":"0x18eaa8","lpValueName":"Disable"}
11919.  
11920. Returned value:
11921.  
11922. 0x2
11923.  
11924. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
11925. Arguments:
11926.  
11927. {"lpProcName":"RegQueryValueExW","hModule":"kernel32.dll"}
11928.  
11929. Returned value:
11930.  
11931. 0x773146ad
11932.  
11933. kernel32.dll! RegQueryValueExW #registry (#2236) important_document.exe
11934. Arguments:
11935.  
11936. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0","lpData":"C:\\Windows\\Fonts\\staticcache.dat","lpcbData":"0x18eaa0","lpType":"0x18eaa8","lpValueName":"DataFilePath"}
11937.  
11938. Returned value:
11939.  
11940. 0x0
11941.  
11942. ntdll.dll! NtCreateFile #native (#2236) important_document.exe
11943. Arguments:
11944.  
11945. {"FileHandle":"0x18e9d8","objectName":"\\??\\C:\\Windows\\Fonts\\staticcache.dat"}
11946.  
11947. Returned value:
11948.  
11949. null
11950.  
11951. KernelBase.dll! CreateFileW #file (#2236) important_document.exe
11952. Arguments:
11953.  
11954. {"lpSecurityAttributes":"0x0","dwCreationDisposition":"0x3","dwFlagsAndAttributes":"0x0","lpFileName":"C:\\Windows\\Fonts\\staticcache.dat","dwDesiredAccess":"0x80000000","dwShareMode":"0x5"}
11955.  
11956. Returned value:
11957.  
11958. 0x294
11959.  
11960. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
11961. Arguments:
11962.  
11963. {"lpProcName":"GetFontAssocStatus","hModule":"gdi32.dll"}
11964.  
11965. Returned value:
11966.  
11967. 0x76f79a02
11968.  
11969. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
11970. Arguments:
11971.  
11972. {"OpenOptions":"0x0","KeyHandle":"0x18f24c","objectName":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback","DesiredAccess":"0x101"}
11973.  
11974. Returned value:
11975.  
11976. 0x0
11977.  
11978. kernel32.dll! RegOpenKeyExW #registry (#2236) important_document.exe
11979. Arguments:
11980.  
11981. {"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x101","lpSubKey":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback","phkResult":"0x2a0"}
11982.  
11983. Returned value:
11984.  
11985. 0x0
11986.  
11987. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
11988. Arguments:
11989.  
11990. {"lpProcName":"RegQueryValueExA","hModule":"kernel32.dll"}
11991.  
11992. Returned value:
11993.  
11994. 0x773148ef
11995.  
11996. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
11997. Arguments:
11998.  
11999. {"OpenOptions":"0x0","KeyHandle":"0x18f24c","objectName":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback","DesiredAccess":"0x109"}
12000.  
12001. Returned value:
12002.  
12003. 0x0
12004.  
12005. kernel32.dll! RegOpenKeyExW #registry (#2236) important_document.exe
12006. Arguments:
12007.  
12008. {"hKey":"HKEY_LOCAL_MACHINE","ulOptions":"0x0","samDesired":"0x109","lpSubKey":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback","phkResult":"0x2a0"}
12009.  
12010. Returned value:
12011.  
12012. 0x0
12013.  
12014. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
12015. Arguments:
12016.  
12017. {"lpProcName":"RegEnumKeyExW","hModule":"kernel32.dll"}
12018.  
12019. Returned value:
12020.  
12021. 0x773146c8
12022.  
12023. kernel32.dll! RegEnumKeyExW #registry (#2236) important_document.exe
12024. Arguments:
12025.  
12026. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback","dwIndex":"0x0","lpReserved":"0x0","lpcName":"\u0007","lpName":"MingLiU"}
12027.  
12028. Returned value:
12029.  
12030. 0x0
12031.  
12032. kernel32.dll! RegEnumKeyExW #registry (#2236) important_document.exe
12033. Arguments:
12034.  
12035. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback","dwIndex":"0x1","lpReserved":"0x0","lpcName":"\r","lpName":"MingLiU_HKSCS"}
12036.  
12037. Returned value:
12038.  
12039. 0x0
12040.  
12041. kernel32.dll! RegEnumKeyExW #registry (#2236) important_document.exe
12042. Arguments:
12043.  
12044. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback","dwIndex":"0x2","lpReserved":"0x0","lpcName":"\b","lpName":"PMingLiU"}
12045.  
12046. Returned value:
12047.  
12048. 0x0
12049.  
12050. kernel32.dll! RegEnumKeyExW #registry (#2236) important_document.exe
12051. Arguments:
12052.  
12053. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback","dwIndex":"0x3","lpReserved":"0x0","lpcName":"\u0006","lpName":"SimSun"}
12054.  
12055. Returned value:
12056.  
12057. 0x0
12058.  
12059. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
12060. Arguments:
12061.  
12062. {"lpProcName":"GetTextFaceAliasW","hModule":"gdi32.dll"}
12063.  
12064. Returned value:
12065.  
12066. 0x76f79a1c
12067.  
12068. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
12069. Arguments:
12070.  
12071. {"OpenOptions":"0x0","KeyHandle":"0x18f244","objectName":"MS Shell Dlg 2","DesiredAccess":"0x101"}
12072.  
12073. Returned value:
12074.  
12075. 0xc0000034
12076.  
12077. kernel32.dll! RegOpenKeyExW #registry (#2236) important_document.exe
12078. Arguments:
12079.  
12080. {"hKey":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback","ulOptions":"0x0","samDesired":"0x101","lpSubKey":"MS Shell Dlg 2","phkResult":"0x0"}
12081.  
12082. Returned value:
12083.  
12084. 0x2
12085.  
12086. KernelBase.dll! GetProcAddress #misc (#2236) important_document.exe
12087. Arguments:
12088.  
12089. {"lpProcName":"GdiIsMetaPrintDC","hModule":"gdi32.dll"}
12090.  
12091. Returned value:
12092.  
12093. 0x76f79068
12094.  
12095. ntdll.dll! NtOpenKeyEx #native (#2236) important_document.exe
12096. Arguments:
12097.  
12098. {"OpenOptions":"0x0","KeyHandle":"0x18f120","objectName":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback","DesiredAccess":"0x109"}
12099.  
12100. Returned value:
12101.  
12102. 0x0
12103.  
12104. v1.2.0