Created
April 10, 2025 16:19
-
-
Save joshfinley/85b2c37132bbe6c9f86147d93b661e98 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0:008> g | |
| '=== NtTerminateThread Called ===' | |
| Debug session time: Thu Apr 10 09:17:36.486 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:20.512 | |
| Process Uptime: 0 days 0:13:43.946 | |
| Kernel time: 0 days 0:00:11.750 | |
| User time: 0 days 0:03:18.703 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.414 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.440 | |
| Process Uptime: 0 days 0:13:53.874 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.562 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.422 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.448 | |
| Process Uptime: 0 days 0:13:53.882 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.562 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtAllocateVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.431 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.457 | |
| Process Uptime: 0 days 0:13:53.890 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.562 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtAllocateVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.448 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.474 | |
| Process Uptime: 0 days 0:13:53.907 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.562 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtFreeVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.458 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.484 | |
| Process Uptime: 0 days 0:13:53.917 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtFreeVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.473 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.499 | |
| Process Uptime: 0 days 0:13:53.932 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.483 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.509 | |
| Process Uptime: 0 days 0:13:53.942 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.492 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.518 | |
| Process Uptime: 0 days 0:13:53.951 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.503 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.529 | |
| Process Uptime: 0 days 0:13:53.962 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.512 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.538 | |
| Process Uptime: 0 days 0:13:53.971 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.526 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.552 | |
| Process Uptime: 0 days 0:13:53.985 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.534 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.560 | |
| Process Uptime: 0 days 0:13:53.993 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.543 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.568 | |
| Process Uptime: 0 days 0:13:54.002 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.551 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.577 | |
| Process Uptime: 0 days 0:13:54.010 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.558 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.584 | |
| Process Uptime: 0 days 0:13:54.018 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.572 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.598 | |
| Process Uptime: 0 days 0:13:54.031 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.579 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.605 | |
| Process Uptime: 0 days 0:13:54.039 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.588 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.614 | |
| Process Uptime: 0 days 0:13:54.047 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.597 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.623 | |
| Process Uptime: 0 days 0:13:54.057 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.613 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.639 | |
| Process Uptime: 0 days 0:13:54.072 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.622 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.648 | |
| Process Uptime: 0 days 0:13:54.082 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.631 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.657 | |
| Process Uptime: 0 days 0:13:54.090 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.639 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.665 | |
| Process Uptime: 0 days 0:13:54.098 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.649 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.675 | |
| Process Uptime: 0 days 0:13:54.108 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.658 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.684 | |
| Process Uptime: 0 days 0:13:54.117 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.666 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.692 | |
| Process Uptime: 0 days 0:13:54.125 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.674 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.700 | |
| Process Uptime: 0 days 0:13:54.134 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.682 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.708 | |
| Process Uptime: 0 days 0:13:54.142 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.691 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.717 | |
| Process Uptime: 0 days 0:13:54.150 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.699 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.725 | |
| Process Uptime: 0 days 0:13:54.158 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.709 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.735 | |
| Process Uptime: 0 days 0:13:54.168 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.717 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.743 | |
| Process Uptime: 0 days 0:13:54.176 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.726 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.752 | |
| Process Uptime: 0 days 0:13:54.186 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.735 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.761 | |
| Process Uptime: 0 days 0:13:54.194 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.745 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.771 | |
| Process Uptime: 0 days 0:13:54.204 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.753 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.779 | |
| Process Uptime: 0 days 0:13:54.212 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.762 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.788 | |
| Process Uptime: 0 days 0:13:54.221 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.772 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.798 | |
| Process Uptime: 0 days 0:13:54.231 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.781 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.807 | |
| Process Uptime: 0 days 0:13:54.240 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.787 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.813 | |
| Process Uptime: 0 days 0:13:54.246 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.795 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.821 | |
| Process Uptime: 0 days 0:13:54.255 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.806 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.832 | |
| Process Uptime: 0 days 0:13:54.265 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.814 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.840 | |
| Process Uptime: 0 days 0:13:54.273 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.821 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.847 | |
| Process Uptime: 0 days 0:13:54.280 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.829 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.855 | |
| Process Uptime: 0 days 0:13:54.289 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.839 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.865 | |
| Process Uptime: 0 days 0:13:54.298 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.848 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.874 | |
| Process Uptime: 0 days 0:13:54.307 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.856 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.882 | |
| Process Uptime: 0 days 0:13:54.315 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.864 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.890 | |
| Process Uptime: 0 days 0:13:54.324 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.872 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.898 | |
| Process Uptime: 0 days 0:13:54.331 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.880 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.906 | |
| Process Uptime: 0 days 0:13:54.339 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtCreateFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.888 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.914 | |
| Process Uptime: 0 days 0:13:54.348 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.898 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.924 | |
| Process Uptime: 0 days 0:13:54.357 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.908 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.934 | |
| Process Uptime: 0 days 0:13:54.367 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.918 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.944 | |
| Process Uptime: 0 days 0:13:54.377 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.925 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.951 | |
| Process Uptime: 0 days 0:13:54.386 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.936 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.962 | |
| Process Uptime: 0 days 0:13:54.395 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.944 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.970 | |
| Process Uptime: 0 days 0:13:54.403 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.951 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.977 | |
| Process Uptime: 0 days 0:13:54.410 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.961 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.987 | |
| Process Uptime: 0 days 0:13:54.420 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.970 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:30.996 | |
| Process Uptime: 0 days 0:13:54.429 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.982 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.008 | |
| Process Uptime: 0 days 0:13:54.441 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:46.996 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.022 | |
| Process Uptime: 0 days 0:13:54.455 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.003 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.029 | |
| Process Uptime: 0 days 0:13:54.462 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.010 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.036 | |
| Process Uptime: 0 days 0:13:54.470 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.019 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.045 | |
| Process Uptime: 0 days 0:13:54.478 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.027 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.053 | |
| Process Uptime: 0 days 0:13:54.486 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.040 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.066 | |
| Process Uptime: 0 days 0:13:54.499 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.050 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.076 | |
| Process Uptime: 0 days 0:13:54.509 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.062 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.088 | |
| Process Uptime: 0 days 0:13:54.521 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.070 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.096 | |
| Process Uptime: 0 days 0:13:54.529 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.578 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.081 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.107 | |
| Process Uptime: 0 days 0:13:54.540 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.089 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.115 | |
| Process Uptime: 0 days 0:13:54.548 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.099 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.125 | |
| Process Uptime: 0 days 0:13:54.558 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.106 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.132 | |
| Process Uptime: 0 days 0:13:54.566 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.115 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.141 | |
| Process Uptime: 0 days 0:13:54.574 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.123 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.149 | |
| Process Uptime: 0 days 0:13:54.582 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtAllocateVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.130 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.157 | |
| Process Uptime: 0 days 0:13:54.590 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.141 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.167 | |
| Process Uptime: 0 days 0:13:54.600 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.150 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.176 | |
| Process Uptime: 0 days 0:13:54.609 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.157 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.183 | |
| Process Uptime: 0 days 0:13:54.616 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.166 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.192 | |
| Process Uptime: 0 days 0:13:54.625 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.174 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.200 | |
| Process Uptime: 0 days 0:13:54.633 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.181 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.207 | |
| Process Uptime: 0 days 0:13:54.640 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.191 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.217 | |
| Process Uptime: 0 days 0:13:54.650 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.201 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.227 | |
| Process Uptime: 0 days 0:13:54.660 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.210 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.235 | |
| Process Uptime: 0 days 0:13:54.669 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.218 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.244 | |
| Process Uptime: 0 days 0:13:54.677 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.230 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.256 | |
| Process Uptime: 0 days 0:13:54.689 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.239 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.265 | |
| Process Uptime: 0 days 0:13:54.698 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.249 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.275 | |
| Process Uptime: 0 days 0:13:54.708 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryValueKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.257 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.283 | |
| Process Uptime: 0 days 0:13:54.716 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.263 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.289 | |
| Process Uptime: 0 days 0:13:54.723 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.273 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.299 | |
| Process Uptime: 0 days 0:13:54.732 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.282 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.308 | |
| Process Uptime: 0 days 0:13:54.741 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.289 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.315 | |
| Process Uptime: 0 days 0:13:54.749 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueryKey Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.297 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.323 | |
| Process Uptime: 0 days 0:13:54.756 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenKeyEx Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.305 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.331 | |
| Process Uptime: 0 days 0:13:54.764 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.314 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.340 | |
| Process Uptime: 0 days 0:13:54.773 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.322 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.348 | |
| Process Uptime: 0 days 0:13:54.781 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.593 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.330 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.356 | |
| Process Uptime: 0 days 0:13:54.789 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtCreateFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.337 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.363 | |
| Process Uptime: 0 days 0:13:54.796 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.346 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.372 | |
| Process Uptime: 0 days 0:13:54.806 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.354 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.380 | |
| Process Uptime: 0 days 0:13:54.813 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtSetInformationFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.362 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.388 | |
| Process Uptime: 0 days 0:13:54.821 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtSetInformationFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.370 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.396 | |
| Process Uptime: 0 days 0:13:54.829 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.377 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.403 | |
| Process Uptime: 0 days 0:13:54.836 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWaitForSingleObject Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.385 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.411 | |
| Process Uptime: 0 days 0:13:54.844 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.396 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.422 | |
| Process Uptime: 0 days 0:13:54.855 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.403 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.429 | |
| Process Uptime: 0 days 0:13:54.862 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.413 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.439 | |
| Process Uptime: 0 days 0:13:54.872 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.421 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.447 | |
| Process Uptime: 0 days 0:13:54.880 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.430 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.456 | |
| Process Uptime: 0 days 0:13:54.889 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.439 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.465 | |
| Process Uptime: 0 days 0:13:54.898 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.446 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.473 | |
| Process Uptime: 0 days 0:13:54.906 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.456 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.482 | |
| Process Uptime: 0 days 0:13:54.915 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.468 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.494 | |
| Process Uptime: 0 days 0:13:54.927 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.481 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.507 | |
| Process Uptime: 0 days 0:13:54.940 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.490 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.516 | |
| Process Uptime: 0 days 0:13:54.949 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.499 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.525 | |
| Process Uptime: 0 days 0:13:54.958 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.507 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.533 | |
| Process Uptime: 0 days 0:13:54.966 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.515 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.541 | |
| Process Uptime: 0 days 0:13:54.974 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.524 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.550 | |
| Process Uptime: 0 days 0:13:54.983 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.531 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.557 | |
| Process Uptime: 0 days 0:13:54.990 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.539 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.565 | |
| Process Uptime: 0 days 0:13:54.999 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.548 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.573 | |
| Process Uptime: 0 days 0:13:55.007 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtFreeVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.563 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.589 | |
| Process Uptime: 0 days 0:13:55.022 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtFreeVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.571 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.597 | |
| Process Uptime: 0 days 0:13:55.030 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtAllocateVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.580 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.606 | |
| Process Uptime: 0 days 0:13:55.040 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.591 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.617 | |
| Process Uptime: 0 days 0:13:55.050 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDeviceIoControlFile Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.599 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.625 | |
| Process Uptime: 0 days 0:13:55.058 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.609 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.635 | |
| Process Uptime: 0 days 0:13:55.068 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.618 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.644 | |
| Process Uptime: 0 days 0:13:55.077 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtClose Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.625 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.651 | |
| Process Uptime: 0 days 0:13:55.084 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtAllocateVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.634 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.660 | |
| Process Uptime: 0 days 0:13:55.094 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtFreeVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.651 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.677 | |
| Process Uptime: 0 days 0:13:55.110 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtFreeVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.663 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.689 | |
| Process Uptime: 0 days 0:13:55.122 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtDelayExecution Called ===' | |
| Debug session time: Thu Apr 10 09:17:47.677 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:44:31.703 | |
| Process Uptime: 0 days 0:13:55.136 | |
| Kernel time: 0 days 0:00:12.203 | |
| User time: 0 days 0:03:26.625 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| (5c84.58e0): Break instruction exception - code 80000003 (first chance) | |
| ntdll!DbgBreakPoint: | |
| 00007ffb`0b1fdd10 cc |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment