Created
March 10, 2018 22:29
-
-
Save martell/ca458d3673817f6021d880babed5550a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0009:Call advapi32.CryptAcquireContextW(0112c8a0,00000000,00000000,00000001,f0000000) ret=141781bd4 | |
0009:Call ntdll.RtlInitUnicodeString(0112c4f8,7fd6f153a0a0 L"Software\\Microsoft\\Cryptography") ret=7fd6f151038d | |
0009:Ret ntdll.RtlInitUnicodeString() retval=00000040 ret=7fd6f151038d | |
0009:Call ntdll.NtOpenKeyEx(0112c690,000f003f,0112c508,00000000) ret=7fd6f150e34a | |
[0m[91m0009:Ret ntdll.NtOpenKeyEx() retval=c0000034 ret=7fd6f150e34a | |
0009:Call ntdll.RtlNtStatusToDosError(c0000034) ret=7fd6f15103a1 | |
0009:Ret ntdll.RtlNtStatusToDosError() retval=00000002 ret=7fd6f15103a1 | |
0009:Call KERNEL32.LocalAlloc(00000040,00000064) ret=7fd6f14ffe54 | |
0009:Call ntdll.RtlAllocateHeap(00010000,00000008,00000064) ret=7b453b54 | |
0009:Ret ntdll.RtlAllocateHeap() retval=000381b0 ret=7b453b54 | |
0009:Ret KERNEL32.LocalAlloc() retval=000381b0 ret=7fd6f14ffe54 | |
0009:Call ntdll.RtlInitUnicodeString(0112c4b8,000381b0 L"Software\\Microsoft\\Cryptography\\Provider Type 001") ret=7fd6f151038d | |
0009:Ret ntdll.RtlInitUnicodeString() retval=00000064 ret=7fd6f151038d | |
0009:Call ntdll.NtOpenKeyEx(0112c690,02000000,0112c4c8,00000000) ret=7fd6f150e34a | |
0009:Ret ntdll.NtOpenKeyEx() retval=c0000034 ret=7fd6f150e34a | |
0009:Call ntdll.RtlNtStatusToDosError(c0000034) ret=7fd6f15103a1 | |
[0m[91m0009:Ret ntdll.RtlNtStatusToDosError() retval=00000002 ret=7fd6f15103a1 | |
0009:Call KERNEL32.LocalFree(000381b0) ret=7fd6f1500501 | |
0009:Call ntdll.RtlLockHeap(00010000) ret=7b4544b0 | |
0009:Ret ntdll.RtlLockHeap() retval=00000001 ret=7b4544b0 | |
0009:Call ntdll.RtlFreeHeap(00010000,00000001,000381b0) ret=7b453b67 | |
0009:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7b453b67 | |
0009:Call ntdll.RtlUnlockHeap(00010000) ret=7b454620 | |
0009:Ret ntdll.RtlUnlockHeap() retval=00000001 ret=7b454620 | |
0009:Ret KERNEL32.LocalFree() retval=00000000 ret=7fd6f1500501 | |
0009:Call KERNEL32.LocalAlloc(00000040,00000082) ret=7fd6f14ffe54 | |
0009:Call ntdll.RtlAllocateHeap(00010000,00000008,00000082) ret=7b453b54 | |
0009:Ret ntdll.RtlAllocateHeap() retval=000381b0 ret=7b453b54 | |
0009:Ret KERNEL32.LocalAlloc() retval=000381b0 ret=7fd6f14ffe54 | |
0009:Call ntdll.RtlInitUnicodeString(0112c4b8,000381b0 L"Software\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 001") ret=7fd6f151038d | |
0009:Ret ntdll.RtlInitUnicodeString() retval=00000082 ret=7fd6f151038d | |
0009:Call ntdll.NtOpenKeyEx(0112c690,02000000,0112c4c8,00000000) ret=7fd6f150e34a | |
[0m[91m0009:Ret ntdll.NtOpenKeyEx() retval=c0000034 ret=7fd6f150e34a | |
0009:Call ntdll.RtlNtStatusToDosError(c0000034) ret=7fd6f15103a1 | |
0009:Ret ntdll.RtlNtStatusToDosError() retval=00000002 ret=7fd6f15103a1 | |
0009:Call KERNEL32.LocalFree(000381b0) ret=7fd6f15005b0 | |
0009:Call ntdll.RtlLockHeap(00010000) ret=7b4544b0 | |
0009:Ret ntdll.RtlLockHeap() retval=00000001 ret=7b4544b0 | |
0009:Call ntdll.RtlFreeHeap(00010000,00000001,000381b0) ret=7b453b67 | |
0009:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7b453b67 | |
0009:Call ntdll.RtlUnlockHeap(00010000) ret=7b454620 | |
0009:Ret ntdll.RtlUnlockHeap() retval=00000001 ret=7b454620 | |
0009:Ret KERNEL32.LocalFree() retval=00000000 ret=7fd6f15005b0 | |
0009:Call KERNEL32.LocalFree(00000000) ret=7fd6f1500e87 | |
0009:Call ntdll.RtlLockHeap(00010000) ret=7b4544b0 | |
0009:Ret ntdll.RtlLockHeap() retval=00000001 ret=7b4544b0 | |
0009:Call ntdll.RtlFreeHeap(00010000,00000001,00000000) ret=7b453b67 | |
0009:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7b453b67 | |
0009:Call ntdll.RtlUnlockHeap(00010000) ret=7b454620 | |
0009:Ret ntdll.RtlUnlockHeap() retval=00000001 ret=7b454620 | |
0009:Ret KERNEL32.LocalFree() retval=00000000 ret=7fd6f1500e87 | |
0009:Call KERNEL32.LocalFree(00000000) ret=7fd6f1500e91 | |
0009:Call ntdll.RtlLockHeap(00010000) ret=7b4544b0 | |
0009:Ret ntdll.RtlLockHeap() retval=00000001 ret=7b4544b0 | |
0009:Call ntdll.RtlFreeHeap(00010000,00000001,00000000) ret=7b453b67 | |
0009:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7b453b67 | |
[0m[91m0009:Call ntdll.RtlUnlockHeap(00010000) ret=7b454620 | |
0009:Ret ntdll.RtlUnlockHeap() retval=00000001 ret=7b454620 | |
0009:Ret KERNEL32.LocalFree() retval=00000000 ret=7fd6f1500e91 | |
0009:Call KERNEL32.LocalFree(00000000) ret=7fd6f1500e99 | |
0009:Call ntdll.RtlLockHeap(00010000) ret=7b4544b0 | |
0009:Ret ntdll.RtlLockHeap() retval=00000001 ret=7b4544b0 | |
0009:Call ntdll.RtlFreeHeap(00010000,00000001,00000000) ret=7b453b67 | |
[0m[91m0009:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7b453b67 | |
0009:Call ntdll.RtlUnlockHeap(00010000) ret=7b454620 | |
0009:Ret ntdll.RtlUnlockHeap() retval=00000001 ret=7b454620 | |
0009:Ret KERNEL32.LocalFree() retval=00000000 ret=7fd6f1500e99 | |
0009:Call KERNEL32.LocalFree(00000000) ret=7fd6f1500ea1 | |
0009:Call ntdll.RtlLockHeap(00010000) ret=7b4544b0 | |
0009:Ret ntdll.RtlLockHeap() retval=00000001 ret=7b4544b0 | |
0009:Call ntdll.RtlFreeHeap(00010000,00000001,00000000) ret=7b453b67 | |
0009:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7b453b67 | |
0009:Call ntdll.RtlUnlockHeap(00010000) ret=7b454620 | |
0009:Ret ntdll.RtlUnlockHeap() retval=00000001 ret=7b454620 | |
0009:Ret KERNEL32.LocalFree() retval=00000000 ret=7fd6f1500ea1 | |
0009:Call KERNEL32.LocalFree(00000000) ret=7fd6f1500ea9 | |
0009:Call ntdll.RtlLockHeap(00010000) ret=7b4544b0 | |
[0m[91m0009:Ret ntdll.RtlLockHeap() retval=00000001 ret=7b4544b0 | |
0009:Call ntdll.RtlFreeHeap(00010000,00000001,00000000) ret=7b453b67 | |
0009:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7b453b67 | |
0009:Call ntdll.RtlUnlockHeap(00010000) ret=7b454620 | |
0009:Ret ntdll.RtlUnlockHeap() retval=00000001 ret=7b454620 | |
0009:Ret KERNEL32.LocalFree() retval=00000000 ret=7fd6f1500ea9 | |
0009:Ret advapi32.CryptAcquireContextW() retval=00000000 ret=141781bd4 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment