Skip to content

Instantly share code, notes, and snippets.

@hasherezade

hasherezade/magni1.exe.tag Secret

Created March 21, 2023 00:22
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
A log from tracing a Magniber sample, with functions arguments filled
Raw
magni1.exe.tag
f069;section: [.swicc]
ef24;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fed8 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fed0 -> {\xd2\xd9\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
10c4;called: ?? [14bf0000+0]
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14c00000+8;SYSCALL:0x36(NtQuerySystemInformation)
NtQuerySystemInformation:
Arg[0] = 0x0000000000000005 = 5
Arg[1] = 0
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe90 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe98 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fea0 -> {\xb8x\x02\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000004 = 4
> 14c00000+8;SYSCALL:0x36(NtQuerySystemInformation)
NtQuerySystemInformation:
Arg[0] = 0x0000000000000005 = 5
Arg[1] = ptr 0x0000000014c20000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = ptr 0x00000000000278b8 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[3] = ptr 0x000000000014fe90 -> {\xb8x\x02\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14cb0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14cf0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x04\x00\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14d10000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14d50000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> L"l"
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14d90000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14da0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {h\x01\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14db0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14dc0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xc4\x01\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14dd0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14de0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x10\x02\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14df0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e00000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> { \x02\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e10000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e20000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {t\x02\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e30000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e40000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xa0\x02\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e50000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e60000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xa8\x02\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e70000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e80000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {(\x03\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e90000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14ea0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {@\x03\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14eb0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14ec0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {H\x03\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14ed0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14ee0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x98\x03\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14ef0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f00000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xd4\x03\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f10000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f20000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x98\x01\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f30000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f40000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x0c\x04\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f50000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f60000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x14\x04\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f70000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f80000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x1c\x04\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f90000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14fa0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xb4\x04\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14fb0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14fc0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xcc\x04\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14fd0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14fe0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x0c\x05\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14ff0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15000000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x18\x05\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15010000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15020000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {@\x05\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15030000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15040000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x98\x05\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15050000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15060000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xa4\x05\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15070000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15080000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {4\x06\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15090000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 150a0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {t\x06\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 150b0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 150c0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xac\x06\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 150d0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 150e0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xb4\x06\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 150f0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15100000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xbc\x06\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15110000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15120000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x14\x07\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15130000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15150000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> { \x07\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15160000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15170000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {l\x07\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15180000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15190000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {x\x07\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 151a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 151b0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x80\x07\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 151c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 151d0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xb8\x05\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 151e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 151f0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {@\x08\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15200000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15210000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {L\x08\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15220000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15230000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {T\x08\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15240000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15250000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\\x08\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15260000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15270000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x94\x08\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15280000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15290000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x18\x09\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 152a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 152b0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {8\x09\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 152c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 152d0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {l\x09\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 152e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 152f0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xa4\x09\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15300000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15310000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> "8
"
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15320000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15330000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> "D
"
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15340000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15360000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> "L
"
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15370000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15380000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> "T
"
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15390000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 153a0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x80\x0a\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 153b0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 153c0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xa4\x0a\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 153d0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 153e0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xb0\x0a\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 153f0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15400000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xec\x0a\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15410000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15420000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {$\x0b\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15430000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15440000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xb0\x02\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15450000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15460000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15470000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000000dc = 220
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 154a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 154b0000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000000dc = 220
Arg[1] = 0x0000027367160000 = 2694673989632
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 154c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 154d0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 154e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 154f0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000000dc = 220
Arg[4] = 0x0000027367160000 = 2694673989632
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15510000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15530000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000000e0 = 224
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15540000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15550000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xcc\x02\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15560000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 155a0000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 155e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000000e4 = 228
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15620000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15660000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000000e4 = 228
Arg[1] = 0x00000286f8f50000 = 2778725679104
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 156a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 156e0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15720000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15760000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000000e4 = 228
Arg[4] = 0x00000286f8f50000 = 2778725679104
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 157a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 157e0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000000e8 = 232
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15820000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15830000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xe8\x08\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15840000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15850000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15860000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000000ec = 236
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15870000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15880000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000000ec = 236
Arg[1] = 0x0000019497fe0000 = 1737716793344
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15890000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 158a0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 158b0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 158c0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000000ec = 236
Arg[4] = 0x0000019497fe0000 = 1737716793344
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 158d0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 158e0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000000f0 = 240
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 158f0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15900000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {,\x0c\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15910000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15920000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {p\x0c\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15930000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15940000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15950000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000000f4 = 244
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15960000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15970000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000000f4 = 244
Arg[1] = 0x000001d8c2120000 = 2030480523264
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15980000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15990000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 159a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 159b0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000000f4 = 244
Arg[4] = 0x000001d8c2120000 = 2030480523264
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 159c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 159d0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000000f8 = 248
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 159e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 159f0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> "h
"
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a00000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a10000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x80\x0d\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a20000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a30000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x90\x0d\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a50000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a60000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {(\x0e\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a70000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a80000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a90000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000000fc = 252
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15aa0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ab0000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000000fc = 252
Arg[1] = 0x0000000009250000 = 153419776
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ac0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ad0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ae0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15af0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000000fc = 252
Arg[4] = 0x0000000009250000 = 153419776
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b00000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b10000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000100 = 256
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b20000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b30000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {|\x0e\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b40000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b50000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {h\x0f\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b60000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b70000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b80000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000104 = 260
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b90000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ba0000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000104 = 260
Arg[1] = 0x000002200b5f0000 = 2336652984320
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15bb0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15bc0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15bd0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15be0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000104 = 260
Arg[4] = 0x000002200b5f0000 = 2336652984320
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15bf0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c00000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000108 = 264
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c10000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c20000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {0\x10\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c30000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c40000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c50000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x000000000000010c = 268
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c60000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c70000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x000000000000010c = 268
Arg[1] = 0x00000210d97e0000 = 2271391645696
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c80000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c90000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ca0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15cb0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x000000000000010c = 268
Arg[4] = 0x00000210d97e0000 = 2271391645696
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15cc0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15cd0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000098 = 152
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ce0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15cf0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xc0\x10\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d00000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d10000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d20000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000110 = 272
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d30000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d40000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000110 = 272
Arg[1] = 0x00000264abc50000 = 2631401799680
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d50000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d60000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d70000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d80000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000110 = 272
Arg[4] = 0x00000264abc50000 = 2631401799680
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d90000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15da0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000114 = 276
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15db0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15dc0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {4\x11\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15dd0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15de0000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15df0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000118 = 280
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e00000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e10000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000118 = 280
Arg[1] = 0x000001979ad30000 = 1750649208832
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e20000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e30000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e40000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e50000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000118 = 280
Arg[4] = 0x000001979ad30000 = 1750649208832
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e60000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e70000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x000000000000011c = 284
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e80000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e90000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {<\x11\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ea0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15eb0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xac\x11\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ec0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ed0000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ee0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000120 = 288
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ef0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15f00000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000120 = 288
Arg[1] = 0x0000021891210000 = 2304537329664
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15f10000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0