Skip to content

Instantly share code, notes, and snippets.

@hasherezade

hasherezade/magni1.exe.tag Secret

Created March 21, 2023 00:22
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hasherezade/873bb70444cde808011f41e831fffef5 to your computer and use it in GitHub Desktop.
Save hasherezade/873bb70444cde808011f41e831fffef5 to your computer and use it in GitHub Desktop.
Download ZIP
A log from tracing a Magniber sample, with functions arguments filled
Raw
magni1.exe.tag
f069;section: [.swicc]
ef24;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fed8 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fed0 -> {\xd2\xd9\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
10c4;called: ?? [14bf0000+0]
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14c00000+8;SYSCALL:0x36(NtQuerySystemInformation)
NtQuerySystemInformation:
Arg[0] = 0x0000000000000005 = 5
Arg[1] = 0
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe90 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe98 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fea0 -> {\xb8x\x02\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000004 = 4
> 14c00000+8;SYSCALL:0x36(NtQuerySystemInformation)
NtQuerySystemInformation:
Arg[0] = 0x0000000000000005 = 5
Arg[1] = ptr 0x0000000014c20000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = ptr 0x00000000000278b8 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[3] = ptr 0x000000000014fe90 -> {\xb8x\x02\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14cb0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14cf0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x04\x00\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14d10000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14d50000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> L"l"
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14d90000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14da0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {h\x01\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14db0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14dc0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xc4\x01\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14dd0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14de0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x10\x02\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14df0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e00000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> { \x02\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e10000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e20000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {t\x02\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e30000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e40000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xa0\x02\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e50000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e60000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xa8\x02\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e70000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e80000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {(\x03\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14e90000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14ea0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {@\x03\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14eb0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14ec0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {H\x03\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14ed0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14ee0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x98\x03\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14ef0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f00000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xd4\x03\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f10000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f20000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x98\x01\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f30000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f40000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x0c\x04\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f50000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f60000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x14\x04\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f70000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f80000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x1c\x04\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14f90000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14fa0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xb4\x04\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14fb0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14fc0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xcc\x04\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14fd0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14fe0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x0c\x05\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 14ff0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15000000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x18\x05\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15010000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15020000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {@\x05\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15030000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15040000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x98\x05\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15050000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15060000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xa4\x05\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15070000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15080000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {4\x06\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15090000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 150a0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {t\x06\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 150b0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 150c0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xac\x06\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 150d0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 150e0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xb4\x06\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 150f0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15100000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xbc\x06\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15110000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15120000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x14\x07\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15130000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15150000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> { \x07\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15160000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15170000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {l\x07\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15180000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15190000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {x\x07\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 151a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 151b0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x80\x07\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 151c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 151d0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xb8\x05\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 151e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 151f0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {@\x08\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15200000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15210000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {L\x08\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15220000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15230000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {T\x08\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15240000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15250000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\\x08\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15260000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15270000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x94\x08\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15280000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15290000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x18\x09\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 152a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 152b0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {8\x09\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 152c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 152d0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {l\x09\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 152e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 152f0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xa4\x09\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15300000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15310000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> "8
"
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15320000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15330000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> "D
"
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15340000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15360000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> "L
"
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15370000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15380000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> "T
"
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15390000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 153a0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x80\x0a\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 153b0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 153c0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xa4\x0a\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 153d0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 153e0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xb0\x0a\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 153f0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15400000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xec\x0a\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15410000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15420000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {$\x0b\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15430000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15440000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xb0\x02\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15450000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15460000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15470000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000000dc = 220
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 154a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 154b0000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000000dc = 220
Arg[1] = 0x0000027367160000 = 2694673989632
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 154c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 154d0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 154e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 154f0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000000dc = 220
Arg[4] = 0x0000027367160000 = 2694673989632
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15510000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15530000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000000e0 = 224
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15540000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15550000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xcc\x02\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15560000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 155a0000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 155e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000000e4 = 228
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15620000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15660000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000000e4 = 228
Arg[1] = 0x00000286f8f50000 = 2778725679104
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 156a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 156e0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15720000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15760000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000000e4 = 228
Arg[4] = 0x00000286f8f50000 = 2778725679104
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 157a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 157e0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000000e8 = 232
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15820000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15830000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xe8\x08\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15840000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15850000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15860000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000000ec = 236
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15870000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15880000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000000ec = 236
Arg[1] = 0x0000019497fe0000 = 1737716793344
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15890000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 158a0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 158b0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 158c0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000000ec = 236
Arg[4] = 0x0000019497fe0000 = 1737716793344
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 158d0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 158e0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000000f0 = 240
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 158f0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15900000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {,\x0c\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15910000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15920000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {p\x0c\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15930000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15940000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15950000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000000f4 = 244
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15960000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15970000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000000f4 = 244
Arg[1] = 0x000001d8c2120000 = 2030480523264
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15980000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15990000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 159a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 159b0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000000f4 = 244
Arg[4] = 0x000001d8c2120000 = 2030480523264
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 159c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 159d0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000000f8 = 248
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 159e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 159f0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> "h
"
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a00000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a10000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x80\x0d\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a20000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a30000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x90\x0d\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a50000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a60000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {(\x0e\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a70000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a80000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15a90000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000000fc = 252
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15aa0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ab0000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000000fc = 252
Arg[1] = 0x0000000009250000 = 153419776
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ac0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ad0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ae0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15af0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000000fc = 252
Arg[4] = 0x0000000009250000 = 153419776
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b00000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b10000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000100 = 256
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b20000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b30000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {|\x0e\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b40000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b50000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {h\x0f\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b60000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b70000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b80000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000104 = 260
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15b90000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ba0000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000104 = 260
Arg[1] = 0x000002200b5f0000 = 2336652984320
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15bb0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15bc0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15bd0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15be0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000104 = 260
Arg[4] = 0x000002200b5f0000 = 2336652984320
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15bf0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c00000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000108 = 264
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c10000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c20000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {0\x10\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c30000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c40000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c50000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x000000000000010c = 268
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c60000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c70000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x000000000000010c = 268
Arg[1] = 0x00000210d97e0000 = 2271391645696
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c80000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15c90000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ca0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15cb0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x000000000000010c = 268
Arg[4] = 0x00000210d97e0000 = 2271391645696
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15cc0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15cd0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000098 = 152
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ce0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15cf0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xc0\x10\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d00000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d10000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d20000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000110 = 272
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d30000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d40000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000110 = 272
Arg[1] = 0x00000264abc50000 = 2631401799680
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d50000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d60000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d70000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d80000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000110 = 272
Arg[4] = 0x00000264abc50000 = 2631401799680
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15d90000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15da0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000114 = 276
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15db0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15dc0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {4\x11\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15dd0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15de0000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15df0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000118 = 280
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e00000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e10000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000118 = 280
Arg[1] = 0x000001979ad30000 = 1750649208832
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e20000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e30000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e40000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e50000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000118 = 280
Arg[4] = 0x000001979ad30000 = 1750649208832
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e60000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e70000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x000000000000011c = 284
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e80000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15e90000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {<\x11\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ea0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15eb0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xac\x11\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ec0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ed0000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ee0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000120 = 288
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ef0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15f00000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000120 = 288
Arg[1] = 0x0000021891210000 = 2304537329664
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15f10000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15f20000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15f30000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15f40000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000120 = 288
Arg[4] = 0x0000021891210000 = 2304537329664
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15f50000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15f60000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000124 = 292
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15f70000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15f80000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xf4\x13\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15f90000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15fa0000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15fb0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000128 = 296
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15fc0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15fd0000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000128 = 296
Arg[1] = ptr 0x0000000000eb0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15fe0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 15ff0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16000000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16010000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000128 = 296
Arg[4] = ptr 0x0000000000eb0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16030000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16040000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x000000000000012c = 300
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16050000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16060000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x94\x0e\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16070000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16080000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16090000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000130 = 304
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 160a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 160b0000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000130 = 304
Arg[1] = 0x0000021fb9480000 = 2335275745280
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 160c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 160d0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 160e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16100000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000130 = 304
Arg[4] = 0x0000021fb9480000 = 2335275745280
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16110000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16120000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000134 = 308
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16130000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16140000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x98\x0c\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16150000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16160000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16170000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000138 = 312
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16180000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16190000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000138 = 312
Arg[1] = 0x0000020a1c400000 = 2242446884864
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 161a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 161b0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 161c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 161d0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000138 = 312
Arg[4] = 0x0000020a1c400000 = 2242446884864
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 161e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 161f0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x000000000000013c = 316
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16200000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16210000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {p\x0e\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16220000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16230000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16240000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000140 = 320
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16250000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16260000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000140 = 320
Arg[1] = 0x000001db065b0000 = 2040216092672
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16270000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16290000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 162a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 162b0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000140 = 320
Arg[4] = 0x000001db065b0000 = 2040216092672
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 162c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 162d0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000144 = 324
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 162e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 162f0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x9c\x14\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16300000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16310000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16320000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000148 = 328
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16330000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16340000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000148 = 328
Arg[1] = 0x0000020e86e70000 = 2261416083456
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16350000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16360000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16370000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16380000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000148 = 328
Arg[4] = 0x0000020e86e70000 = 2261416083456
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 163a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 163b0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x000000000000014c = 332
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 163c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 163d0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xa8\x14\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 163e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 163f0000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16400000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000150 = 336
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16410000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16420000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000150 = 336
Arg[1] = 0x000001a8a3430000 = 1823805210624
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16430000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16440000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16450000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16460000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000150 = 336
Arg[4] = 0x000001a8a3430000 = 1823805210624
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16470000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16480000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000154 = 340
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16490000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 164a0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xc0\x14\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 164b0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 164d0000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 164e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000158 = 344
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 164f0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16500000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000158 = 344
Arg[1] = 0x000002c329350000 = 3037233217536
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16510000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16520000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16530000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16540000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000158 = 344
Arg[4] = 0x000002c329350000 = 3037233217536
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16550000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16560000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000000c0 = 192
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16570000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16580000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {(\x16\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16590000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 165a0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xc8\x17\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 165b0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 165c0000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 165d0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x000000000000015c = 348
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 165e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 165f0000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x000000000000015c = 348
Arg[1] = 0x000001c14d3f0000 = 1929736290304
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16600000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16610000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16620000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16630000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x000000000000015c = 348
Arg[4] = 0x000001c14d3f0000 = 1929736290304
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16640000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16650000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000160 = 352
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16660000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16670000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xe0\x17\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16680000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16690000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 166a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000164 = 356
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 166b0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 166c0000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000164 = 356
Arg[1] = 0x0000029e9dbd0000 = 2880274497536
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 166d0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 166e0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 166f0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16700000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000164 = 356
Arg[4] = 0x0000029e9dbd0000 = 2880274497536
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16710000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16720000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000168 = 360
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16730000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16740000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xc4\x16\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16750000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16760000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16770000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x000000000000016c = 364
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16780000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16790000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x000000000000016c = 364
Arg[1] = 0x000002571bfd0000 = 2573154975744
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 167a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 167b0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 167c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 167d0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x000000000000016c = 364
Arg[4] = 0x000002571bfd0000 = 2573154975744
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 167e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 167f0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000170 = 368
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16800000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16810000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xb4\x10\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16820000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16830000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x80\x02\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16840000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16850000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16860000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000000b8 = 184
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16870000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16880000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000000b8 = 184
Arg[1] = 0x00000281eb230000 = 2757018976256
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16890000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 168a0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 168b0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 168c0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000000b8 = 184
Arg[4] = 0x00000281eb230000 = 2757018976256
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 168d0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 168e0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000174 = 372
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 168f0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16900000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x1c\x02\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16910000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16920000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16930000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000178 = 376
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16940000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16950000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000178 = 376
Arg[1] = 0x00000268289c0000 = 2646381166592
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16960000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16970000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16980000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16990000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000178 = 376
Arg[4] = 0x00000268289c0000 = 2646381166592
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 169a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 169b0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x000000000000017c = 380
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 169c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 169d0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {<\x10\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 169e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 169f0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {h\x11\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16a00000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16a10000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xe8\x0e\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16a20000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16a30000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {T\x16\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16a40000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16a50000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16a60000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000180 = 384
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16a70000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16a80000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000180 = 384
Arg[1] = 0x000001f7117a0000 = 2160661757952
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16a90000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16aa0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16ab0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16ac0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000180 = 384
Arg[4] = 0x000001f7117a0000 = 2160661757952
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16ad0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16ae0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000184 = 388
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16af0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16b00000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {,\x09\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16b10000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16b20000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x80\x06\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16b30000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16b40000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x88\x17\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16b50000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16b60000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xbc\x0d\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16b70000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16b80000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xb4\x0b\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16b90000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16ba0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xe8\x06\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16bb0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16bc0000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16bd0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16be0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {p\x06\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16bf0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16c00000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {8\x0f\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16c10000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16c20000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {h\x0e\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16c30000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16c40000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {8\x0e\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16c50000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16c60000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16c70000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x000000000000018c = 396
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16c80000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16c90000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x000000000000018c = 396
Arg[1] = 0x0000021152110000 = 2273414545408
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16ca0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16cb0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16cc0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16cd0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x000000000000018c = 396
Arg[4] = 0x0000021152110000 = 2273414545408
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16ce0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16cf0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000190 = 400
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16d00000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16d10000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x04\x07\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16d20000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16d30000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xa4\x07\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16d40000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16d50000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16d60000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000194 = 404
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16d80000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16d90000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000194 = 404
Arg[1] = 0x0000020161140000 = 2204946923520
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16da0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16db0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16dc0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16dd0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000194 = 404
Arg[4] = 0x0000020161140000 = 2204946923520
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16de0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16df0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x0000000000000198 = 408
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16e00000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16e10000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x0c\x0b\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16e20000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16e30000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x08\x10\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16e40000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16e50000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16e60000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x000000000000019c = 412
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16e80000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16e90000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x000000000000019c = 412
Arg[1] = 0x00000277ad100000 = 2713027870720
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16ea0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16eb0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16ec0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16ed0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x000000000000019c = 412
Arg[4] = 0x00000277ad100000 = 2713027870720
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16ee0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16ef0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000001a0 = 416
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16f00000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16f10000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x9c\x07\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16f20000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16f30000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16f40000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000001a4 = 420
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16f50000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16f60000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000001a4 = 420
Arg[1] = 0x0000028b8a000000 = 2798338965504
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16f70000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16f80000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16f90000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16fa0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000001a4 = 420
Arg[4] = 0x0000028b8a000000 = 2798338965504
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16fb0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16fc0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000001a8 = 424
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16fd0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16fe0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xd8\x14\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 16ff0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17000000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x88\x0d\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17010000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17020000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17030000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000000a0 = 160
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17040000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17050000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000000a0 = 160
Arg[1] = 0x00000283f3420000 = 2765745160192
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17060000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17070000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17090000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 170a0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000000a0 = 160
Arg[4] = 0x00000283f3420000 = 2765745160192
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 170b0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 170c0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000001ac = 428
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 170d0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 170e0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xd4\x13\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 170f0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17110000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17120000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000001b0 = 432
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17130000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17140000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000001b0 = 432
Arg[1] = 0x000002883b5a0000 = 2784134561792
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17150000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17160000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17170000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17180000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000001b0 = 432
Arg[4] = 0x000002883b5a0000 = 2784134561792
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17190000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 171a0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000001b4 = 436
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 171b0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 171c0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\x94\x17\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 171d0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 171e0000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 171f0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x0000000000000084 = 132
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17200000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17210000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x0000000000000084 = 132
Arg[1] = 0x000002a0e4530000 = 2890048667648
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17220000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17230000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17240000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17250000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x0000000000000084 = 132
Arg[4] = 0x000002a0e4530000 = 2890048667648
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17260000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17270000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000001b8 = 440
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17280000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17290000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {@\x10\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 172a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 172b0000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 172c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 172d0000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {p\x04\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 172e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 172f0000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17300000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17310000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {x\x11\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17320000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17330000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17340000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000001c4 = 452
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17360000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17370000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000001c4 = 452
Arg[1] = ptr 0x0000000017350000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17380000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17390000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 173a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 173b0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000001c4 = 452
Arg[4] = ptr 0x0000000017350000 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 174c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 174d0000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000001c8 = 456
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17720000+8;SYSCALL:0x34(NtDelayExecution)
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\xa4\xb3\xab`\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\xf5\xd5\xab`\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\xa7\xd7\xab`\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {'\xd9\xab`\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x9d\xda\xab`\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x12\xdc\xab`\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x87\xdd\xab`\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x0d\xdf\xab`\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {{\xe0\xab`\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+6aa;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17790000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xe4\x00\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 177a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 177b0000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 177c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000001d8 = 472
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 177d0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 177e0000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000001d8 = 472
Arg[1] = 0x0000021379d80000 = 2282671833088
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 177f0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17800000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17810000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17820000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000001d8 = 472
Arg[4] = 0x0000021379d80000 = 2282671833088
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17830000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17840000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000001dc = 476
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17850000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17860000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xb4\x08\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17870000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17880000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17890000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000001e0 = 480
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 178a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 178b0000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000001e0 = 480
Arg[1] = 0x000002314ed30000 = 2410799104000
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 178c0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 178d0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 178e0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 178f0000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000001e0 = 480
Arg[4] = 0x000002314ed30000 = 2410799104000
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17900000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17910000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000001e4 = 484
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17920000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17930000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xc4\x0e\x00\x00\x00\x00\x00\x00}
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17940000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17950000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17960000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17970000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> "\
"
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17980000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fe30 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fe38 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17990000+8;SYSCALL:0x19(NtQueryInformationProcess)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 179a0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0x00000000000001ec = 492
Arg[1] = ptr 0x000000000014fdf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdf8 -> {L\xd0\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000003000 = 12288
Arg[5] = 0x0000000000000004 = 4
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 179b0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 179c0000+8;SYSCALL:0x3a(NtWriteVirtualMemory)
NtWriteVirtualMemory:
Arg[0] = 0x00000000000001ec = 492
Arg[1] = 0x00000226f98b0000 = 2366418649088
Arg[2] = ptr 0x0000000014bf04f1 -> {\xe9[v\x00\x00\xcc\xcc\xcc}
Arg[3] = 0x000000000000d04c = 53324
Arg[4] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 179d0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 179e0000+8;SYSCALL:0x50(NtProtectVirtualMemory)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 179f0000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17a00000+8;SYSCALL:0xc1(NtCreateThreadEx)
NtCreateThreadEx:
Arg[0] = ptr 0x000000000014fe00 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = 0
Arg[3] = 0x00000000000001ec = 492
Arg[4] = 0x00000226f98b0000 = 2366418649088
Arg[5] = 0
Arg[6] = 0x0000000000000001 = 1
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17a10000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fda0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fda8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17a20000+8;SYSCALL:0x52(NtResumeThread)
NtResumeThread:
Arg[0] = 0x00000000000001f0 = 496
Arg[1] = 0
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17a30000+8;SYSCALL:0x34(NtDelayExecution)
> 14bf0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x000000000014fdc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x000000000014fdc8 -> {\x0b\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000040 = 64
> 17a40000+8;SYSCALL:0x26(NtOpenProcess)
NtOpenProcess:
Arg[0] = ptr 0x000000000014fe20 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x00000000001fffff = 2097151
Arg[2] = ptr 0x000000000014fde0 -> L"0"
Arg[3] = ptr 0x000000000014fdd0 -> {\xa8\x15\x00\x00\x00\x00\x00\x00}
> 14bf0000+4e5;magni1.[.swicc+c6]*
f083;kernel32.[BaseThreadInitThunk+14]*
> 17357000+69f;SYSCALL:0x19(NtQueryInformationProcess)
> 17357000+67e;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x00000000174bfb08 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x00000000174bfb00 -> {\x10\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x14801af200001000 = 1477210304461934592
Arg[5] = 0x14d8106a00000004 = 1501968523180638212
> 17357000+6d6;SYSCALL:0x33(NtOpenFile)
NtOpenFile:
Arg[0] = ptr 0x00000000174bfaf8 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x0000000000100080 = 1048704
Arg[2] = ptr 0x00000000174bfa90 -> L"0"
Arg[3] = ptr 0x00000000174bfa58 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x14801af200000001 = 1477210304461930497
Arg[5] = 0x14d8106a00000021 = 1501968523180638241
> 17357000+723;SYSCALL:0x49(NtQueryVolumeInformationFile)
NtQueryVolumeInformationFile:
Arg[0] = 0x00000000000001f4 = 500
Arg[1] = ptr 0x00000000174bfa58 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = ptr 0x00000000174bfa50 -> {v\xac\x94\xa9b\xe5\xb0\xc2}
Arg[3] = 0x0000000000000008 = 8
Arg[4] = 0x14801af200000004 = 1477210304461930500
> 17357000+723;SYSCALL:0x49(NtQueryVolumeInformationFile)
NtQueryVolumeInformationFile:
Arg[0] = 0x00000000000001f4 = 500
Arg[1] = ptr 0x00000000174bfa58 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = ptr 0x00000000174bfa78 -> {\x0e\xf0\x8c\xdc\xba\x0eh\xda}
Arg[3] = 0x0000000000000220 = 544
Arg[4] = 0x14801af200000001 = 1477210304461930497
> 17357000+6b5;SYSCALL:0xf(NtClose)
> 17357000+689;SYSCALL:0x1e(NtFreeVirtualMemory)
> 17357000+67e;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x00000000174bfb08 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x00000000174bfb00 -> {\x10\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x14801af200001000 = 1477210304461934592
Arg[5] = 0x14d8106a00000004 = 1501968523180638212
> 17357000+6d6;SYSCALL:0x33(NtOpenFile)
NtOpenFile:
Arg[0] = ptr 0x00000000174bfaf8 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x0000000000100080 = 1048704
Arg[2] = ptr 0x00000000174bfa90 -> L"0"
Arg[3] = ptr 0x00000000174bfa58 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x14801af200000001 = 1477210304461930497
Arg[5] = 0x14d8106a00000021 = 1501968523180638241
> 17357000+723;SYSCALL:0x49(NtQueryVolumeInformationFile)
NtQueryVolumeInformationFile:
Arg[0] = 0x00000000000001f4 = 500
Arg[1] = ptr 0x00000000174bfa58 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = ptr 0x00000000174bfa50 -> {\x07\x00\x00\x00 \x00\x02\x00}
Arg[3] = 0x0000000000000008 = 8
Arg[4] = 0x14801af200000004 = 1477210304461930500
> 17357000+67e;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x00000000174bfb08 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x00000000174bfb00 -> {\x10\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x14801af200001000 = 1477210304461934592
Arg[5] = 0x14d8106a00000004 = 1501968523180638212
> 17357000+6d6;SYSCALL:0x33(NtOpenFile)
NtOpenFile:
Arg[0] = ptr 0x00000000174bfaf8 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0x0000000000100080 = 1048704
Arg[2] = ptr 0x00000000174bfa90 -> L"0"
Arg[3] = ptr 0x00000000174bfa58 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x14801af200000001 = 1477210304461930497
Arg[5] = 0x14d8106a00000021 = 1501968523180638241
> 17357000+723;SYSCALL:0x49(NtQueryVolumeInformationFile)
NtQueryVolumeInformationFile:
Arg[0] = 0x00000000000001f8 = 504
Arg[1] = ptr 0x00000000174bfa58 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = ptr 0x00000000174bfa50 -> {\x02\x00\x00\x00!\x01\x00\x00}
Arg[3] = 0x0000000000000008 = 8
Arg[4] = 0x14801af200000004 = 1477210304461930500
> 17357000+723;SYSCALL:0x49(NtQueryVolumeInformationFile)
NtQueryVolumeInformationFile:
Arg[0] = 0x00000000000001f8 = 504
Arg[1] = ptr 0x00000000174bfa58 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = ptr 0x00000000174bfa78 -> {\xf6\xaf\xbf\xe9\x00\xc2\xd7\x01}
Arg[3] = 0x0000000000000220 = 544
Arg[4] = 0x14801af200000001 = 1477210304461930497
> 17357000+6b5;SYSCALL:0xf(NtClose)
> 17357000+689;SYSCALL:0x1e(NtFreeVirtualMemory)
> 17357000+69f;SYSCALL:0x19(NtQueryInformationProcess)
> 17357000+67e;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x00000000174bfb08 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x00000000174bfb00 -> {\x10\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x14801af200001000 = 1477210304461934592
Arg[5] = 0x14d8106a00000004 = 1501968523180638212
> 17357000+6d6;SYSCALL:0x33(NtOpenFile)
NtOpenFile:
Arg[0] = ptr 0x00000000174bfaf8 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = ptr 0x0000000000100080 -> {@.\x9a\x02\x00\x00\x00\x00}
Arg[2] = ptr 0x00000000174bfa90 -> L"0"
Arg[3] = ptr 0x00000000174bfa58 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x14801af200000001 = 1477210304461930497
Arg[5] = 0x14d8106a00000021 = 1501968523180638241
> 17357000+723;SYSCALL:0x49(NtQueryVolumeInformationFile)
NtQueryVolumeInformationFile:
Arg[0] = 0x00000000000001f8 = 504
Arg[1] = ptr 0x00000000174bfa58 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = ptr 0x00000000174bfa50 -> {\x07\x00\x00\x00\x10\x00\x00\x00}
Arg[3] = 0x0000000000000008 = 8
Arg[4] = 0x14801af200000004 = 1477210304461930500
> 17357000+723;SYSCALL:0x49(NtQueryVolumeInformationFile)
NtQueryVolumeInformationFile:
Arg[0] = 0x00000000000001f8 = 504
Arg[1] = ptr 0x00000000174bfa58 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = ptr 0x00000000174bfa78 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[3] = 0x0000000000000220 = 544
Arg[4] = 0x14801af200000001 = 1477210304461930497
> 17357000+6b5;SYSCALL:0xf(NtClose)
> 17357000+689;SYSCALL:0x1e(NtFreeVirtualMemory)
> 17357000+67e;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x00000000174bfb08 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x00000000174bfb00 -> {\x10\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x14801af200001000 = 1477210304461934592
Arg[5] = 0x14d8106a00000004 = 1501968523180638212
> 17357000+6d6;SYSCALL:0x33(NtOpenFile)
NtOpenFile:
Arg[0] = ptr 0x00000000174bfaf8 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = ptr 0x0000000000100080 -> {@.\x9a\x02\x00\x00\x00\x00}
Arg[2] = ptr 0x00000000174bfa90 -> L"0"
Arg[3] = ptr 0x00000000174bfa58 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x14801af200000001 = 1477210304461930497
Arg[5] = 0x14d8106a00000021 = 1501968523180638241
> 17357000+723;SYSCALL:0x49(NtQueryVolumeInformationFile)
NtQueryVolumeInformationFile:
Arg[0] = 0x00000000000001f8 = 504
Arg[1] = ptr 0x00000000174bfa58 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = ptr 0x00000000174bfa50 -> {\x07\x00\x00\x00 \x00\x02\x00}
Arg[3] = 0x0000000000000008 = 8
Arg[4] = 0x14801af200000004 = 1477210304461930500
> 17357000+67e;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x00000000174bfb08 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x00000000174bfb00 -> {\x10\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x14801af200001000 = 1477210304461934592
Arg[5] = 0x14d8106a00000004 = 1501968523180638212
> 17357000+6d6;SYSCALL:0x33(NtOpenFile)
NtOpenFile:
Arg[0] = ptr 0x00000000174bfaf8 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = ptr 0x0000000000100080 -> {@.\x9a\x02\x00\x00\x00\x00}
Arg[2] = ptr 0x00000000174bfa90 -> L"0"
Arg[3] = ptr 0x00000000174bfa58 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x14801af200000001 = 1477210304461930497
Arg[5] = 0x14d8106a00000021 = 1501968523180638241
> 17357000+723;SYSCALL:0x49(NtQueryVolumeInformationFile)
NtQueryVolumeInformationFile:
Arg[0] = 0x00000000000001fc = 508
Arg[1] = ptr 0x00000000174bfa58 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = ptr 0x00000000174bfa50 -> {\x02\x00\x00\x00!\x01\x00\x00}
Arg[3] = 0x0000000000000008 = 8
Arg[4] = 0x14801af200000004 = 1477210304461930500
> 17357000+723;SYSCALL:0x49(NtQueryVolumeInformationFile)
NtQueryVolumeInformationFile:
Arg[0] = 0x00000000000001fc = 508
Arg[1] = ptr 0x00000000174bfa58 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = ptr 0x00000000174bfa78 -> {\xf6\xaf\xbf\xe9\x00\xc2\xd7\x01}
Arg[3] = 0x0000000000000220 = 544
Arg[4] = 0x14801af200000001 = 1477210304461930497
> 17357000+6b5;SYSCALL:0xf(NtClose)
> 17357000+689;SYSCALL:0x1e(NtFreeVirtualMemory)
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x00\x10\x00\x00\x00\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\xf5\xfd{b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x8f\xff{b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x06\x01|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x92\x02|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x1f\x04|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x8b\x05|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {+\x07|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x9b\x08|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x02\x0a|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {Y\x0d|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\xb7&|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {G(|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\xc2)|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {1+|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x9d,|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x09.|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {o/|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\xd80|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\xe02|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {Q4|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\xc7>|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {g@|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\xd9A|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {[C|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x8fF|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\xa8H|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x15J|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\x94K|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bfb00 -> {\xfdL|b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+67e;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x00000000174bfb08 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x00000000174bfb00 -> L"J"
Arg[4] = 0x7a20201200001000 = 8800068933563453440
Arg[5] = 0x3478478a00000004 = 3780850545208590340
> 17357000+6c0;SYSCALL:0x55(NtCreateFile)
NtCreateFile:
Arg[0] = ptr 0x00000000174bfa60 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = ptr 0x0000000000120116 -> {\x00\x00\xf0*\x9a\x02\x00\x00}
Arg[2] = ptr 0x00000000174bfa88 -> L"0"
Arg[3] = ptr 0x00000000174bfa78 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0
Arg[5] = 0x3478478a00000080 = 3780850545208590464
Arg[6] = 0x3c506e8200000002 = 4346095145037332482
Arg[7] = 0xe9a80cf800000002 = 16836721466216022018
Arg[8] = 0x14801af200000020 = 1477210304461930528
Arg[9] = 0
> 17357000+689;SYSCALL:0x1e(NtFreeVirtualMemory)
> 17357000+67e;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x00000000174bfb08 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x00000000174bfb00 -> L"J"
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x3478478a00000004 = 3780850545208590340
> 17357000+6c0;SYSCALL:0x55(NtCreateFile)
NtCreateFile:
Arg[0] = ptr 0x00000000174bfa60 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = ptr 0x0000000000120116 -> {\x00\x00\xf0*\x9a\x02\x00\x00}
Arg[2] = ptr 0x00000000174bfa88 -> L"0"
Arg[3] = ptr 0x00000000174bfa78 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0
Arg[5] = 0x3478478a00000080 = 3780850545208590464
Arg[6] = 0x3c506e8200000002 = 4346095145037332482
Arg[7] = 0xe9a80cf800000002 = 16836721466216022018
Arg[8] = 0x14801af200000020 = 1477210304461930528
Arg[9] = 0
> 17357000+689;SYSCALL:0x1e(NtFreeVirtualMemory)
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {+t\x80b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {tu\x80b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x89v\x80b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x96w\x80b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xa2x\x80b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xc9y\x80b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xd4z\x80b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xe0{\x80b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xec|\x80b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+67e;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x00000000174bfa50 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x00000000174bfa60 -> L"z"
Arg[4] = 0x00007ff800001000 = 140703128621056
Arg[5] = 0x00007ff800000004 = 140703128616964
> 17357000+67e;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x00000000174bfa48 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x00000000174bfa70 -> {\x0a\x01\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff800001000 = 140703128621056
Arg[5] = 0x00007ff800000004 = 140703128616964
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x0d~\x80b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {Hw\x81b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {~y\x81b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {"{\x81b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x91|\x81b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xfd}\x81b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {f\x7f\x81b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xdb\x80\x81b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {K\x82\x81b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xb5\x83\x81b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x1e\x85\x81b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xb6E\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {KG\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {rI\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {MK\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {YM\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xf5N\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {vP\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xe1Q\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {KS\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xb2T\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x18X\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x81Y\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xebZ\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {Q\\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xfc`\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {Cc\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xb1d\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x1df\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x84g\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xe8h\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {>l\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xa6m\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x0bo\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {qp\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xd4q\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xbfs\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {Nu\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xbav\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {"x\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x8ay\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xe9|\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {R~\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xb7\x7f\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x1f\x81\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x9c\x82\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x18\x84\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x81\x85\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {^\x87\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xfc\x88\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {f\x8a\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {8\x90\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {W\x92\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xac\x94\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xb3\x96\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x19\x98\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xe2\x99\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {a\x9b\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xc8\x9c\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {G\x9e\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xad\x9f\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x00\xa4\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x17\xa6\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x7f\xa7\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xd0\xa9\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {F\xab\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x80\xae\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xcb\xb0\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {U\xb2\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xbc\xb3\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {"\xb5\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x03\xba\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {k\xbb\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xcc\xbc\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {0\xbe\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x92\xbf\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x96\xc1\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x1b\xc3\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x97\xc4\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x01\xc6\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {i\xc7\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xf0\xca\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {T\xcc\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xc8\xcd\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {2\xcf\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x98\xd0\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xfe\xd1\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xdc\xd3\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {m\xd5\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {m\xd7\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {w\xd9\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {3\xdd\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xa1\xde\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x0e\xe0\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {t\xe1\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xd6\xe2\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {<\xe5\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xd6\xe6\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {Z\xe8\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xc7\xe9\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {0\xeb\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xd1\xee\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x89\xf0\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {6\xf2\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xd2\xf3\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {Q\xf5\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xbc\xf6\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\xc4\xf8\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {7\xfa\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17357000+694;SYSCALL:0x31(NtQueryPerformanceCounter)
NtQueryPerformanceCounter:
Arg[0] = ptr 0x00000000174bf8c0 -> {\x05\xfd\x82b\x04\x00\x00\x00}
Arg[1] = 0
> 17353000+9fa;ntdll.RtlInitUnicodeString
RtlInitUnicodeString:
Arg[0] = ptr 0x00000000174bf900 -> "0AF"
Arg[1] = ptr 0x00000000174bfa08 -> L"\Registry\User\"
> 17357000+6f7;SYSCALL:0x12(NtOpenKey)
NtOpenKey:
Arg[0] = ptr 0x00000000174bf958 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = 0x0000000000000008 = 8
Arg[2] = ptr 0x00000000174bf910 -> L"0"
> 17357000+67e;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x00000000174bf960 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x00000000174bf940 -> L"|"
Arg[4] = 0x00007ff800001000 = 140703128621056
Arg[5] = 0x00007ff800000004 = 140703128616964
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x00000000000001fc = 508
Arg[1] = 0
Arg[2] = 0
Arg[3] = ptr 0x0000000017bf0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bfb08 -> {\x00\x00\xb3\x17\x00\x00\x00\x00}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x00000000000001fc = 508
Arg[1] = 0x0000000000000001 = 1
Arg[2] = 0
Arg[3] = ptr 0x0000000017bf0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bfb08 -> L" "
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x00000000000001fc = 508
Arg[1] = 0x0000000000000002 = 2
Arg[2] = 0
Arg[3] = ptr 0x0000000017bf0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bfb08 -> L" "
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x00000000000001fc = 508
Arg[1] = 0x0000000000000003 = 3
Arg[2] = 0
Arg[3] = ptr 0x0000000017bf0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bfb08 -> L" "
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x00000000000001fc = 508
Arg[1] = 0x0000000000000004 = 4
Arg[2] = 0
Arg[3] = ptr 0x0000000017bf0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bfb08 -> L"h"
> 17357000+6f7;SYSCALL:0x12(NtOpenKey)
NtOpenKey:
Arg[0] = ptr 0x00000000174bf948 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = ptr 0x00000000000f003f -> {\x00@.\x9a\x02\x00\x00\x00}
Arg[2] = ptr 0x00000000174bf910 -> L"0"
> 17357000+67e;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x00000000174bf968 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x00000000174bf8f8 -> L"|"
Arg[4] = 0x00007ff800001000 = 140703128621056
Arg[5] = 0x0000000000000004 = 4
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {F|\xa4\x96\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000001 = 1
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x12\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000002 = 2
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000003 = 3
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000004 = 4
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000005 = 5
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000006 = 6
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000007 = 7
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000008 = 8
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000009 = 9
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000000a = 10
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000000b = 11
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000000c = 12
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000000d = 13
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000000e = 14
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> L"*"
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000000f = 15
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000010 = 16
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> L"&"
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000011 = 17
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000012 = 18
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000013 = 19
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000014 = 20
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000015 = 21
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000016 = 22
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000017 = 23
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000018 = 24
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> L"Z"
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000019 = 25
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000001a = 26
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000001b = 27
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000001c = 28
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000001d = 29
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000001e = 30
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000001f = 31
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000020 = 32
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000021 = 33
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000022 = 34
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000023 = 35
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000024 = 36
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000025 = 37
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000026 = 38
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000027 = 39
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000028 = 40
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000029 = 41
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x16\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000002a = 42
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000002b = 43
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1c\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000002c = 44
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000002d = 45
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000002e = 46
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000002f = 47
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000030 = 48
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000031 = 49
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000032 = 50
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000033 = 51
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000034 = 52
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000035 = 53
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000036 = 54
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000037 = 55
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000038 = 56
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000039 = 57
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000003a = 58
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000003b = 59
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000003c = 60
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000003d = 61
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000003e = 62
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000003f = 63
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000040 = 64
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000041 = 65
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000042 = 66
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000043 = 67
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000044 = 68
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000045 = 69
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000046 = 70
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000047 = 71
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000048 = 72
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000049 = 73
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000004a = 74
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000004b = 75
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000004c = 76
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000004d = 77
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000004e = 78
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000004f = 79
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000050 = 80
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000051 = 81
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000052 = 82
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000053 = 83
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000054 = 84
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000055 = 85
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000056 = 86
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000057 = 87
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000058 = 88
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> L"N"
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000059 = 89
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000005a = 90
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> L"&"
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000005b = 91
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000005c = 92
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000005d = 93
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000005e = 94
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000005f = 95
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000060 = 96
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000061 = 97
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000062 = 98
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000063 = 99
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000064 = 100
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000065 = 101
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000066 = 102
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> L" "
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000067 = 103
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000068 = 104
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000069 = 105
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000006a = 106
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000006b = 107
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000006c = 108
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000006d = 109
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000006e = 110
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000006f = 111
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x16\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000070 = 112
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000071 = 113
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000072 = 114
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000073 = 115
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000074 = 116
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000075 = 117
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000076 = 118
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000077 = 119
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> L"0"
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000078 = 120
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000079 = 121
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000007a = 122
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000007b = 123
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000007c = 124
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000007d = 125
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000007e = 126
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1c\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000007f = 127
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000080 = 128
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000081 = 129
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000082 = 130
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x16\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000083 = 131
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000084 = 132
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000085 = 133
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000086 = 134
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000087 = 135
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000088 = 136
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> L"&"
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000089 = 137
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000008a = 138
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x16\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000008b = 139
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000008c = 140
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000008d = 141
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000008e = 142
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x000000000000008f = 143
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000090 = 144
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000091 = 145
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000092 = 146
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x18\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000093 = 147
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> L"4"
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000094 = 148
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> {\x1a\x00\x00\x00\xb2A@\x9e}
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000095 = 149
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> L"6"
> 17357000+702;SYSCALL:0x32(NtEnumerateKey)
NtEnumerateKey:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0x0000000000000096 = 150
Arg[2] = 0
Arg[3] = ptr 0x0000000017c60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff80000007c = 140703128617084
Arg[5] = ptr 0x00000000174bf980 -> L"("
> 17357000+67e;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x00000000174bfa78 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x00000000174bfa80 -> {\x90\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0x00007ff800001000 = 140703128621056
Arg[5] = 0x0000000000000004 = 4
> 17353000+df9;ntdll.RtlInitUnicodeString
RtlInitUnicodeString:
Arg[0] = ptr 0x00000000174bf900 -> U"\Registry\User\"
Arg[1] = ptr 0x0000000017c80000 -> L"AppX04g0mbrz4mkc6e879rpf6qk6te730jfv"
> 17357000+6f7;SYSCALL:0x12(NtOpenKey)
NtOpenKey:
Arg[0] = ptr 0x00000000174bf8f0 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = ptr 0x00000000000f003f -> {\x00@.\x9a\x02\x00\x00\x00}
Arg[2] = ptr 0x00000000174bf910 -> L"0"
> 17353000+e4e;ntdll.RtlInitUnicodeString
RtlInitUnicodeString:
Arg[0] = ptr 0x00000000174bf900 -> U"AppX04g0mbrz4mkc6e879rpf6qk6te730jfv"
Arg[1] = ptr 0x00000000174bf9c0 -> L"Shell"
> 17357000+6f7;SYSCALL:0x12(NtOpenKey)
NtOpenKey:
Arg[0] = ptr 0x00000000174bf8f0 -> {\x04\x02\x00\x00\x00\x00\x00\x00}
Arg[1] = ptr 0x00000000000f003f -> {\x00@.\x9a\x02\x00\x00\x00}
Arg[2] = ptr 0x00000000174bf910 -> L"0"
> 17353000+ea2;ntdll.RtlInitUnicodeString
RtlInitUnicodeString:
Arg[0] = ptr 0x00000000174bf900 -> U"Shell"
Arg[1] = ptr 0x00000000174bf9b0 -> L"Open"
> 17357000+6f7;SYSCALL:0x12(NtOpenKey)
NtOpenKey:
Arg[0] = ptr 0x00000000174bf8f0 -> {\x08\x02\x00\x00\x00\x00\x00\x00}
Arg[1] = ptr 0x00000000000f003f -> {\x00@.\x9a\x02\x00\x00\x00}
Arg[2] = ptr 0x00000000174bf910 -> L"0"
> 17353000+ef6;ntdll.RtlInitUnicodeString
RtlInitUnicodeString:
Arg[0] = ptr 0x00000000174bf900 -> U"Open"
Arg[1] = ptr 0x00000000174bf9e0 -> L"command"
> 17357000+6f7;SYSCALL:0x12(NtOpenKey)
NtOpenKey:
Arg[0] = ptr 0x00000000174bf8f0 -> {\x0c\x02\x00\x00\x00\x00\x00\x00}
Arg[1] = ptr 0x00000000000f003f -> {\x00@.\x9a\x02\x00\x00\x00}
Arg[2] = ptr 0x00000000174bf910 -> L"0"
> 17353000+f49;ntdll.RtlInitUnicodeString
RtlInitUnicodeString:
Arg[0] = ptr 0x00000000174bf900 -> U"command"
Arg[1] = ptr 0x00000000174bfaf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
> 17357000+70d;SYSCALL:0x60(NtSetValueKey)
NtSetValueKey:
Arg[0] = 0x0000000000000210 = 528
Arg[1] = ptr 0x00000000174bf900 -> {\x00\x00\x02\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = 0x0000000000000001 = 1
Arg[4] = ptr 0x0000000017bd0000 -> L"wscript.exe /B /E:VBScript.Encode ../../Users/Public/vybmaryqycp.mnxu"
Arg[5] = 0x000000000000008a = 138
> 17353000+f86;ntdll.RtlInitUnicodeString
RtlInitUnicodeString:
Arg[0] = ptr 0x00000000174bf900 -> {\x00\x00\x02\x00\x00\x00\x00\x00}
Arg[1] = ptr 0x00000000174bfa28 -> L"DelegateExecute"
> 17357000+70d;SYSCALL:0x60(NtSetValueKey)
NtSetValueKey:
Arg[0] = 0x0000000000000210 = 528
Arg[1] = ptr 0x00000000174bf900 -> U"DelegateExecute"
Arg[2] = 0
Arg[3] = 0x0000000000000001 = 1
Arg[4] = ptr 0x00000000174bfaf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[5] = 0x0000000000000004 = 4
> 17357000+6b5;SYSCALL:0xf(NtClose)
> 17357000+689;SYSCALL:0x1e(NtFreeVirtualMemory)
> 17354000+1b;ntdll.RtlInitUnicodeString
RtlInitUnicodeString:
Arg[0] = ptr 0x00000000174bf900 -> U"DelegateExecute"
Arg[1] = ptr 0x00000000174bf9f0 -> L"ms-settings"
> 17357000+718;SYSCALL:0x1d(NtCreateKey)
> 17354000+87;ntdll.RtlInitUnicodeString
RtlInitUnicodeString:
Arg[0] = ptr 0x00000000174bf900 -> U"ms-settings"
Arg[1] = ptr 0x00000000174bf9d0 -> L"CurVer"
> 17357000+718;SYSCALL:0x1d(NtCreateKey)
> 17354000+f4;ntdll.RtlInitUnicodeString
RtlInitUnicodeString:
Arg[0] = ptr 0x00000000174bf900 -> U"CurVer"
Arg[1] = ptr 0x00000000174bfaf0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
> 17357000+70d;SYSCALL:0x60(NtSetValueKey)
NtSetValueKey:
Arg[0] = 0x0000000000000214 = 532
Arg[1] = ptr 0x00000000174bf900 -> {\x00\x00\x02\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = 0x0000000000000001 = 1
Arg[4] = ptr 0x0000000017c80000 -> L"AppX04g0mbrz4mkc6e879rpf6qk6te730jfv"
Arg[5] = 0x0000000000000048 = 72
> 17357000+6b5;SYSCALL:0xf(NtClose)
> 17357000+6b5;SYSCALL:0xf(NtClose)
> 17357000+6aa;SYSCALL:0x34(NtDelayExecution)
> 17357000+67e;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x00000000174bf8c0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x00000000174bf8c8 -> L"J"
Arg[4] = 0x0df06fa200001000 = 1004425458479009792
Arg[5] = 0x3548001a00000004 = 3839318794002497540
> 17357000+6c0;SYSCALL:0x55(NtCreateFile)
NtCreateFile:
Arg[0] = ptr 0x00000000174bf8b0 -> {\xff\xff\xff\xff\xff\xff\xff\xff}
Arg[1] = ptr 0x0000000000120116 -> {\x00\x00\xf0*\x9a\x02\x00\x00}
Arg[2] = ptr 0x00000000174bf840 -> L"0"
Arg[3] = ptr 0x00000000174bf830 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[4] = 0
Arg[5] = 0x3548001a00000080 = 3839318794002497664
Arg[6] = 0x7a20201200000002 = 8800068933563449346
Arg[7] = 0x3478478a00000005 = 3780850545208590341
Arg[8] = 0x3c506e8200000020 = 4346095145037332512
Arg[9] = 0
> 17357000+6cb;SYSCALL:0x8(NtWriteFile)
NtWriteFile:
Arg[0] = 0x0000000000000200 = 512
Arg[1] = 0
Arg[2] = 0
Arg[3] = 0
Arg[4] = ptr 0x00000000174bf810 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[5] = ptr 0x000000001735cdbf -> {#@~^YQIA}
Arg[6] = 0x7a2020120000027c = 8800068933563449980
Arg[7] = 0
Arg[8] = 0
> 17357000+6b5;SYSCALL:0xf(NtClose)
> 17357000+6aa;SYSCALL:0x34(NtDelayExecution)
> 17352000+cc3;ntdll.RtlCreateProcessParametersEx
RtlCreateProcessParametersEx:
Arg[0] = ptr 0x00000000174bf8b0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = ptr 0x00000000174bf7f0 -> U"\??\C:\Windows\System32\cmd.exe"
Arg[2] = 0
Arg[3] = 0
Arg[4] = ptr 0x00000000174bf800 -> U"/c fodhelper.exe"
Arg[5] = 0
Arg[6] = 0
Arg[7] = 0
Arg[8] = 0
Arg[9] = 0
> 17357000+67e;SYSCALL:0x18(NtAllocateVirtualMemory)
NtAllocateVirtualMemory:
Arg[0] = 0xffffffffffffffff = 18446744073709551615
Arg[1] = ptr 0x00000000174bf8c0 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0
Arg[3] = ptr 0x00000000174bf8b8 -> L" "
Arg[4] = 0x0000000000001000 = 4096
Arg[5] = 0x0000000000000004 = 4
> 17357000+841;SYSCALL:0xc8(NtCreateUserProcess)
NtCreateUserProcess:
Arg[0] = ptr 0x00000000174bf810 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[1] = ptr 0x00000000174bf8c8 -> {\x00\x00\x00\x00\x00\x00\x00\x00}
Arg[2] = 0x00000000001fffff = 2097151
Arg[3] = 0x00000000001fffff = 2097151
Arg[4] = 0
Arg[5] = 0
Arg[6] = 0
Arg[7] = 0
Arg[8] = ptr 0x000000000046a610 -> {\xc8\x06\x00\x00\xc8\x06\x00\x00}
Arg[9] = ptr 0x00000000174bf820 -> L"X"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment