Skip to content

Instantly share code, notes, and snippets.

@hasherezade

hasherezade/crackinstaller.exe.tag Secret

Created December 10, 2020 19:28
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hasherezade/668c9f1d42112fe7c0eaca781a6e28e5 to your computer and use it in GitHub Desktop.
Save hasherezade/668c9f1d42112fe7c0eaca781a6e28e5 to your computer and use it in GitHub Desktop.
Download ZIP
Trace log from crackinstaller.exe (FlareOn 2020)
Raw
crackinstaller.exe.tag
3218;section: [.text]
3843;CPUID:0
386a;CPUID:1
38ef;CPUID:7
4163;kernel32.LoadLibraryExW
41ed;kernel32.GetProcAddress
e050;kernelbase.InitializeCriticalSectionEx
4163;kernel32.LoadLibraryExW
41ed;kernel32.GetProcAddress
e050;kernelbase.FlsAlloc
41ed;kernel32.GetProcAddress
e050;kernelbase.FlsSetValue
9a37;kernel32.LoadLibraryExW
9aec;kernel32.GetProcAddress
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
a084;kernel32.GetProcessHeap
9a37;kernel32.LoadLibraryExW
9aec;kernel32.GetProcAddress
e050;kernelbase.FlsAlloc
6e3e;kernel32.GetLastError
9aec;kernel32.GetProcAddress
e050;kernelbase.FlsGetValue
9aec;kernel32.GetProcAddress
e050;kernelbase.FlsSetValue
7115;ntdll.RtlAllocateHeap
e050;kernelbase.FlsSetValue
7026;ntdll.RtlEnterCriticalSection
707a;ntdll.RtlLeaveCriticalSection
7026;ntdll.RtlEnterCriticalSection
707a;ntdll.RtlLeaveCriticalSection
6ef8;kernel32.SetLastError
7026;ntdll.RtlEnterCriticalSection
7026;ntdll.RtlEnterCriticalSection
7115;ntdll.RtlAllocateHeap
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
707a;ntdll.RtlLeaveCriticalSection
8ee0;kernel32.GetStartupInfoW
901e;kernel32.GetStdHandle
9034;kernel32.GetFileType
901e;kernel32.GetStdHandle
9034;kernel32.GetFileType
901e;kernel32.GetStdHandle
9034;kernel32.GetFileType
707a;ntdll.RtlLeaveCriticalSection
5bfc;kernel32.GetCommandLineA
5c09;kernel32.GetCommandLineW
e050;kernelbase.FlsGetValue
7026;ntdll.RtlEnterCriticalSection
707a;ntdll.RtlLeaveCriticalSection
7da9;kernel32.GetACP
658a;ntdll.RtlAllocateHeap
83d7;kernel32.IsValidCodePage
83ec;kernel32.GetCPInfo
7eae;kernel32.GetCPInfo
946b;kernel32.MultiByteToWideChar
9512;kernel32.MultiByteToWideChar
952c;kernel32.GetStringTypeW
72ff;kernel32.MultiByteToWideChar
73a5;kernel32.MultiByteToWideChar
9a37;kernel32.LoadLibraryExW
9aec;kernel32.GetProcAddress
e050;kernelbase.LCMapStringEx
e050;kernelbase.LCMapStringEx
7511;kernel32.WideCharToMultiByte
72ff;kernel32.MultiByteToWideChar
73a5;kernel32.MultiByteToWideChar
e050;kernelbase.LCMapStringEx
e050;kernelbase.LCMapStringEx
7511;kernel32.WideCharToMultiByte
7026;ntdll.RtlEnterCriticalSection
707a;ntdll.RtlLeaveCriticalSection
7026;ntdll.RtlEnterCriticalSection
658a;ntdll.RtlAllocateHeap
707a;ntdll.RtlLeaveCriticalSection
564d;kernel32.GetModuleFileNameA
7115;ntdll.RtlAllocateHeap
3543;ntdll.RtlInitializeSListHead
6cca;kernel32.GetLastError
e050;kernelbase.FlsGetValue
6d69;kernel32.SetLastError
86b5;kernel32.GetEnvironmentStringsW
8717;kernel32.WideCharToMultiByte
658a;ntdll.RtlAllocateHeap
8751;kernel32.WideCharToMultiByte
877b;kernel32.FreeEnvironmentStringsW
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
6522;kernel32.HeapFree
7115;ntdll.RtlAllocateHeap
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
e050;kernelbase.InitializeCriticalSectionEx
d499;CPUID:1
3753;kernel32.SetUnhandledExceptionFilter
1cfd;kernel32.LoadLibraryA
1d1c;kernel32.LoadLibraryA
1d51;kernel32.GetProcAddress
1d7f;kernel32.GetProcAddress
1dad;kernel32.GetProcAddress
1ddb;kernel32.GetProcAddress
1e09;kernel32.GetProcAddress
1e37;kernel32.GetProcAddress
1e61;kernel32.GetProcAddress
1e8b;kernel32.GetProcAddress
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
658a;ntdll.RtlAllocateHeap
6522;kernel32.HeapFree
6522;kernel32.HeapFree
7115;ntdll.RtlAllocateHeap
7115;ntdll.RtlAllocateHeap
658a;ntdll.RtlAllocateHeap
6522;kernel32.HeapFree
6522;kernel32.HeapFree
2f13;kernel32.CreateFileW
2f3a;kernel32.CreateFileMappingW
2f59;kernel32.MapViewOfFile
2f80;kernel32.UnmapViewOfFile
2f89;kernel32.CloseHandle
2f92;kernel32.CloseHandle
1ff5;advapi32.OpenSCManagerW
2013;advapi32.OpenServiceW
2074;advapi32.CreateServiceW
2082;advapi32.CloseServiceHandle
2094;advapi32.OpenServiceW
20aa;advapi32.StartServiceW
20bd;advapi32.CloseServiceHandle
20e7;kernel32.CreateFileW
20fa;advapi32.CloseServiceHandle
2d98;kernel32.VirtualAlloc
2e1a;kernel32.DeviceIoControl
2e33;kernel32.CloseHandle
1ee8;advapi32.OpenSCManagerW
1f06;advapi32.OpenServiceW
1f1c;kernel32.SetLastError
1f2f;advapi32.ControlService
1f58;advapi32.CloseServiceHandle
1f6a;advapi32.OpenServiceW
1f7b;advapi32.DeleteService
1f86;advapi32.CloseServiceHandle
1f8f;advapi32.CloseServiceHandle
26fe;kernel32.CreateFileW
270d;kernel32.CloseHandle
271c;kernel32.CloseHandle
6522;kernel32.HeapFree
658a;ntdll.RtlAllocateHeap
2199;shell32.SHGetKnownFolderPath
2203;combase.CoTaskMemFree
2230;kernel32.CreateFileW
2257;kernel32.WriteFile
6522;kernel32.HeapFree
2284;kernel32.CloseHandle
22af;shell32.SHGetKnownFolderPath
2319;combase.CoTaskMemFree
232a;kernel32.LoadLibraryW
234f;kernel32.GetProcAddress
2355;credhelper.DllRegisterServer
36fe;kernel32.GetModuleHandleW
4cb7;kernel32.GetModuleHandleW
7026;ntdll.RtlEnterCriticalSection
7026;ntdll.RtlEnterCriticalSection
6522;kernel32.HeapFree
707a;ntdll.RtlLeaveCriticalSection
7026;ntdll.RtlEnterCriticalSection
707a;ntdll.RtlLeaveCriticalSection
7026;ntdll.RtlEnterCriticalSection
707a;ntdll.RtlLeaveCriticalSection
7026;ntdll.RtlEnterCriticalSection
707a;ntdll.RtlLeaveCriticalSection
a8e1;ntdll.RtlDeleteCriticalSection
a8e1;ntdll.RtlDeleteCriticalSection
a8e1;ntdll.RtlDeleteCriticalSection
6522;kernel32.HeapFree
707a;ntdll.RtlLeaveCriticalSection
9a37;kernel32.LoadLibraryExW
9aec;kernel32.GetProcAddress
e050;kernel.appcore.AppPolicyGetProcessTerminationMethod
4dbc;kernel32.GetModuleHandleExW
4d97;kernel32.ExitProcess
3f2a;ntdll.[RtlProcessFlsData+145]*
7026;ntdll.RtlEnterCriticalSection
707a;ntdll.RtlLeaveCriticalSection
7026;ntdll.RtlEnterCriticalSection
707a;ntdll.RtlLeaveCriticalSection
6522;kernel32.HeapFree
6b5f;ntdll.[RtlProcessFlsData+145]*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment