Created
April 21, 2023 08:43
-
-
Save nyck33/1cd875346f864fd94e166be755646183 to your computer and use it in GitHub Desktop.
malware call trace example to be used as input sample for malheur
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NtOpenKey; | |
| NtOpenKey; | |
| NtAllocateVirtualMemory; | |
| NtAllocateVirtualMemory; | |
| LdrLoadDll; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrLoadDll; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrLoadDll; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| GetSystemInfo; | |
| NtQuerySystemInformation; | |
| NtAllocateVirtualMemory; | |
| NtAllocateVirtualMemory; | |
| LdrLoadDll; | |
| LdrGetProcedureAddress; | |
| NtAllocateVirtualMemory; | |
| NtOpenKey; | |
| NtQueryValueKey; | |
| NtQueryValueKey; | |
| NtClose; | |
| NtOpenKey; | |
| NtQueryValueKey; | |
| NtClose; | |
| NtOpenKey; | |
| NtOpenKey; | |
| NtOpenFile; | |
| DeviceIoControl; | |
| GetSystemInfo; | |
| NtOpenKey; | |
| NtQueryValueKey; | |
| NtClose; | |
| NtOpenKey; | |
| NtQueryValueKey; | |
| NtClose; | |
| NtAllocateVirtualMemory; | |
| GetSystemInfo; | |
| GetSystemInfo; | |
| NtOpenKey; | |
| NtQueryValueKey; | |
| NtOpenKey; | |
| NtOpenKey; | |
| NtAllocateVirtualMemory; | |
| NtAllocateVirtualMemory; | |
| LdrLoadDll; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrLoadDll; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrLoadDll; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| GetSystemInfo; | |
| NtQuerySystemInformation; | |
| NtAllocateVirtualMemory; | |
| NtAllocateVirtualMemory; | |
| LdrLoadDll; | |
| LdrGetProcedureAddress; | |
| NtAllocateVirtualMemory; | |
| NtOpenKey; | |
| NtQueryValueKey; | |
| NtQueryValueKey; | |
| NtClose; | |
| NtOpenKey; | |
| NtQueryValueKey; | |
| NtClose; | |
| NtOpenKey; | |
| NtOpenKey; | |
| NtOpenFile; | |
| NtOpenKey; | |
| NtOpenKey; | |
| NtAllocateVirtualMemory; | |
| NtAllocateVirtualMemory; | |
| LdrLoadDll; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrLoadDll; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrLoadDll; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| GetSystemInfo; | |
| NtQuerySystemInformation; | |
| NtAllocateVirtualMemory; | |
| NtAllocateVirtualMemory; | |
| LdrLoadDll; | |
| LdrGetProcedureAddress; | |
| NtAllocateVirtualMemory; | |
| NtOpenKey; | |
| NtQueryValueKey; | |
| NtQueryValueKey; | |
| NtClose; | |
| NtOpenKey; | |
| NtQueryValueKey; | |
| NtClose; | |
| NtOpenKey; | |
| NtOpenKey; | |
| NtOpenFile; | |
| DeviceIoControl; | |
| GetSystemInfo; | |
| NtOpenKey; | |
| NtQueryValueKey; | |
| NtClose; | |
| NtOpenKey; | |
| NtQueryValueKey; | |
| NtClose; | |
| GetSystemInfo; | |
| NtAllocateVirtualMemory; | |
| NtOpenKey; | |
| NtOpenKey; | |
| NtAllocateVirtualMemory; | |
| NtAllocateVirtualMemory; | |
| LdrLoadDll; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrLoadDll; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrLoadDll; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| LdrGetProcedureAddress; | |
| GetSystemInfo; | |
| NtQuerySystemInformation; | |
| NtAllocateVirtualMemory; | |
| NtAllocateVirtualMemory; | |
| LdrLoadDll; | |
| LdrGetProcedureAddress; | |
| NtAllocateVirtualMemory; | |
| NtOpenKey; | |
| NtQueryValueKey; | |
| NtQueryValueKey; | |
| NtClose; | |
| NtOpenKey; | |
| NtQueryValueKey; | |
| NtClose; | |
| NtOpenKey; | |
| NtOpenKey; | |
| NtOpenFile; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment