NtResumeThread
|
thread_handle:
0x000000e0
suspend_count:
1
process_identifier:
4208
|
1
|
0 |
0
|
NtResumeThread
|
thread_handle:
0x00000150
suspend_count:
1
process_identifier:
4208
|
1
|
0 |
0
|
NtResumeThread
|
thread_handle:
0x00000194
suspend_count:
1
process_identifier:
4208
|
1
|
0 |
0
|
NtResumeThread
|
thread_handle:
0x00000350
suspend_count:
1
process_identifier:
4208
|
1
|
0 |
0
|
CreateProcessInternalW
|
thread_identifier:
4636
thread_handle:
0x000004f8
process_identifier:
1472
current_directory:
C:\Users\test22\AppData\Local\Temp
filepath:
C:\Users\test22\AppData\Local\Tempzi9.exe
track:
1
command_line:
"C:\Users\test22\AppData\Local\Tempzi9.exe"
filepath_r:
C:\Users\test22\AppData\Local\Tempzi9.exe
stack_pivoted:
0
creation_flags:
67634192
(CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles:
0
process_handle:
0x000004f0
|
1
|
1 |
0
|
CreateProcessInternalW
|
thread_identifier:
6692
thread_handle:
0x000000f8
process_identifier:
8324
current_directory:
filepath:
C:\Users\test22\AppData\Local\Tempzi9.exe
track:
1
command_line:
filepath_r:
C:\Users\test22\AppData\Local\Tempzi9.EXE
stack_pivoted:
0
creation_flags:
4
(CREATE_SUSPENDED)
inherit_handles:
0
process_handle:
0x00000164
|
1
|
1 |
0
|
NtUnmapViewOfSection
|
base_address:
0x793d6a79
region_size:
96313344
process_identifier:
8324
process_handle:
0x00000164
|
|
3221225497 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
8324
region_size:
6991872
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x793d0000
allocation_type:
12288
(MEM_COMMIT|MEM_RESERVE)
process_handle:
0x00000164
|
1
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0x793d6a79
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xf2b6afd9
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0x1ce6b02f
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xe1b6e3be
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0x797e361a
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xba090bb9
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xe8e40be8
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xbce813be
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xe3e813be
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0x1fde6ab9
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xd08dd3be
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0x227c6ab9
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xa952e3e8
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0x817ea9f2
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xd69ea9d4
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0x1ab6dfd6
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xf2e113ee
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xc286b3c2
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xf67c6ad6
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xf2b6df81
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xba7d0e22
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xf2b6dfb8
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xb85fdee8
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xd77e9dd8
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0x4cdfa9c9
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xba7ce3f2
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0x1b45abb8
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0x8634135f
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xbae40b81
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xeee40bb8
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xeee40bb8
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0x1be63e1b
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xbce813de
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xf23dab44
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0x1a45abb8
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xca3d6a7d
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0x1fde72ba
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xb8b6e3bc
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xba9ac5d7
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xba7ce3f2
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xde8ec079
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|
WriteProcessMemory
|
buffer:
base_address:
0xde49dff2
process_identifier:
8324
process_handle:
0x00000164
|
|
0 |
0
|