-
-
Save hasherezade/dcb42686e5b867529035e14add42822d to your computer and use it in GitHub Desktop.
FlareOn 8 - Task 7: trace log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 3750;section: [.text] | |
| 4118;CPUID:0 | |
| 4176;CPUID:1 | |
| 4211;CPUID:7 | |
| 4bb0;kernel32.LoadLibraryExW | |
| 4c47;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ffd42590000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x00007ffd2f89e3e8 -> "InitializeCriticalSectionEx" | |
| 4e83;kernelbase.InitializeCriticalSectionEx | |
| 4bb0;kernel32.LoadLibraryExW | |
| 4c47;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ffd42590000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x00007ffd2f89e390 -> "FlsAlloc" | |
| 4d0b;kernelbase.FlsAlloc | |
| 4c47;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ffd42590000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x00007ffd2f89e3d0 -> "FlsSetValue" | |
| 4e10;kernelbase.FlsSetValue | |
| 7424;kernel32.LoadLibraryExW | |
| 74aa;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ffd42590000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x00007ffd2f89e3e8 -> "InitializeCriticalSectionEx" | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 8c00;kernel32.GetProcessHeap | |
| 7424;kernel32.LoadLibraryExW | |
| 74aa;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ffd42590000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x00007ffd2f89e390 -> "FlsAlloc" | |
| 7568;kernelbase.FlsAlloc | |
| 7123;kernel32.GetLastError | |
| 74aa;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ffd42590000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x00007ffd2f89e3b8 -> "FlsGetValue" | |
| 7616;kernelbase.FlsGetValue | |
| 6815;ntdll.RtlAllocateHeap | |
| 74aa;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ffd42590000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x00007ffd2f89e3d0 -> "FlsSetValue" | |
| 7679;kernelbase.FlsSetValue | |
| 732a;ntdll.RtlEnterCriticalSection | |
| 737e;ntdll.RtlLeaveCriticalSection | |
| 732a;ntdll.RtlEnterCriticalSection | |
| 737e;ntdll.RtlLeaveCriticalSection | |
| 7197;kernel32.SetLastError | |
| 732a;ntdll.RtlEnterCriticalSection | |
| 732a;ntdll.RtlEnterCriticalSection | |
| 6815;ntdll.RtlAllocateHeap | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 737e;ntdll.RtlLeaveCriticalSection | |
| 8c44;kernel32.GetStartupInfoW | |
| 8d82;kernel32.GetStdHandle | |
| 8d98;kernel32.GetFileType | |
| 8d82;kernel32.GetStdHandle | |
| 8d98;kernel32.GetFileType | |
| 8d82;kernel32.GetStdHandle | |
| 8d98;kernel32.GetFileType | |
| 737e;ntdll.RtlLeaveCriticalSection | |
| 8a34;kernel32.GetCommandLineA | |
| 8a41;kernel32.GetCommandLineW | |
| 708a;kernel32.GetLastError | |
| 7616;kernelbase.FlsGetValue | |
| 70f2;kernel32.SetLastError | |
| 708a;kernel32.GetLastError | |
| 7616;kernelbase.FlsGetValue | |
| 70f2;kernel32.SetLastError | |
| 732a;ntdll.RtlEnterCriticalSection | |
| 737e;ntdll.RtlLeaveCriticalSection | |
| 81a9;kernel32.GetACP | |
| 66e6;ntdll.RtlAllocateHeap | |
| 8776;kernel32.IsValidCodePage | |
| 878b;kernel32.GetCPInfo | |
| 82ae;kernel32.GetCPInfo | |
| 9753;kernel32.MultiByteToWideChar | |
| 981c;kernel32.MultiByteToWideChar | |
| 9836;kernel32.GetStringTypeW | |
| a663;kernel32.MultiByteToWideChar | |
| a728;kernel32.MultiByteToWideChar | |
| 7424;kernel32.LoadLibraryExW | |
| 74aa;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ffd42590000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x00007ffd2f8a02f0 -> "LCMapStringEx" | |
| 77ae;kernelbase.LCMapStringEx | |
| 77ae;kernelbase.LCMapStringEx | |
| a8b8;kernel32.WideCharToMultiByte | |
| a663;kernel32.MultiByteToWideChar | |
| a728;kernel32.MultiByteToWideChar | |
| 77ae;kernelbase.LCMapStringEx | |
| 77ae;kernelbase.LCMapStringEx | |
| a8b8;kernel32.WideCharToMultiByte | |
| 732a;ntdll.RtlEnterCriticalSection | |
| 737e;ntdll.RtlLeaveCriticalSection | |
| 732a;ntdll.RtlEnterCriticalSection | |
| 66e6;ntdll.RtlAllocateHeap | |
| 737e;ntdll.RtlLeaveCriticalSection | |
| 3ebb;ntdll.RtlInitializeSListHead | |
| 732a;ntdll.RtlEnterCriticalSection | |
| 737e;ntdll.RtlLeaveCriticalSection | |
| 6815;ntdll.RtlAllocateHeap | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| 76ec;kernelbase.InitializeCriticalSectionEx | |
| c579;CPUID:1 | |
| 5ccf;kernel32.GetModuleFileNameA | |
| 6815;ntdll.RtlAllocateHeap | |
| 8a71;kernel32.GetEnvironmentStringsW | |
| 8ad3;kernel32.WideCharToMultiByte | |
| 66e6;ntdll.RtlAllocateHeap | |
| 8b0d;kernel32.WideCharToMultiByte | |
| 8b37;kernel32.FreeEnvironmentStringsW | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 6815;ntdll.RtlAllocateHeap | |
| 667e;kernel32.HeapFree | |
| 36f8;ntdll.[RtlActivateActivationContextUnsafeFast+114]* | |
| 66e6;ntdll.RtlAllocateHeap | |
| 66e6;ntdll.RtlAllocateHeap | |
| 66e6;ntdll.RtlAllocateHeap | |
| 66e6;ntdll.RtlAllocateHeap | |
| 66e6;ntdll.RtlAllocateHeap | |
| 66e6;ntdll.RtlAllocateHeap | |
| 66e6;ntdll.RtlAllocateHeap | |
| 66e6;ntdll.RtlAllocateHeap | |
| 66e6;ntdll.RtlAllocateHeap | |
| 66e6;ntdll.RtlAllocateHeap | |
| 19c7;kernel32.VirtualAlloc | |
| 1a8e;kernel32.VirtualAlloc | |
| 1b4d;kernel32.GetModuleFileNameA | |
| 1b63;kernel32.GetModuleHandleA | |
| 1ba8;kernel32.FindResourceA | |
| Arg[0] = ptr 0x00007ff6d86c0000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = 0x0000000000000080 = 128 | |
| Arg[2] = ptr 0x00000016af98f8e4 -> "PNG" | |
| 1bc5;kernel32.SizeofResource | |
| Arg[0] = ptr 0x00007ff6d86c0000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x00007ff6d86c6080 -> {\xb0`\x00\x00\xd6\x00\x00\x00} | |
| 1be2;kernel32.LoadResource | |
| 1bfc;kernel32.LockResource | |
| 1dfb;kernel32.GetCurrentProcess | |
| 1e1c;kernel32.IsWow64Process | |
| 2daf;kernel32.GetSystemTime | |
| 2e47;kernel32.GetDateFormatW | |
| 2eb5;kernel32.lstrlenA | |
| 1a1e;kernel32.SleepEx | |
| Arg[0] = 0x0000000000057e40 = 360000 | |
| Arg[1] = 0 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment