-
-
Save hasherezade/aa969e7c431023afabffef9f881616c2 to your computer and use it in GitHub Desktop.
Tracelog of Magniber ransomware
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| f069;section: [.swicc] | |
| ef24;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| 10c4;called: ?? [14bd0000+0] | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14be0000+8;SYSCALL:0x36(NtQuerySystemInformation) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14be0000+8;SYSCALL:0x36(NtQuerySystemInformation) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14c90000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14cd0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14cf0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14d30000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14d70000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14d80000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14d90000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14da0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14db0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14dc0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14dd0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14de0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14df0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14e00000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14e10000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14e20000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14e30000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14e40000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14e50000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14e60000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14e70000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14e80000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14e90000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14ea0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14eb0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14ec0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14ed0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14ee0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14ef0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14f00000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14f10000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14f20000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14f30000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14f40000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14f50000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14f60000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14f70000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14f80000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14f90000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14fa0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14fb0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14fc0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14fd0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14fe0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14ff0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15000000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15010000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15020000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15030000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15040000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15050000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15060000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15070000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15080000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15090000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 150a0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 150b0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 150c0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 150d0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 150e0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 150f0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15100000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15110000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15130000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15140000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15150000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15160000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15170000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15180000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15190000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 151a0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 151b0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 151c0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 151d0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 151e0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 151f0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15200000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15210000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15220000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15230000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15240000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15250000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15260000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15270000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15280000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15290000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 152a0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 152b0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 152c0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 152d0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 152e0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 152f0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15300000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15310000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15320000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15330000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15350000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15360000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15370000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15380000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15390000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 153a0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 153b0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 153c0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 153d0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 153e0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 153f0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15400000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15410000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15420000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15430000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15440000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15450000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15460000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15470000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15490000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 154a0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 154b0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 154c0000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 154d0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 154e0000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 154f0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15500000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15510000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15530000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15540000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15550000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15560000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 155a0000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 155e0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15620000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15660000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 156a0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 156e0000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15720000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15760000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 157a0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 157e0000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15820000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15830000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15840000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15850000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15860000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15870000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15880000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15890000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 158a0000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 158b0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 158c0000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 158d0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 158e0000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 158f0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15900000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15910000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15920000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15930000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15940000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15950000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15960000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15970000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15980000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15990000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 159a0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 159b0000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 159c0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 159d0000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 159e0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 159f0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15a10000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15a20000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15a30000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15a40000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15a50000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15a60000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15a70000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15a80000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15a90000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15aa0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15ab0000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15ac0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15ad0000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15ae0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15af0000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15b00000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15b10000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15b20000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15b30000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15b40000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15b50000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15b60000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15b70000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15b80000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15b90000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15ba0000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15bb0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15bc0000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15bd0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15be0000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15bf0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15c00000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15c10000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15c20000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15c30000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15c40000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15c50000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15c60000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15c70000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15c80000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15c90000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15ca0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15cb0000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15cc0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15cd0000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15ce0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15cf0000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15d00000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15d10000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15d20000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15d30000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15d40000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15d50000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15d60000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15d70000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15d80000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15d90000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15da0000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15db0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15dc0000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15dd0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15de0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15df0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15e00000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15e10000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15e20000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15e30000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15e40000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15e50000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15e60000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15e70000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15e80000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15e90000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15ea0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15eb0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15ec0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15ed0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15ee0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15ef0000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15f00000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15f10000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15f20000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15f30000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15f40000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15f50000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15f60000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15f70000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15f80000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15f90000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15fa0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15fb0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15fc0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15fd0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15fe0000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 15ff0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16000000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16010000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16020000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16030000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16040000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16050000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16060000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16070000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16080000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16090000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 160a0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 160c0000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 160d0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 160e0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 160f0000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16100000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16110000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16120000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16130000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16140000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16150000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16160000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16170000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16180000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16190000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 161a0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 161b0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 161c0000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 161d0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 161e0000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 161f0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16200000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16220000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16230000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16240000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16250000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16260000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16270000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16280000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16290000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 162a0000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 162b0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 162c0000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 162d0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 162e0000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 162f0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16300000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16310000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16320000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16330000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16350000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16360000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16370000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16380000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16390000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 163a0000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 163b0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 163c0000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 163d0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 163e0000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 163f0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16400000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16410000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16420000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16430000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16440000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16450000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16460000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16470000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16480000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16490000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 164a0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 164b0000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 164c0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 164d0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 164f0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16500000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16510000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16520000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16530000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16540000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16550000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16560000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16570000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16580000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16590000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 165a0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 165b0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 165c0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 165d0000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 165e0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 165f0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16600000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16610000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16620000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16630000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16640000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16650000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16660000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16670000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16680000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16690000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 166a0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 166b0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 166c0000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 166d0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 166e0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 166f0000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16700000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16710000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16720000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16730000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16740000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16750000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16760000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16770000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16780000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16790000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 167a0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 167b0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 167c0000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 167d0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 167e0000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 167f0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16800000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16810000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16820000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16830000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16840000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16850000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16860000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16870000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16880000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16890000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 168a0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 168b0000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 168c0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 168d0000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 168e0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 168f0000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16900000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16910000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16920000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16930000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16940000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16950000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16960000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16970000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16980000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16990000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 169a0000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 169b0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 169c0000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 169d0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 169e0000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 169f0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16a00000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16a10000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16a20000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16a30000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16a40000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16a50000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16a60000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16a70000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16a80000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16a90000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16aa0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16ab0000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16ac0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16ad0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16ae0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16af0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16b00000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16b10000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16b20000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16b30000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16b40000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16b50000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16b60000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16b70000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16b80000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16b90000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16ba0000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16bb0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16bc0000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16bd0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16be0000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16bf0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16c00000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16c10000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16c20000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16c30000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16c40000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16c50000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16c60000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16c70000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16c80000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16c90000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16ca0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16cb0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16cc0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16cd0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16ce0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16cf0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16d00000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16d10000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16d20000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16d30000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16d40000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16d50000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16d60000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16d70000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16d80000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16da0000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16db0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16dc0000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16dd0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16de0000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16df0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16e00000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16e10000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16e20000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16e40000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16e50000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16e60000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16e70000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16e80000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16e90000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16ea0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16eb0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16ec0000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16ed0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16ee0000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16ef0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16f00000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16f10000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16f20000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16f30000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16f40000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16f50000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16f60000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16f70000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16f80000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16f90000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16fa0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16fb0000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16fc0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16fd0000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16fe0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 16ff0000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17000000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17010000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17020000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17030000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17040000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17050000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17060000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17070000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17080000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17090000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170b0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170d0000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170e0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17100000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17110000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17120000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17130000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17140000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17150000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17260000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17270000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 174a0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+6aa;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17530000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17540000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17550000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17560000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17570000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17580000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17590000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 175a0000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 175b0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 175c0000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 175d0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 175e0000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 175f0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17600000+8;SYSCALL:0x26(NtOpenProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17610000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17620000+8;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17630000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17640000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17650000+8;SYSCALL:0x3a(NtWriteVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17660000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17670000+8;SYSCALL:0x50(NtProtectVirtualMemory) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17680000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 17690000+8;SYSCALL:0xc1(NtCreateThreadEx) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 176a0000+8;SYSCALL:0x34(NtDelayExecution) | |
| > 14bd0000+4ee;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 176b0000+8;SYSCALL:0x52(NtResumeThread) | |
| > 14bd0000+4e5;magni1.[.swicc+c6]* | |
| f083;kernel32.[BaseThreadInitThunk+14]* | |
| > 170f7000+69f;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 170f7000+67e;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170f7000+6d6;SYSCALL:0x33(NtOpenFile) | |
| > 170f7000+723;SYSCALL:0x49(NtQueryVolumeInformationFile) | |
| > 170f7000+723;SYSCALL:0x49(NtQueryVolumeInformationFile) | |
| > 170f7000+6b5;SYSCALL:0xf(NtClose) | |
| > 170f7000+689;SYSCALL:0x1e(NtFreeVirtualMemory) | |
| > 170f7000+67e;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170f7000+6d6;SYSCALL:0x33(NtOpenFile) | |
| > 170f7000+723;SYSCALL:0x49(NtQueryVolumeInformationFile) | |
| > 170f7000+67e;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170f7000+6d6;SYSCALL:0x33(NtOpenFile) | |
| > 170f7000+723;SYSCALL:0x49(NtQueryVolumeInformationFile) | |
| > 170f7000+723;SYSCALL:0x49(NtQueryVolumeInformationFile) | |
| > 170f7000+6b5;SYSCALL:0xf(NtClose) | |
| > 170f7000+689;SYSCALL:0x1e(NtFreeVirtualMemory) | |
| > 170f7000+69f;SYSCALL:0x19(NtQueryInformationProcess) | |
| > 170f7000+67e;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170f7000+6d6;SYSCALL:0x33(NtOpenFile) | |
| > 170f7000+723;SYSCALL:0x49(NtQueryVolumeInformationFile) | |
| > 170f7000+723;SYSCALL:0x49(NtQueryVolumeInformationFile) | |
| > 170f7000+6b5;SYSCALL:0xf(NtClose) | |
| > 170f7000+689;SYSCALL:0x1e(NtFreeVirtualMemory) | |
| > 170f7000+67e;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170f7000+6d6;SYSCALL:0x33(NtOpenFile) | |
| > 170f7000+723;SYSCALL:0x49(NtQueryVolumeInformationFile) | |
| > 170f7000+67e;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170f7000+6d6;SYSCALL:0x33(NtOpenFile) | |
| > 170f7000+723;SYSCALL:0x49(NtQueryVolumeInformationFile) | |
| > 170f7000+723;SYSCALL:0x49(NtQueryVolumeInformationFile) | |
| > 170f7000+6b5;SYSCALL:0xf(NtClose) | |
| > 170f7000+689;SYSCALL:0x1e(NtFreeVirtualMemory) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+67e;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170f7000+6c0;SYSCALL:0x55(NtCreateFile) | |
| > 170f7000+689;SYSCALL:0x1e(NtFreeVirtualMemory) | |
| > 170f7000+67e;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170f7000+6c0;SYSCALL:0x55(NtCreateFile) | |
| > 170f7000+689;SYSCALL:0x1e(NtFreeVirtualMemory) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+67e;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170f7000+67e;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f7000+694;SYSCALL:0x31(NtQueryPerformanceCounter) | |
| > 170f3000+9fa;ntdll.RtlInitUnicodeString | |
| > 170f7000+6f7;SYSCALL:0x12(NtOpenKey) | |
| > 170f7000+67e;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+6f7;SYSCALL:0x12(NtOpenKey) | |
| > 170f7000+67e;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+702;SYSCALL:0x32(NtEnumerateKey) | |
| > 170f7000+67e;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170f3000+df9;ntdll.RtlInitUnicodeString | |
| > 170f7000+6f7;SYSCALL:0x12(NtOpenKey) | |
| > 170f3000+e4e;ntdll.RtlInitUnicodeString | |
| > 170f7000+6f7;SYSCALL:0x12(NtOpenKey) | |
| > 170f3000+ea2;ntdll.RtlInitUnicodeString | |
| > 170f7000+6f7;SYSCALL:0x12(NtOpenKey) | |
| > 170f3000+ef6;ntdll.RtlInitUnicodeString | |
| > 170f7000+6f7;SYSCALL:0x12(NtOpenKey) | |
| > 170f3000+f49;ntdll.RtlInitUnicodeString | |
| > 170f7000+70d;SYSCALL:0x60(NtSetValueKey) | |
| > 170f3000+f86;ntdll.RtlInitUnicodeString | |
| > 170f7000+70d;SYSCALL:0x60(NtSetValueKey) | |
| > 170f7000+6b5;SYSCALL:0xf(NtClose) | |
| > 170f7000+689;SYSCALL:0x1e(NtFreeVirtualMemory) | |
| > 170f4000+1b;ntdll.RtlInitUnicodeString | |
| > 170f7000+718;SYSCALL:0x1d(NtCreateKey) | |
| > 170f4000+87;ntdll.RtlInitUnicodeString | |
| > 170f7000+718;SYSCALL:0x1d(NtCreateKey) | |
| > 170f4000+f4;ntdll.RtlInitUnicodeString | |
| > 170f7000+70d;SYSCALL:0x60(NtSetValueKey) | |
| > 170f7000+6b5;SYSCALL:0xf(NtClose) | |
| > 170f7000+6b5;SYSCALL:0xf(NtClose) | |
| > 170f7000+6aa;SYSCALL:0x34(NtDelayExecution) | |
| > 170f7000+67e;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170f7000+6c0;SYSCALL:0x55(NtCreateFile) | |
| > 170f7000+6cb;SYSCALL:0x8(NtWriteFile) | |
| > 170f7000+6b5;SYSCALL:0xf(NtClose) | |
| > 170f7000+6aa;SYSCALL:0x34(NtDelayExecution) | |
| > 170f2000+cc3;ntdll.RtlCreateProcessParametersEx | |
| > 170f7000+67e;SYSCALL:0x18(NtAllocateVirtualMemory) | |
| > 170f7000+841;SYSCALL:0xc8(NtCreateUserProcess) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment