Created
April 10, 2025 16:38
-
-
Save joshfinley/f636ddc7ff93457af669c9db358cfe40 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| '=== NtOpenProcess Called ===' | |
| Debug session time: Thu Apr 10 09:37:34.366 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:04:18.392 | |
| Process Uptime: 0 days 1:14:12.282 | |
| Kernel time: 0 days 0:00:39.859 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtAllocateVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:37:34.373 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:04:18.399 | |
| Process Uptime: 0 days 1:14:12.288 | |
| Kernel time: 0 days 0:00:39.859 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWriteVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:37:34.379 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:04:18.405 | |
| Process Uptime: 0 days 1:14:12.294 | |
| Kernel time: 0 days 0:00:39.859 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtCreateThreadEx Called ===' | |
| Debug session time: Thu Apr 10 09:37:34.386 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:04:18.412 | |
| Process Uptime: 0 days 1:14:12.302 | |
| Kernel time: 0 days 0:00:39.859 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtResumeThread Called ===' | |
| Debug session time: Thu Apr 10 09:37:34.395 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:04:18.421 | |
| Process Uptime: 0 days 1:14:12.311 | |
| Kernel time: 0 days 0:00:39.859 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtTerminateThread Called ===' | |
| Debug session time: Thu Apr 10 09:37:34.413 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:04:18.439 | |
| Process Uptime: 0 days 1:14:12.328 | |
| Kernel time: 0 days 0:00:39.859 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtReadVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:37:34.421 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:04:18.447 | |
| Process Uptime: 0 days 1:14:12.337 | |
| Kernel time: 0 days 0:00:39.859 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtReadVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:37:34.430 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:04:18.456 | |
| Process Uptime: 0 days 1:14:12.346 | |
| Kernel time: 0 days 0:00:39.859 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtReadVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:37:34.437 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:04:18.463 | |
| Process Uptime: 0 days 1:14:12.352 | |
| Kernel time: 0 days 0:00:39.859 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenProcess Called ===' | |
| Debug session time: Thu Apr 10 09:37:34.443 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:04:18.469 | |
| Process Uptime: 0 days 1:14:12.359 | |
| Kernel time: 0 days 0:00:39.859 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtOpenProcess Called ===' | |
| Debug session time: Thu Apr 10 09:37:34.449 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:04:18.475 | |
| Process Uptime: 0 days 1:14:12.365 | |
| Kernel time: 0 days 0:00:39.859 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtCreateThreadEx Called ===' | |
| Debug session time: Thu Apr 10 09:37:34.459 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:04:18.485 | |
| Process Uptime: 0 days 1:14:12.374 | |
| Kernel time: 0 days 0:00:39.859 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtWriteVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 09:37:34.470 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:04:18.496 | |
| Process Uptime: 0 days 1:14:12.386 | |
| Kernel time: 0 days 0:00:39.859 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtQueueApcThread Called ===' | |
| Debug session time: Thu Apr 10 09:37:34.477 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:04:18.503 | |
| Process Uptime: 0 days 1:14:12.393 | |
| Kernel time: 0 days 0:00:39.859 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' | |
| '=== NtResumeThread Called ===' | |
| Debug session time: Thu Apr 10 09:37:34.483 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:04:18.509 | |
| Process Uptime: 0 days 1:14:12.398 | |
| Kernel time: 0 days 0:00:39.859 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 | |
| 'Stack[0]: ' + poi(@rsp+0x28) | |
| 'Stack[1]: ' + poi(@rsp+0x30) | |
| 'Stack[2]: ' + poi(@rsp+0x38) | |
| 'Stack[3]: ' + poi(@rsp+0x40) | |
| '' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment