# Time of Day Thread Module API Return Value Error Duration 1 3:39:06.555 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f714, 0x0019f718, PAGE_READWRITE, 0x72f6c074 ) STATUS_SUCCESS 0.0000025 2 3:39:06.555 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f714, 0x0019f718, PAGE_WRITECOPY, 0x0019f744 ) STATUS_SUCCESS 0.0000016 3 3:39:06.555 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f71c, 0x0019f720, PAGE_READWRITE, 0x72f6c074 ) STATUS_SUCCESS 0.0000009 4 3:39:06.555 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f71c, 0x0019f720, PAGE_READWRITE, 0x0019f74c ) STATUS_SUCCESS 0.0000009 5 3:39:06.555 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f780, 0x0019f784, PAGE_READWRITE, 0x72f6c074 ) STATUS_SUCCESS 0.0000012 6 3:39:06.555 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f780, 0x0019f784, PAGE_READWRITE, 0x0019f7b4 ) STATUS_SUCCESS 0.0000012 7 3:39:06.555 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f704, 0x0019f708, PAGE_READWRITE, 0x72e3e44c ) STATUS_SUCCESS 0.0000019 8 3:39:06.555 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f704, 0x0019f708, PAGE_WRITECOPY, 0x0019f72c ) STATUS_SUCCESS 0.0000016 9 3:39:06.555 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f70c, 0x0019f710, PAGE_READWRITE, 0x72e3e44c ) STATUS_SUCCESS 0.0000006 10 3:39:06.555 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f70c, 0x0019f710, PAGE_READWRITE, 0x0019f734 ) STATUS_SUCCESS 0.0000009 11 3:39:06.555 PM 1 Xenos.exe GetProcAddress ( 0x757d0000, "InitializeCriticalSectionEx" ) 0x758a4c80 0.0000012 12 3:39:06.555 PM 1 Xenos.exe GetProcAddress ( 0x757d0000, "FlsAlloc" ) 0x758aab20 0.0000012 13 3:39:06.555 PM 1 Xenos.exe GetProcAddress ( 0x757d0000, "FlsSetValue" ) 0x758a16b0 0.0000003 14 3:39:06.555 PM 1 Xenos.exe GetProcAddress ( 0x757d0000, "InitializeCriticalSectionEx" ) 0x758a4c80 0.0000006 15 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x757d0000, "FlsAlloc" ) 0x758aab20 0.0000003 16 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x757d0000, "FlsGetValue" ) 0x75898c60 0.0000003 17 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x757d0000, "FlsSetValue" ) 0x758a16b0 0.0000003 18 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x757d0000, "LCMapStringEx" ) 0x758969e0 0.0000009 19 3:39:06.556 PM 1 Xenos.exe GetModuleHandleW ( "kernel32.dll" ) 0x74960000 0.0000016 20 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "FlsAlloc" ) 0x7497dd70 0.0000009 21 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "FlsFree" ) 0x74988870 0.0000003 22 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "FlsGetValue" ) 0x74979e90 0.0000012 23 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "FlsSetValue" ) 0x7497d1c0 0.0000006 24 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "InitializeCriticalSectionEx" ) 0x74989770 0.0000009 25 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "InitOnceExecuteOnce" ) 0x758a33a0 0.0000025 26 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "CreateEventExW" ) 0x749896d0 0.0000025 27 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "CreateSemaphoreW" ) 0x74989740 0.0000022 28 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "CreateSemaphoreExW" ) 0x74989730 0.0000009 29 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "CreateThreadpoolTimer" ) 0x7497e0d0 0.0000006 30 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "SetThreadpoolTimer" ) 0x77703730 0.0000062 31 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "WaitForThreadpoolTimerCallbacks" ) 0x776d7d80 0.0000202 32 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "CloseThreadpoolTimer" ) 0x776d5f40 0.0000053 33 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "CreateThreadpoolWait" ) 0x7497dba0 0.0000012 34 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "SetThreadpoolWait" ) 0x776d5080 0.0000040 35 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "CloseThreadpoolWait" ) 0x776ff9d0 0.0000044 36 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "FlushProcessWriteBuffers" ) 0x7770e9e0 0.0000028 37 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "FreeLibraryWhenCallbackReturns" ) 0x77703870 0.0000016 38 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "GetCurrentProcessorNumber" ) 0x77700df0 0.0000019 39 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "CreateSymbolicLinkW" ) 0x74996cb0 0.0000006 40 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "GetCurrentPackageId" ) 0x758aafa0 0.0000028 41 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "GetTickCount64" ) 0x74975d00 0.0000006 42 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "GetFileInformationByHandleEx" ) 0x74997320 0.0000009 43 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "SetFileInformationByHandle" ) 0x74989cc0 0.0000006 44 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "GetSystemTimePreciseAsFileTime" ) 0x74989d90 0.0000006 45 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "InitializeConditionVariable" ) 0x776fdd00 0.0000019 46 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "WakeConditionVariable" ) 0x77772760 0.0000025 47 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "WakeAllConditionVariable" ) 0x776fd810 0.0000016 48 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "SleepConditionVariableCS" ) 0x75924950 0.0000022 49 3:39:06.556 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "InitializeSRWLock" ) 0x776fdd00 0.0000100 50 3:39:06.557 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "AcquireSRWLockExclusive" ) 0x776dad60 0.0000028 51 3:39:06.557 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "TryAcquireSRWLockExclusive" ) 0x776c4870 0.0000019 52 3:39:06.557 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "ReleaseSRWLockExclusive" ) 0x776dabe0 0.0000019 53 3:39:06.557 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "SleepConditionVariableSRW" ) 0x759249a0 0.0000025 54 3:39:06.557 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "CreateThreadpoolWork" ) 0x74982180 0.0000006 55 3:39:06.557 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "SubmitThreadpoolWork" ) 0x776da5c0 0.0000012 56 3:39:06.557 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "CloseThreadpoolWork" ) 0x77703930 0.0000016 57 3:39:06.557 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "CompareStringEx" ) 0x74983710 0.0000006 58 3:39:06.557 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "GetLocaleInfoEx" ) 0x7497db40 0.0000009 59 3:39:06.557 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "LCMapStringEx" ) 0x7497cdb0 0.0000006 60 3:39:06.557 PM 1 Xenos.exe GetModuleHandleW ( "kernel32.dll" ) 0x74960000 0.0000012 61 3:39:06.557 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "InitializeConditionVariable" ) 0x776fdd00 0.0000016 62 3:39:06.557 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "SleepConditionVariableCS" ) 0x75924950 0.0000016 63 3:39:06.557 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "WakeAllConditionVariable" ) 0x776fd810 0.0000019 64 3:39:06.557 PM 1 KERNELBASE.dll NtQueryVirtualMemory ( GetCurrentProcess(), 0x0044ecd4, MemoryBasicInformation, 0x0019fca8, 28, 0x0019fc84 ) STATUS_SUCCESS 0.0000861 65 3:39:06.557 PM 1 KERNELBASE.dll NtQueryVirtualMemory ( GetCurrentProcess(), 0x0044ecd4, MemoryRegionInformation, 0x0019fcc4, 20, NULL ) STATUS_SUCCESS 0.0000012 66 3:39:06.557 PM 1 KERNELBASE.dll NtQueryVirtualMemory ( GetCurrentProcess(), 0x0044ecd4, MemoryMappedFilenameInformation, 0x0019fcfc, 530, NULL ) STATUS_SUCCESS 0.0000156 67 3:39:06.557 PM 1 Xenos.exe GetModuleHandleW ( "kernel32.dll" ) 0x74960000 0.0000025 68 3:39:06.557 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "QueryFullProcessImageNameW" ) 0x74998000 0.0000022 69 3:39:06.557 PM 1 KERNELBASE.dll NtQueryVirtualMemory ( GetCurrentProcess(), 0x0041209e, MemoryBasicInformation, 0x0019f6e8, 28, 0x0019f6c4 ) STATUS_SUCCESS 0.0000087 70 3:39:06.557 PM 1 KERNELBASE.dll NtQueryVirtualMemory ( GetCurrentProcess(), 0x0041209e, MemoryRegionInformation, 0x0019f704, 20, NULL ) STATUS_SUCCESS 0.0000006 71 3:39:06.557 PM 1 KERNELBASE.dll NtQueryVirtualMemory ( GetCurrentProcess(), 0x0041209e, MemoryMappedFilenameInformation, 0x0019f73c, 530, NULL ) STATUS_SUCCESS 0.0000056 72 3:39:06.557 PM 1 KERNELBASE.dll NtQueryVirtualMemory ( GetCurrentProcess(), 0x0044ecd4, MemoryBasicInformation, 0x0019f6e8, 28, 0x0019f6c4 ) STATUS_SUCCESS 0.0000034 73 3:39:06.559 PM 1 Xenos.exe VirtualProtect ( 0x0019f9a4, 18, PAGE_EXECUTE_READWRITE, 0x0019f8f8 ) TRUE 0.0000037 74 3:39:06.559 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f7d8, 0x0019f7dc, PAGE_EXECUTE_READWRITE, 0x0019f8f8 ) STATUS_SUCCESS 0.0000031 75 3:39:06.559 PM 1 Xenos.exe GetModuleHandleW ( "kernel32.dll" ) 0x74960000 0.0000019 76 3:39:06.559 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "GetProcessDEPPolicy" ) 0x74996360 0.0000025 77 3:39:06.559 PM 1 Xenos.exe GetProcAddress ( 0x75a70000, "SystemFunction036" ) 0x741d2520 0.0000037 78 3:39:06.559 PM 1 KERNELBASE.dll NtOpenThread ( 0x0019f878, SYNCHRONIZE | THREAD_GET_CONTEXT | THREAD_QUERY_INFORMATION | THREAD_SET_CONTEXT | THREAD_SUSPEND_RESUME | THREAD_TERMINATE, 0x0019f858, 0x0019f870 ) STATUS_INVALID_CID 0xc000000b = An invalid Client ID was specified. 0.0000022 79 3:39:06.559 PM 1 Xenos.exe GetModuleHandleW ( "ntdll.dll" ) 0x776a0000 0.0000012 80 3:39:06.559 PM 1 Xenos.exe GetProcAddress ( 0x776a0000, "NtOpenEvent" ) 0x7770e000 0.0000016 81 3:39:06.559 PM 1 Xenos.exe GetModuleHandleW ( "ntdll.dll" ) 0x776a0000 0.0000006 82 3:39:06.559 PM 1 Xenos.exe GetProcAddress ( 0x776a0000, "NtCreateEvent" ) 0x7770e080 0.0000009 83 3:39:06.559 PM 1 Xenos.exe GetModuleHandleW ( "ntdll.dll" ) 0x776a0000 0.0000006 84 3:39:06.559 PM 1 Xenos.exe GetProcAddress ( 0x776a0000, "RtlInitUnicodeString" ) 0x77710060 0.0000006 85 3:39:06.559 PM 1 Xenos.exe GetProcAddress ( 0x776a0000, "RtlHashUnicodeString" ) 0x776d2370 0.0000006 86 3:39:06.559 PM 1 Xenos.exe GetProcAddress ( 0x776a0000, "RtlUpcaseUnicodeChar" ) 0x776f2380 0.0000009 87 3:39:06.559 PM 1 Xenos.exe GetProcAddress ( 0x776a0000, "RtlEncodeSystemPointer" ) 0x776c5340 0.0000006 88 3:39:06.559 PM 1 Xenos.exe GetModuleHandleW ( "ntdll.dll" ) 0x776a0000 0.0000022 89 3:39:06.559 PM 1 Xenos.exe GetProcAddress ( 0x776a0000, "NtQuerySystemInformation" ) 0x7770df60 0.0000022 90 3:39:06.559 PM 1 Xenos.exe GetProcAddress ( 0x776a0000, "RtlDosApplyFileIsolationRedirection_Ustr" ) 0x776e0a40 0.0000009 91 3:39:06.559 PM 1 Xenos.exe GetProcAddress ( 0x776a0000, "RtlInitUnicodeString" ) 0x77710060 0.0000003 92 3:39:06.559 PM 1 Xenos.exe GetProcAddress ( 0x776a0000, "RtlFreeUnicodeString" ) 0x776e38a0 0.0000009 93 3:39:06.559 PM 1 Xenos.exe GetModuleHandleW ( "ntdll.dll" ) 0x776a0000 0.0000009 94 3:39:06.559 PM 1 Xenos.exe GetProcAddress ( 0x776a0000, "RtlGetVersion" ) 0x776ef360 0.0000006 95 3:39:06.561 PM 1 Xenos.exe VirtualProtect ( 0x0019fd80, 18, PAGE_EXECUTE_READWRITE, 0x0019f928 ) TRUE 0.0000056 96 3:39:06.561 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f808, 0x0019f80c, PAGE_EXECUTE_READWRITE, 0x0019f928 ) STATUS_SUCCESS 0.0000044 97 3:39:06.561 PM 1 Xenos.exe VirtualProtect ( 0x0019fdb4, 18, PAGE_EXECUTE_READWRITE, 0x0019f928 ) TRUE 0.0000016 98 3:39:06.561 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f808, 0x0019f80c, PAGE_EXECUTE_READWRITE, 0x0019f928 ) STATUS_SUCCESS 0.0000012 99 3:39:06.561 PM 1 Xenos.exe VirtualProtect ( 0x0019fde8, 18, PAGE_EXECUTE_READWRITE, 0x0019f928 ) TRUE 0.0000016 100 3:39:06.561 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f808, 0x0019f80c, PAGE_EXECUTE_READWRITE, 0x0019f928 ) STATUS_SUCCESS 0.0000012 101 3:39:06.561 PM 1 Xenos.exe VirtualProtect ( 0x0019fe1c, 18, PAGE_EXECUTE_READWRITE, 0x0019f928 ) TRUE 0.0000012 102 3:39:06.561 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f808, 0x0019f80c, PAGE_EXECUTE_READWRITE, 0x0019f928 ) STATUS_SUCCESS 0.0000012 103 3:39:06.561 PM 1 Xenos.exe VirtualProtect ( 0x0019fe50, 18, PAGE_EXECUTE_READWRITE, 0x0019f928 ) TRUE 0.0000037 104 3:39:06.561 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f808, 0x0019f80c, PAGE_EXECUTE_READWRITE, 0x0019f928 ) STATUS_SUCCESS 0.0000034 105 3:39:06.561 PM 1 Xenos.exe VirtualProtect ( 0x0019fe84, 18, PAGE_EXECUTE_READWRITE, 0x0019f928 ) TRUE 0.0000040 106 3:39:06.561 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f808, 0x0019f80c, PAGE_EXECUTE_READWRITE, 0x0019f928 ) STATUS_SUCCESS 0.0000037 107 3:39:06.561 PM 1 Xenos.exe VirtualProtect ( 0x0019feb8, 18, PAGE_EXECUTE_READWRITE, 0x0019f928 ) TRUE 0.0000025 108 3:39:06.561 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f808, 0x0019f80c, PAGE_EXECUTE_READWRITE, 0x0019f928 ) STATUS_SUCCESS 0.0000022 109 3:39:06.561 PM 1 Xenos.exe VirtualProtect ( 0x0019feec, 18, PAGE_EXECUTE_READWRITE, 0x0019f928 ) TRUE 0.0000009 110 3:39:06.561 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f808, 0x0019f80c, PAGE_EXECUTE_READWRITE, 0x0019f928 ) STATUS_SUCCESS 0.0000009 111 3:39:06.561 PM 1 Xenos.exe GetModuleHandleW ( "ntdll.dll" ) 0x776a0000 0.0000044 112 3:39:06.561 PM 1 Xenos.exe GetProcAddress ( 0x776a0000, "NtLoadDriver" ) 0x7770eb90 0.0000047 113 3:39:06.561 PM 1 Xenos.exe GetProcAddress ( 0x776a0000, "NtUnloadDriver" ) 0x7770f720 0.0000016 114 3:39:06.561 PM 1 Xenos.exe GetProcAddress ( 0x776a0000, "RtlDosPathNameToNtPathName_U" ) 0x77702100 0.0000012 115 3:39:06.561 PM 1 Xenos.exe GetProcAddress ( 0x776a0000, "RtlInitUnicodeString" ) 0x77710060 0.0000006 116 3:39:06.561 PM 1 Xenos.exe GetProcAddress ( 0x776a0000, "RtlFreeUnicodeString" ) 0x776e38a0 0.0000006 117 3:39:06.561 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "AreFileApisANSI" ) 0x74982a90 0.0000019 118 3:39:06.561 PM 1 Xenos.exe GetProcAddress ( 0x757d0000, "GetSystemTimePreciseAsFileTime" ) 0x758b80d0 0.0000019 119 3:39:06.562 PM 1 Xenos.exe GetProcAddress ( 0x757d0000, "FlsGetValue" ) 0x75898c60 0.0000047 120 3:39:06.562 PM 1 Xenos.exe VirtualProtect ( 0x0019f93c, 18, PAGE_EXECUTE_READWRITE, 0x0019f920 ) TRUE 0.0000044 121 3:39:06.562 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f800, 0x0019f804, PAGE_EXECUTE_READWRITE, 0x0019f920 ) STATUS_SUCCESS 0.0000040 122 3:39:06.563 PM 1 apphelp.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f15c, 0x0019f160, PAGE_EXECUTE_READWRITE, 0x0019f164 ) STATUS_SUCCESS 0.0000019 123 3:39:06.563 PM 1 apphelp.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019f15c, 0x0019f160, PAGE_READONLY, 0x0019f164 ) STATUS_SUCCESS 0.0000009 124 3:39:06.563 PM 1 apphelp.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec3c, 0x0019ec40, PAGE_EXECUTE_READWRITE, 0x0019ec44 ) STATUS_SUCCESS 0.0000019 125 3:39:06.563 PM 1 apphelp.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec3c, 0x0019ec40, PAGE_READONLY, 0x0019ec44 ) STATUS_SUCCESS 0.0000009 126 3:39:06.563 PM 1 apphelp.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec54, 0x0019ec58, PAGE_EXECUTE_READWRITE, 0x0019ec5c ) STATUS_SUCCESS 0.0000016 127 3:39:06.563 PM 1 apphelp.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec54, 0x0019ec58, PAGE_READWRITE, 0x0019ec5c ) STATUS_SUCCESS 0.0000009 128 3:39:06.580 PM 1 Xenos.exe GetModuleHandleW ( NULL ) 0x00400000 0.0000006 129 3:39:06.581 PM 1 Xenos.exe GetModuleHandleW ( NULL ) 0x00400000 0.0000000 130 3:39:06.581 PM 1 Xenos.exe GetModuleHandleW ( "kernel32.dll" ) 0x74960000 0.0000034 131 3:39:06.581 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "QueryFullProcessImageNameW" ) 0x74998000 0.0000037 132 3:39:06.583 PM 1 KERNEL32.DLL NtAllocateVirtualMemory ( GetCurrentProcess(), 0x0019f010, 0, 0x0019ef68, MEM_COMMIT, PAGE_READWRITE ) STATUS_SUCCESS 0.0000081 133 3:39:06.583 PM 1 KERNEL32.DLL NtFreeVirtualMemory ( GetCurrentProcess(), 0x0019f010, 0x0019ef68, MEM_RELEASE ) STATUS_SUCCESS 0.0000044 134 3:39:06.583 PM 1 KERNEL32.DLL NtAllocateVirtualMemory ( GetCurrentProcess(), 0x0019f010, 0, 0x0019ef68, MEM_COMMIT, PAGE_READWRITE ) STATUS_SUCCESS 0.0000034 135 3:39:06.584 PM 1 KERNEL32.DLL NtFreeVirtualMemory ( GetCurrentProcess(), 0x0019f010, 0x0019efc4, MEM_RELEASE ) STATUS_SUCCESS 0.0000131 136 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019ee28, 18, PAGE_EXECUTE_READWRITE, 0x0019ed80 ) TRUE 0.0000078 137 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec60, 0x0019ec64, PAGE_EXECUTE_READWRITE, 0x0019ed80 ) STATUS_SUCCESS 0.0000068 138 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019ee88, 18, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) TRUE 0.0000016 139 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec90, 0x0019ec94, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) STATUS_SUCCESS 0.0000016 140 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019eebc, 18, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) TRUE 0.0000016 141 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec90, 0x0019ec94, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) STATUS_SUCCESS 0.0000012 142 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019eef0, 18, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) TRUE 0.0000016 143 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec90, 0x0019ec94, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) STATUS_SUCCESS 0.0000012 144 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019ef24, 18, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) TRUE 0.0000012 145 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec90, 0x0019ec94, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) STATUS_SUCCESS 0.0000012 146 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019ef58, 18, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) TRUE 0.0000012 147 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec90, 0x0019ec94, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) STATUS_SUCCESS 0.0000009 148 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019ef8c, 18, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) TRUE 0.0000012 149 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec90, 0x0019ec94, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) STATUS_SUCCESS 0.0000012 150 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019efc0, 18, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) TRUE 0.0000012 151 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec90, 0x0019ec94, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) STATUS_SUCCESS 0.0000012 152 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019eff4, 18, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) TRUE 0.0000012 153 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec90, 0x0019ec94, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) STATUS_SUCCESS 0.0000012 154 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019f028, 18, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) TRUE 0.0000009 155 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec90, 0x0019ec94, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) STATUS_SUCCESS 0.0000009 156 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019f05c, 18, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) TRUE 0.0000009 157 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec90, 0x0019ec94, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) STATUS_SUCCESS 0.0000009 158 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019f090, 18, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) TRUE 0.0000009 159 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec90, 0x0019ec94, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) STATUS_SUCCESS 0.0000006 160 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019f0c4, 18, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) TRUE 0.0000006 161 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec90, 0x0019ec94, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) STATUS_SUCCESS 0.0000006 162 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019f0f8, 18, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) TRUE 0.0000009 163 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec90, 0x0019ec94, PAGE_EXECUTE_READWRITE, 0x0019edb0 ) STATUS_SUCCESS 0.0000006 164 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019f12c, 18, PAGE_EXECUTE_READWRITE, 0x0019ed88 ) TRUE 0.0000006 165 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec68, 0x0019ec6c, PAGE_EXECUTE_READWRITE, 0x0019ed88 ) STATUS_SUCCESS 0.0000006 166 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019f160, 18, PAGE_EXECUTE_READWRITE, 0x0019ed88 ) TRUE 0.0000006 167 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec68, 0x0019ec6c, PAGE_EXECUTE_READWRITE, 0x0019ed88 ) STATUS_SUCCESS 0.0000006 168 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019f194, 18, PAGE_EXECUTE_READWRITE, 0x0019ed88 ) TRUE 0.0000006 169 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec68, 0x0019ec6c, PAGE_EXECUTE_READWRITE, 0x0019ed88 ) STATUS_SUCCESS 0.0000006 170 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019f1c8, 18, PAGE_EXECUTE_READWRITE, 0x0019ed88 ) TRUE 0.0000006 171 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec68, 0x0019ec6c, PAGE_EXECUTE_READWRITE, 0x0019ed88 ) STATUS_SUCCESS 0.0000006 172 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019f1fc, 18, PAGE_EXECUTE_READWRITE, 0x0019ed88 ) TRUE 0.0000006 173 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec68, 0x0019ec6c, PAGE_EXECUTE_READWRITE, 0x0019ed88 ) STATUS_SUCCESS 0.0000006 174 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019f230, 18, PAGE_EXECUTE_READWRITE, 0x0019ed88 ) TRUE 0.0000006 175 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ec68, 0x0019ec6c, PAGE_EXECUTE_READWRITE, 0x0019ed88 ) STATUS_SUCCESS 0.0000006 176 3:39:07.880 PM 1 Xenos.exe VirtualProtect ( 0x0019ede0, 18, PAGE_EXECUTE_READWRITE, 0x0019edcc ) TRUE 0.0000016 177 3:39:07.880 PM 1 KERNELBASE.dll NtProtectVirtualMemory ( GetCurrentProcess(), 0x0019ecac, 0x0019ecb0, PAGE_EXECUTE_READWRITE, 0x0019edcc ) STATUS_SUCCESS 0.0000016 178 3:39:10.544 PM 1 Xenos.exe GetModuleHandleW ( "kernel32.dll" ) 0x74960000 0.0000053 179 3:39:10.544 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "QueryFullProcessImageNameW" ) 0x74998000 0.0000056 180 3:39:14.698 PM 1 Xenos.exe VirtualAlloc ( NULL, 293272, MEM_COMMIT, PAGE_READWRITE ) 0x031d0000 0.0000090 181 3:39:14.698 PM 1 KERNELBASE.dll NtAllocateVirtualMemory ( GetCurrentProcess(), 0x0019ecf4, 0, 0x0019ecf0, MEM_COMMIT, PAGE_READWRITE ) STATUS_SUCCESS 0.0000081 182 3:39:14.699 PM 1 Xenos.exe VirtualFree ( 0x031d0000, 0, MEM_RELEASE ) TRUE 0.0000806 183 3:39:14.699 PM 1 KERNELBASE.dll NtFreeVirtualMemory ( GetCurrentProcess(), 0x0019ecf8, 0x0019ecfc, MEM_RELEASE ) STATUS_SUCCESS 0.0000799 184 3:39:19.063 PM 1 Xenos.exe GetModuleHandleExW ( GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, "譕诬ࡍƋჿ㗨δ㌀巀ӂ唀vࡵ뷨γ謀姰ݴ땆譙廆썝譕囬痿돑蕙瓶嘇⟨ε夀욋嵞嗃v౵痿돍奙ݴ딄譙廆썝¸", 0x007bd064 ) TRUE 0.0000031 185 3:39:19.063 PM 3 Xenos.exe GetProcAddress ( 0x74a40000, "GetCurrentPackageId" ) 0x74a42f60 0.0000034 186 3:39:19.165 PM 3 Xenos.exe OpenProcess ( PROCESS_CREATE_THREAD | PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION | PROCESS_SET_QUOTA | PROCESS_SUSPEND_RESUME | PROCESS_TERMINATE | PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, FALSE, 3656 ) 0x00000278 0.0000121 187 3:39:19.165 PM 3 KERNELBASE.dll NtOpenProcess ( 0x0330f51c, PROCESS_CREATE_THREAD | PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION | PROCESS_SET_QUOTA | PROCESS_SUSPEND_RESUME | PROCESS_TERMINATE | PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, 0x0330f4fc, 0x0330f514 ) STATUS_SUCCESS 0.0000112 188 3:39:19.165 PM 3 Xenos.exe GetModuleHandleW ( "ntdll.dll" ) 0x776a0000 0.0000062 189 3:39:19.165 PM 3 Xenos.exe GetModuleHandleW ( "kernel32.dll" ) 0x74960000 0.0000009 190 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "NtQueryInformationProcess" ) 0x7770dd70 0.0000062 191 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "NtSetInformationProcess" ) 0x7770ddc0 0.0000009 192 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "NtQueryInformationThread" ) 0x7770de50 0.0000006 193 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "NtDuplicateObject" ) 0x7770dfc0 0.0000006 194 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "NtQueryObject" ) 0x7770dce0 0.0000003 195 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "NtQuerySection" ) 0x7770e110 0.0000006 196 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "RtlCreateActivationContext" ) 0x776fba10 0.0000016 197 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "NtQueryVirtualMemory" ) 0x7770de30 0.0000006 198 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "NtCreateThreadEx" ) 0x7770e760 0.0000009 199 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "NtLockVirtualMemory" ) 0x7770ec10 0.0000006 200 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "NtSuspendProcess" ) 0x7770f680 0.0000006 201 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "NtResumeProcess" ) 0x7770f280 0.0000006 202 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "RtlImageNtHeader" ) 0x776dcae0 0.0000006 203 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x74960000, "Wow64GetThreadContext" ) 0x74998db0 0.0000022 204 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x74960000, "Wow64SetThreadContext" ) 0x74998de0 0.0000006 205 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x74960000, "Wow64SuspendThread" ) 0x74998e10 0.0000006 206 3:39:19.165 PM 3 Xenos.exe GetModuleHandleW ( "Ntdll.dll" ) 0x776a0000 0.0000009 207 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "NtWow64QueryInformationProcess64" ) 0x7770f8f0 0.0000006 208 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "NtWow64AllocateVirtualMemory64" ) 0x7770f900 0.0000006 209 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "NtWow64QueryVirtualMemory64" ) NULL 127 = The specified procedure could not be found. 0.0000016 210 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "NtWow64ReadVirtualMemory64" ) 0x7770f910 0.0000003 211 3:39:19.165 PM 3 Xenos.exe GetProcAddress ( 0x776a0000, "NtWow64WriteVirtualMemory64" ) 0x7770f920 0.0000003 212 3:39:19.165 PM 3 Xenos.exe ReadProcessMemory ( 0x00000278, 0x00b5d000, 0x0330f358, 584, NULL ) TRUE 0.0000075 213 3:39:19.165 PM 3 KERNELBASE.dll NtReadVirtualMemory ( 0x00000278, 0x00b5d000, 0x0330f358, 584, 0x0330f1e0 ) STATUS_SUCCESS 0.0000068 214 3:39:19.166 PM 3 Xenos.exe GetModuleHandleW ( "ntdll.dll" ) 0x776a0000 0.0000050 215 3:39:19.169 PM 3 Xenos.exe ReadProcessMemory ( 0x00000278, 0x00b5d000, 0x0330f9e0, 584, NULL ) TRUE 0.0000040 216 3:39:19.169 PM 3 KERNELBASE.dll NtReadVirtualMemory ( 0x00000278, 0x00b5d000, 0x0330f9e0, 584, 0x0330f4dc ) STATUS_SUCCESS 0.0000034 217 3:39:19.169 PM 3 Xenos.exe ReadProcessMemory ( 0x00000278, 0x00b5d000, 0x0330f67c, 584, NULL ) TRUE 0.0000025 218 3:39:19.169 PM 3 KERNELBASE.dll NtReadVirtualMemory ( 0x00000278, 0x00b5d000, 0x0330f67c, 584, 0x0330f104 ) STATUS_SUCCESS 0.0000022 219 3:39:19.169 PM 3 Xenos.exe VirtualAllocEx ( GetCurrentProcess(), NULL, 65536, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) 0x03310000 0.0000044 220 3:39:19.169 PM 3 KERNELBASE.dll NtAllocateVirtualMemory ( GetCurrentProcess(), 0x0330f680, 0, 0x0330f684, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) STATUS_SUCCESS 0.0000044 221 3:39:19.169 PM 3 Xenos.exe GetModuleHandleW ( "kernel32.dll" ) 0x74960000 0.0000022 222 3:39:19.169 PM 3 Xenos.exe GetProcAddress ( 0x74960000, "GetThreadId" ) 0x74997660 0.0000034 223 3:39:19.169 PM 3 Xenos.exe VirtualFreeEx ( GetCurrentProcess(), 0x03310000, 0, MEM_RELEASE ) TRUE 0.0000047 224 3:39:19.169 PM 3 KERNELBASE.dll NtFreeVirtualMemory ( GetCurrentProcess(), 0x0330f71c, 0x0330f720, MEM_RELEASE ) STATUS_SUCCESS 0.0000034 225 3:39:19.170 PM 3 Xenos.exe VirtualAllocEx ( GetCurrentProcess(), NULL, 65536, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) 0x03310000 0.0000025 226 3:39:19.170 PM 3 KERNELBASE.dll NtAllocateVirtualMemory ( GetCurrentProcess(), 0x0330f49c, 0, 0x0330f4a0, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) STATUS_SUCCESS 0.0000025 227 3:39:19.170 PM 3 Xenos.exe VirtualAllocEx ( GetCurrentProcess(), NULL, 65536, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) 0x03320000 0.0000028 228 3:39:19.170 PM 3 KERNELBASE.dll NtAllocateVirtualMemory ( GetCurrentProcess(), 0x0330f164, 0, 0x0330f168, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) STATUS_SUCCESS 0.0000025 229 3:39:19.170 PM 3 Xenos.exe VirtualFreeEx ( GetCurrentProcess(), 0x03320000, 0, MEM_RELEASE ) TRUE 0.0000053 230 3:39:19.170 PM 3 KERNELBASE.dll NtFreeVirtualMemory ( GetCurrentProcess(), 0x0330f200, 0x0330f204, MEM_RELEASE ) STATUS_SUCCESS 0.0000047 231 3:39:19.170 PM 3 Xenos.exe VirtualFreeEx ( GetCurrentProcess(), 0x03310000, 0, MEM_RELEASE ) TRUE 0.0000028 232 3:39:19.170 PM 3 KERNELBASE.dll NtFreeVirtualMemory ( GetCurrentProcess(), 0x0330f540, 0x0330f544, MEM_RELEASE ) STATUS_SUCCESS 0.0000028 233 3:39:19.170 PM 3 Xenos.exe ReadProcessMemory ( 0x00000278, 0x00b5d000, 0x0330f5c4, 584, NULL ) TRUE 0.0000028 234 3:39:19.170 PM 3 KERNELBASE.dll NtReadVirtualMemory ( 0x00000278, 0x00b5d000, 0x0330f5c4, 584, 0x0330f04c ) STATUS_SUCCESS 0.0000025 235 3:39:19.171 PM 3 Xenos.exe VirtualAllocEx ( GetCurrentProcess(), NULL, 65536, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) 0x03310000 0.0000031 236 3:39:19.171 PM 3 KERNELBASE.dll NtAllocateVirtualMemory ( GetCurrentProcess(), 0x0330f5e4, 0, 0x0330f5e8, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) STATUS_SUCCESS 0.0000031 237 3:39:19.173 PM 3 Xenos.exe VirtualFreeEx ( GetCurrentProcess(), 0x03310000, 0, MEM_RELEASE ) TRUE 0.0000112 238 3:39:19.173 PM 3 KERNELBASE.dll NtFreeVirtualMemory ( GetCurrentProcess(), 0x0330f688, 0x0330f68c, MEM_RELEASE ) STATUS_SUCCESS 0.0000100 239 3:39:19.173 PM 3 Xenos.exe ReadProcessMemory ( 0x00000278, 0x00b5d000, 0x0330f358, 584, NULL ) TRUE 0.0000028 240 3:39:19.173 PM 3 KERNELBASE.dll NtReadVirtualMemory ( 0x00000278, 0x00b5d000, 0x0330f358, 584, 0x0330ede0 ) STATUS_SUCCESS 0.0000025 241 3:39:19.173 PM 3 Xenos.exe ReadProcessMemory ( 0x00000278, 0x00b5d000, 0x0330ef48, 584, NULL ) TRUE 0.0000022 242 3:39:19.173 PM 3 KERNELBASE.dll NtReadVirtualMemory ( 0x00000278, 0x00b5d000, 0x0330ef48, 584, 0x0330e9d0 ) STATUS_SUCCESS 0.0000022 243 3:39:19.173 PM 3 Xenos.exe VirtualAllocEx ( GetCurrentProcess(), NULL, 65536, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) 0x03310000 0.0000028 244 3:39:19.173 PM 3 KERNELBASE.dll NtAllocateVirtualMemory ( GetCurrentProcess(), 0x0330f1d8, 0, 0x0330f1dc, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) STATUS_SUCCESS 0.0000028 245 3:39:19.173 PM 3 Xenos.exe VirtualAllocEx ( GetCurrentProcess(), NULL, 65536, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) 0x03330000 0.0000022 246 3:39:19.173 PM 3 KERNELBASE.dll NtAllocateVirtualMemory ( GetCurrentProcess(), 0x0330eea0, 0, 0x0330eea4, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) STATUS_SUCCESS 0.0000022 247 3:39:19.176 PM 3 Xenos.exe VirtualFreeEx ( GetCurrentProcess(), 0x03330000, 0, MEM_RELEASE ) TRUE 0.0000059 248 3:39:19.176 PM 3 KERNELBASE.dll NtFreeVirtualMemory ( GetCurrentProcess(), 0x0330ef3c, 0x0330ef40, MEM_RELEASE ) STATUS_SUCCESS 0.0000047 249 3:39:19.176 PM 3 Xenos.exe ReadProcessMemory ( 0x00000278, 0x00b5d000, 0x0330ef0c, 584, NULL ) TRUE 0.0000050 250 3:39:19.176 PM 3 KERNELBASE.dll NtReadVirtualMemory ( 0x00000278, 0x00b5d000, 0x0330ef0c, 584, 0x0330e994 ) STATUS_SUCCESS 0.0000044 251 3:39:19.176 PM 3 Xenos.exe VirtualFreeEx ( GetCurrentProcess(), 0x03310000, 0, MEM_RELEASE ) TRUE 0.0000031 252 3:39:19.176 PM 3 KERNELBASE.dll NtFreeVirtualMemory ( GetCurrentProcess(), 0x0330f27c, 0x0330f280, MEM_RELEASE ) STATUS_SUCCESS 0.0000028 253 3:39:19.176 PM 3 Xenos.exe ReadProcessMemory ( 0x00000278, 0x00b5d000, 0x0330f358, 584, NULL ) TRUE 0.0000022 254 3:39:19.176 PM 3 KERNELBASE.dll NtReadVirtualMemory ( 0x00000278, 0x00b5d000, 0x0330f358, 584, 0x0330ede0 ) STATUS_SUCCESS 0.0000019 255 3:39:19.177 PM 3 Xenos.exe ReadProcessMemory ( 0x00000278, 0x00b5d000, 0x0330ef48, 584, NULL ) TRUE 0.0000031 256 3:39:19.177 PM 3 KERNELBASE.dll NtReadVirtualMemory ( 0x00000278, 0x00b5d000, 0x0330ef48, 584, 0x0330e9d0 ) STATUS_SUCCESS 0.0000025 257 3:39:19.177 PM 3 Xenos.exe VirtualAllocEx ( GetCurrentProcess(), NULL, 65536, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) 0x03310000 0.0000034 258 3:39:19.177 PM 3 KERNELBASE.dll NtAllocateVirtualMemory ( GetCurrentProcess(), 0x0330f1d8, 0, 0x0330f1dc, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) STATUS_SUCCESS 0.0000031 259 3:39:19.177 PM 3 Xenos.exe VirtualAllocEx ( GetCurrentProcess(), NULL, 65536, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) 0x03330000 0.0000025 260 3:39:19.177 PM 3 KERNELBASE.dll NtAllocateVirtualMemory ( GetCurrentProcess(), 0x0330eea0, 0, 0x0330eea4, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) STATUS_SUCCESS 0.0000022 261 3:39:19.177 PM 3 Xenos.exe VirtualFreeEx ( GetCurrentProcess(), 0x03330000, 0, MEM_RELEASE ) TRUE 0.0000040 262 3:39:19.177 PM 3 KERNELBASE.dll NtFreeVirtualMemory ( GetCurrentProcess(), 0x0330ef3c, 0x0330ef40, MEM_RELEASE ) STATUS_SUCCESS 0.0000034 263 3:39:19.177 PM 3 Xenos.exe ReadProcessMemory ( 0x00000278, 0x00b5d000, 0x0330ef0c, 584, NULL ) TRUE 0.0000037 264 3:39:19.177 PM 3 KERNELBASE.dll NtReadVirtualMemory ( 0x00000278, 0x00b5d000, 0x0330ef0c, 584, 0x0330e994 ) STATUS_SUCCESS 0.0000034 265 3:39:19.178 PM 3 Xenos.exe VirtualFreeEx ( GetCurrentProcess(), 0x03310000, 0, MEM_RELEASE ) TRUE 0.0000028 266 3:39:19.178 PM 3 KERNELBASE.dll NtFreeVirtualMemory ( GetCurrentProcess(), 0x0330f27c, 0x0330f280, MEM_RELEASE ) STATUS_SUCCESS 0.0000025 267 3:39:19.178 PM 3 Xenos.exe VirtualAllocEx ( GetCurrentProcess(), NULL, 65536, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) 0x03310000 0.0000059 268 3:39:19.178 PM 3 KERNELBASE.dll NtAllocateVirtualMemory ( GetCurrentProcess(), 0x0330d5c4, 0, 0x0330d5c8, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) STATUS_SUCCESS 0.0000056 269 3:39:19.180 PM 3 Xenos.exe VirtualFreeEx ( GetCurrentProcess(), 0x03310000, 0, MEM_RELEASE ) TRUE 0.0000096 270 3:39:19.180 PM 3 KERNELBASE.dll NtFreeVirtualMemory ( GetCurrentProcess(), 0x0330d668, 0x0330d66c, MEM_RELEASE ) STATUS_SUCCESS 0.0000090 271 3:39:19.180 PM 3 Xenos.exe VirtualAllocEx ( GetCurrentProcess(), NULL, 65536, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) 0x03310000 0.0000065 272 3:39:19.180 PM 3 KERNELBASE.dll NtAllocateVirtualMemory ( GetCurrentProcess(), 0x0330f61c, 0, 0x0330f620, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE ) STATUS_SUCCESS 0.0000062 273 3:39:19.873 PM 3 Xenos.exe VirtualFreeEx ( GetCurrentProcess(), 0x03310000, 0, MEM_RELEASE ) TRUE 0.0000118 274 3:39:19.873 PM 3 KERNELBASE.dll NtFreeVirtualMemory ( GetCurrentProcess(), 0x0330f6c0, 0x0330f6c4, MEM_RELEASE ) STATUS_SUCCESS 0.0000106 275 3:39:22.099 PM 1 Xenos.exe GetModuleHandleW ( "kernel32.dll" ) 0x74960000 0.0000056 276 3:39:22.099 PM 1 Xenos.exe GetProcAddress ( 0x74960000, "QueryFullProcessImageNameW" ) 0x74998000 0.0000053 277 3:39:22.107 PM 1 KERNEL32.DLL NtAllocateVirtualMemory ( GetCurrentProcess(), 0x0019f6a0, 0, 0x0019f5f8, MEM_COMMIT, PAGE_READWRITE ) STATUS_SUCCESS 0.0000467 278 3:39:22.108 PM 1 KERNEL32.DLL NtFreeVirtualMemory ( GetCurrentProcess(), 0x0019f6a0, 0x0019f5f8, MEM_RELEASE ) STATUS_SUCCESS 0.0000087 279 3:39:22.108 PM 1 KERNEL32.DLL NtAllocateVirtualMemory ( GetCurrentProcess(), 0x0019f6a0, 0, 0x0019f5f8, MEM_COMMIT, PAGE_READWRITE ) STATUS_SUCCESS 0.0000056 280 3:39:22.110 PM 1 KERNEL32.DLL NtFreeVirtualMemory ( GetCurrentProcess(), 0x0019f6a0, 0x0019f654, MEM_RELEASE ) STATUS_SUCCESS 0.0000124 281 3:39:22.211 PM 1 Xenos.exe GetModuleHandleW ( NULL ) 0x00400000 0.0000012 282 3:39:22.211 PM 1 Xenos.exe GetModuleHandleW ( NULL ) 0x00400000 0.0000000 283 3:39:22.211 PM 1 KERNELBASE.dll NtQueryVirtualMemory ( GetCurrentProcess(), 0x0044ecd4, MemoryBasicInformation, 0x0019fbe0, 28, 0x0019fbbc ) STATUS_SUCCESS 0.0000090 284 3:39:22.211 PM 1 KERNELBASE.dll NtQueryVirtualMemory ( GetCurrentProcess(), 0x0044ecd4, MemoryRegionInformation, 0x0019fbfc, 20, NULL ) STATUS_SUCCESS 0.0000006 285 3:39:22.211 PM 1 KERNELBASE.dll NtQueryVirtualMemory ( GetCurrentProcess(), 0x0044ecd4, MemoryMappedFilenameInformation, 0x0019fc34, 530, NULL ) STATUS_SUCCESS 0.0000096 286 3:39:22.211 PM 1 KERNELBASE.dll NtQueryVirtualMemory ( GetCurrentProcess(), 0x0041209e, MemoryBasicInformation, 0x0019fbe0, 28, 0x0019fbbc ) STATUS_SUCCESS 0.0000115 287 3:39:22.214 PM 1 Xenos.exe GetModuleHandleExW ( 0, "mscoree.dll", 0x0019fee0 ) FALSE 126 = The specified module could not be found. 0.0000056