Created
April 10, 2025 16:20
-
-
Save joshfinley/92ba75a17c9efeccc1308b303792301b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0:009> g | |
| '=== NtTerminateThread Called ===' | |
| Debug session time: Thu Apr 10 09:19:51.565 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:35.591 | |
| Process Uptime: 0 days 0:15:59.024 | |
| Kernel time: 0 days 0:00:12.812 | |
| User time: 0 days 0:03:32.390 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.755 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.781 | |
| Process Uptime: 0 days 0:16:05.215 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.234 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.765 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.791 | |
| Process Uptime: 0 days 0:16:05.224 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.234 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtAllocateVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.776 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.802 | |
| Process Uptime: 0 days 0:16:05.235 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.234 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtAllocateVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.787 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.813 | |
| Process Uptime: 0 days 0:16:05.246 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.234 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtFreeVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.796 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.822 | |
| Process Uptime: 0 days 0:16:05.256 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.234 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtFreeVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.811 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.837 | |
| Process Uptime: 0 days 0:16:05.270 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.234 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.820 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.846 | |
| Process Uptime: 0 days 0:16:05.279 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.234 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.827 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.853 | |
| Process Uptime: 0 days 0:16:05.286 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.234 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.836 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.862 | |
| Process Uptime: 0 days 0:16:05.295 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.234 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.847 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.873 | |
| Process Uptime: 0 days 0:16:05.306 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.234 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.855 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.881 | |
| Process Uptime: 0 days 0:16:05.314 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.234 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.867 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.893 | |
| Process Uptime: 0 days 0:16:05.326 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.234 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.875 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.901 | |
| Process Uptime: 0 days 0:16:05.334 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.234 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.884 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.910 | |
| Process Uptime: 0 days 0:16:05.343 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.234 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.894 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.920 | |
| Process Uptime: 0 days 0:16:05.353 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.234 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.903 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.928 | |
| Process Uptime: 0 days 0:16:05.363 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.234 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.912 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.938 | |
| Process Uptime: 0 days 0:16:05.371 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.250 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.925 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.951 | |
| Process Uptime: 0 days 0:16:05.384 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.250 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.935 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.961 | |
| Process Uptime: 0 days 0:16:05.395 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.250 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.947 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.973 | |
| Process Uptime: 0 days 0:16:05.406 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.250 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.956 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.982 | |
| Process Uptime: 0 days 0:16:05.415 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.250 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.968 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:41.994 | |
| Process Uptime: 0 days 0:16:05.427 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.250 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.976 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.002 | |
| Process Uptime: 0 days 0:16:05.435 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.250 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:57.987 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.013 | |
| Process Uptime: 0 days 0:16:05.446 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.250 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.002 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.028 | |
| Process Uptime: 0 days 0:16:05.462 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.012 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.038 | |
| Process Uptime: 0 days 0:16:05.471 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.023 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.049 | |
| Process Uptime: 0 days 0:16:05.482 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.040 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.066 | |
| Process Uptime: 0 days 0:16:05.499 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.049 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.075 | |
| Process Uptime: 0 days 0:16:05.508 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.060 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.086 | |
| Process Uptime: 0 days 0:16:05.519 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.073 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.099 | |
| Process Uptime: 0 days 0:16:05.532 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.089 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.115 | |
| Process Uptime: 0 days 0:16:05.548 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.096 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.122 | |
| Process Uptime: 0 days 0:16:05.555 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.105 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.131 | |
| Process Uptime: 0 days 0:16:05.564 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.117 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.143 | |
| Process Uptime: 0 days 0:16:05.576 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.125 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.151 | |
| Process Uptime: 0 days 0:16:05.584 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.143 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.169 | |
| Process Uptime: 0 days 0:16:05.602 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.152 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.178 | |
| Process Uptime: 0 days 0:16:05.612 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.165 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.191 | |
| Process Uptime: 0 days 0:16:05.624 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.175 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.201 | |
| Process Uptime: 0 days 0:16:05.634 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.186 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.212 | |
| Process Uptime: 0 days 0:16:05.646 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.196 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.222 | |
| Process Uptime: 0 days 0:16:05.655 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.204 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.230 | |
| Process Uptime: 0 days 0:16:05.663 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.214 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.240 | |
| Process Uptime: 0 days 0:16:05.674 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.221 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.247 | |
| Process Uptime: 0 days 0:16:05.681 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.231 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.257 | |
| Process Uptime: 0 days 0:16:05.690 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.240 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.266 | |
| Process Uptime: 0 days 0:16:05.699 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.248 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.274 | |
| Process Uptime: 0 days 0:16:05.707 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.259 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.285 | |
| Process Uptime: 0 days 0:16:05.718 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.269 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.295 | |
| Process Uptime: 0 days 0:16:05.728 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.280 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.306 | |
| Process Uptime: 0 days 0:16:05.739 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtCreateFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.293 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.319 | |
| Process Uptime: 0 days 0:16:05.753 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.307 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.333 | |
| Process Uptime: 0 days 0:16:05.766 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.315 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.341 | |
| Process Uptime: 0 days 0:16:05.774 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.329 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.355 | |
| Process Uptime: 0 days 0:16:05.788 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.343 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.369 | |
| Process Uptime: 0 days 0:16:05.802 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtAllocateVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.353 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.379 | |
| Process Uptime: 0 days 0:16:05.812 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtFreeVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.362 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.388 | |
| Process Uptime: 0 days 0:16:05.822 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtFreeVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.372 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.398 | |
| Process Uptime: 0 days 0:16:05.831 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtFreeVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.381 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.407 | |
| Process Uptime: 0 days 0:16:05.840 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.388 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.414 | |
| Process Uptime: 0 days 0:16:05.847 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.397 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.423 | |
| Process Uptime: 0 days 0:16:05.856 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.405 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.431 | |
| Process Uptime: 0 days 0:16:05.864 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.416 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.442 | |
| Process Uptime: 0 days 0:16:05.875 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.424 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.450 | |
| Process Uptime: 0 days 0:16:05.883 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.436 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.462 | |
| Process Uptime: 0 days 0:16:05.895 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.446 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.472 | |
| Process Uptime: 0 days 0:16:05.906 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.454 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.480 | |
| Process Uptime: 0 days 0:16:05.913 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.466 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.492 | |
| Process Uptime: 0 days 0:16:05.925 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.474 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.500 | |
| Process Uptime: 0 days 0:16:05.933 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.484 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.510 | |
| Process Uptime: 0 days 0:16:05.943 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.495 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.521 | |
| Process Uptime: 0 days 0:16:05.955 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.504 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.531 | |
| Process Uptime: 0 days 0:16:05.964 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.513 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.539 | |
| Process Uptime: 0 days 0:16:05.972 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.522 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.548 | |
| Process Uptime: 0 days 0:16:05.982 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.532 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.558 | |
| Process Uptime: 0 days 0:16:05.992 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.541 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.567 | |
| Process Uptime: 0 days 0:16:06.000 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.549 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.575 | |
| Process Uptime: 0 days 0:16:06.008 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.560 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.586 | |
| Process Uptime: 0 days 0:16:06.019 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.568 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.594 | |
| Process Uptime: 0 days 0:16:06.027 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.576 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.602 | |
| Process Uptime: 0 days 0:16:06.035 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtAllocateVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.587 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.613 | |
| Process Uptime: 0 days 0:16:06.046 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.596 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.622 | |
| Process Uptime: 0 days 0:16:06.055 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.603 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.629 | |
| Process Uptime: 0 days 0:16:06.062 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.612 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.638 | |
| Process Uptime: 0 days 0:16:06.071 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.625 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.651 | |
| Process Uptime: 0 days 0:16:06.084 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.634 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.659 | |
| Process Uptime: 0 days 0:16:06.093 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.641 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.667 | |
| Process Uptime: 0 days 0:16:06.100 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.652 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.678 | |
| Process Uptime: 0 days 0:16:06.111 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.660 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.686 | |
| Process Uptime: 0 days 0:16:06.119 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.669 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.695 | |
| Process Uptime: 0 days 0:16:06.128 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.678 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.704 | |
| Process Uptime: 0 days 0:16:06.137 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.688 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.714 | |
| Process Uptime: 0 days 0:16:06.147 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.697 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.723 | |
| Process Uptime: 0 days 0:16:06.157 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.710 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.736 | |
| Process Uptime: 0 days 0:16:06.169 | |
| Kernel time: 0 days 0:00:13.109 | |
| User time: 0 days 0:03:37.281 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.721 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.747 | |
| Process Uptime: 0 days 0:16:06.180 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.730 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.756 | |
| Process Uptime: 0 days 0:16:06.189 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.739 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.765 | |
| Process Uptime: 0 days 0:16:06.198 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.749 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.775 | |
| Process Uptime: 0 days 0:16:06.209 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.760 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.786 | |
| Process Uptime: 0 days 0:16:06.219 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.772 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.798 | |
| Process Uptime: 0 days 0:16:06.231 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.793 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.820 | |
| Process Uptime: 0 days 0:16:06.253 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.807 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.833 | |
| Process Uptime: 0 days 0:16:06.266 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtAllocateVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.816 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.842 | |
| Process Uptime: 0 days 0:16:06.275 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.826 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.851 | |
| Process Uptime: 0 days 0:16:06.285 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.835 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.861 | |
| Process Uptime: 0 days 0:16:06.294 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtCreateFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.843 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.869 | |
| Process Uptime: 0 days 0:16:06.302 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.854 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.880 | |
| Process Uptime: 0 days 0:16:06.313 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.863 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.889 | |
| Process Uptime: 0 days 0:16:06.324 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtSetInformationFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.874 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.900 | |
| Process Uptime: 0 days 0:16:06.333 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtSetInformationFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.883 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.908 | |
| Process Uptime: 0 days 0:16:06.342 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.891 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.917 | |
| Process Uptime: 0 days 0:16:06.350 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.902 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.928 | |
| Process Uptime: 0 days 0:16:06.362 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.910 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.936 | |
| Process Uptime: 0 days 0:16:06.370 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.919 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.945 | |
| Process Uptime: 0 days 0:16:06.378 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.927 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.953 | |
| Process Uptime: 0 days 0:16:06.386 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.935 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.961 | |
| Process Uptime: 0 days 0:16:06.395 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.943 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.969 | |
| Process Uptime: 0 days 0:16:06.402 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.952 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.978 | |
| Process Uptime: 0 days 0:16:06.411 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.963 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.988 | |
| Process Uptime: 0 days 0:16:06.422 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.971 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:42.997 | |
| Process Uptime: 0 days 0:16:06.430 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.981 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.007 | |
| Process Uptime: 0 days 0:16:06.440 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:58.996 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.021 | |
| Process Uptime: 0 days 0:16:06.455 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.003 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.029 | |
| Process Uptime: 0 days 0:16:06.462 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.012 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.038 | |
| Process Uptime: 0 days 0:16:06.471 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.020 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.046 | |
| Process Uptime: 0 days 0:16:06.479 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.034 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.060 | |
| Process Uptime: 0 days 0:16:06.493 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.043 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.069 | |
| Process Uptime: 0 days 0:16:06.502 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.052 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.078 | |
| Process Uptime: 0 days 0:16:06.512 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.062 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.088 | |
| Process Uptime: 0 days 0:16:06.521 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.071 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.097 | |
| Process Uptime: 0 days 0:16:06.530 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtFreeVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.088 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.114 | |
| Process Uptime: 0 days 0:16:06.547 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtFreeVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.096 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.122 | |
| Process Uptime: 0 days 0:16:06.555 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtAllocateVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.108 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.134 | |
| Process Uptime: 0 days 0:16:06.568 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.117 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.143 | |
| Process Uptime: 0 days 0:16:06.576 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.131 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.157 | |
| Process Uptime: 0 days 0:16:06.590 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.139 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.165 | |
| Process Uptime: 0 days 0:16:06.599 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.151 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.177 | |
| Process Uptime: 0 days 0:16:06.610 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.159 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.185 | |
| Process Uptime: 0 days 0:16:06.619 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtAllocateVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.168 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.194 | |
| Process Uptime: 0 days 0:16:06.628 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtFreeVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.178 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.204 | |
| Process Uptime: 0 days 0:16:06.638 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtFreeVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.186 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.212 | |
| Process Uptime: 0 days 0:16:06.645 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDelayExecution Called ===' | |
| Debug session time: Thu Apr 10 09:19:59.194 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:46:43.220 | |
| Process Uptime: 0 days 0:16:06.653 | |
| Kernel time: 0 days 0:00:13.125 | |
| User time: 0 days 0:03:37.296 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| (5c84.55e0): Break instruction exception - code 80000003 (first chance) | |
| ntdll!DbgBreakPoint: | |
| 00007ffb`0b1fdd10 cc int 3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment