Created
April 10, 2025 16:28
-
-
Save joshfinley/c55d540397ce240d9652bdd42bd5b5c9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0:007> g | |
| '=== NtTerminateThread Called ===' | |
| Debug session time: Thu Apr 10 09:27:43.839 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:27.865 | |
| Process Uptime: 0 days 1:04:21.754 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDelayExecution Called ===' | |
| Debug session time: Thu Apr 10 09:27:49.175 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:33.201 | |
| Process Uptime: 0 days 1:04:27.091 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.150 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.181 | |
| Process Uptime: 0 days 1:04:29.073 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.175 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.202 | |
| Process Uptime: 0 days 1:04:29.100 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.195 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.221 | |
| Process Uptime: 0 days 1:04:29.110 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.205 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.231 | |
| Process Uptime: 0 days 1:04:29.121 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.217 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.243 | |
| Process Uptime: 0 days 1:04:29.133 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.233 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.259 | |
| Process Uptime: 0 days 1:04:29.149 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.242 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.269 | |
| Process Uptime: 0 days 1:04:29.158 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.254 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.280 | |
| Process Uptime: 0 days 1:04:29.170 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.263 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.290 | |
| Process Uptime: 0 days 1:04:29.181 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.275 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.301 | |
| Process Uptime: 0 days 1:04:29.192 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.285 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.311 | |
| Process Uptime: 0 days 1:04:29.201 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.294 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.320 | |
| Process Uptime: 0 days 1:04:29.210 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.306 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.332 | |
| Process Uptime: 0 days 1:04:29.222 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.320 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.346 | |
| Process Uptime: 0 days 1:04:29.237 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.330 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.356 | |
| Process Uptime: 0 days 1:04:29.246 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.339 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.365 | |
| Process Uptime: 0 days 1:04:29.254 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.355 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.381 | |
| Process Uptime: 0 days 1:04:29.272 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.367 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.393 | |
| Process Uptime: 0 days 1:04:29.283 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.377 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.403 | |
| Process Uptime: 0 days 1:04:29.293 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.385 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.413 | |
| Process Uptime: 0 days 1:04:29.310 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.406 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.431 | |
| Process Uptime: 0 days 1:04:29.321 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.416 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.442 | |
| Process Uptime: 0 days 1:04:29.332 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.428 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.454 | |
| Process Uptime: 0 days 1:04:29.345 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtCreateFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.439 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.467 | |
| Process Uptime: 0 days 1:04:29.357 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.456 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.481 | |
| Process Uptime: 0 days 1:04:29.372 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.466 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.491 | |
| Process Uptime: 0 days 1:04:29.381 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtSetInformationFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.476 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.503 | |
| Process Uptime: 0 days 1:04:29.392 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtSetInformationFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.489 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.515 | |
| Process Uptime: 0 days 1:04:29.406 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.502 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.529 | |
| Process Uptime: 0 days 1:04:29.418 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.512 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.538 | |
| Process Uptime: 0 days 1:04:29.429 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.523 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.550 | |
| Process Uptime: 0 days 1:04:29.440 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.535 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.561 | |
| Process Uptime: 0 days 1:04:29.452 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.547 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.573 | |
| Process Uptime: 0 days 1:04:29.463 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.558 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.584 | |
| Process Uptime: 0 days 1:04:29.474 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.567 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.593 | |
| Process Uptime: 0 days 1:04:29.483 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.576 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.602 | |
| Process Uptime: 0 days 1:04:29.493 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.594 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.620 | |
| Process Uptime: 0 days 1:04:29.509 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.604 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.630 | |
| Process Uptime: 0 days 1:04:29.521 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.613 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.639 | |
| Process Uptime: 0 days 1:04:29.529 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.624 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.650 | |
| Process Uptime: 0 days 1:04:29.540 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.636 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.662 | |
| Process Uptime: 0 days 1:04:29.553 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.646 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.672 | |
| Process Uptime: 0 days 1:04:29.561 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.657 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.682 | |
| Process Uptime: 0 days 1:04:29.572 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.666 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.692 | |
| Process Uptime: 0 days 1:04:29.581 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.678 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.703 | |
| Process Uptime: 0 days 1:04:29.594 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.688 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.714 | |
| Process Uptime: 0 days 1:04:29.604 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.698 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.724 | |
| Process Uptime: 0 days 1:04:29.613 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.713 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.740 | |
| Process Uptime: 0 days 1:04:29.631 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.726 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.752 | |
| Process Uptime: 0 days 1:04:29.643 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.736 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.762 | |
| Process Uptime: 0 days 1:04:29.653 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.748 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.774 | |
| Process Uptime: 0 days 1:04:29.664 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.758 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.786 | |
| Process Uptime: 0 days 1:04:29.677 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDelayExecution Called ===' | |
| Debug session time: Thu Apr 10 09:27:51.774 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:35.800 | |
| Process Uptime: 0 days 1:04:29.689 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment