Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_00401718 Sleep,NtTerminateProcess, | 0_2_00401718 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_004012E3 NtAllocateVirtualMemory, | 0_2_004012E3 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_00401288 NtAllocateVirtualMemory,NtMapViewOfSection,NtMapViewOfSection,NtMapViewOfSection,NtMapViewOfSection, | 0_2_00401288 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_004016B6 Sleep,NtTerminateProcess, | 0_2_004016B6 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_00402368 NtClose, | 0_2_00402368 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_00401723 Sleep,NtTerminateProcess, | 0_2_00401723 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_0040172E Sleep,NtTerminateProcess, | 0_2_0040172E |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89780 ZwMapViewOfSection,LdrInitializeThunk, | 0_2_6DF89780 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89660 ZwAllocateVirtualMemory,LdrInitializeThunk, | 0_2_6DF89660 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89600 ZwOpenKey,LdrInitializeThunk, | 0_2_6DF89600 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF899A0 ZwCreateSection,LdrInitializeThunk, | 0_2_6DF899A0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF898C0 ZwDuplicateObject,LdrInitializeThunk, | 0_2_6DF898C0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89860 ZwQuerySystemInformation,LdrInitializeThunk, | 0_2_6DF89860 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89820 ZwEnumerateKey,LdrInitializeThunk, | 0_2_6DF89820 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF495F0 TpSetPoolMinThreads,ZwSetInformationWorkerFactory,RtlGetCurrentServiceSessionId,TpSetPoolMinThreads, | 0_2_6DF495F0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFFBDFA RtlAcquireSRWLockExclusive,ZwAllocateVirtualMemory,RtlReleaseSRWLockExclusive, | 0_2_6DFFBDFA |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF895F0 ZwQueryInformationFile, | 0_2_6DF895F0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89DE0 ZwAssociateWaitCompletionPacket, | 0_2_6DF89DE0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E013E22 ZwTraceControl,RtlNtStatusToDosError,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error, | 0_2_6E013E22 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF445D0 RtlGetThreadWorkOnBehalfTicket,RtlGetThreadWorkOnBehalfTicket,ZwQueryInformationThread, | 0_2_6DF445D0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF895D0 ZwClose, | 0_2_6DF895D0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFFFDD3 RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6DFFFDD3 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF6EDC4 ZwCancelWaitCompletionPacket, | 0_2_6DF6EDC4 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF44DC0 RtlpUnWaitCriticalSection,RtlWakeAddressAllNoFence,RtlRaiseStatus,TpWaitForAlpcCompletion,RtlpUnWaitCriticalSection,ZwSetEvent,TpWaitForAlpcCompletion,ZwAlpcQueryInformation, | 0_2_6DF44DC0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF895C0 ZwSetEvent, | 0_2_6DF895C0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF895B0 ZwSetInformationThread, | 0_2_6DF895B0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89DB0 ZwAlpcSetInformation, | 0_2_6DF89DB0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF465A0 RtlpGetDeviceFamilyInfoEnum,RtlInitUnicodeString,ZwQueryLicenseValue,RtlInitUnicodeString,ZwOpenKey,ZwClose,RtlGetDeviceFamilyInfoEnum,RtlInitUnicodeString,ZwOpenKey,ZwClose,RtlGetVersion, | 0_2_6DF465A0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89DA0 ZwAlpcSendWaitReceivePort, | 0_2_6DF89DA0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF43591 ZwSetInformationFile, | 0_2_6DF43591 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF5DD80 RtlAcquireSRWLockShared,ZwQueryVirtualMemory,RtlImageNtHeaderEx,RtlImageNtHeaderEx,RtlImageNtHeaderEx,RtlRaiseStatus,RtlAddressInSectionTable,RtlImageDirectoryEntryToData, | 0_2_6DF5DD80 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89D70 ZwAlpcQueryInformation, | 0_2_6DF89D70 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD1570 ZwQuerySystemInformation,RtlInitUnicodeString,memset,ZwAlpcConnectPort,ZwAlpcSendWaitReceivePort,ZwClose, | 0_2_6DFD1570 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD1D6A ZwWaitForMultipleObjects, | 0_2_6DFD1D6A |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E013EBC ZwTraceControl,RtlNtStatusToDosError,RtlSetLastWin32Error, | 0_2_6E013EBC |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD1D43 ZwQueryInformationThread, | 0_2_6DFD1D43 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF74D3B memset,RtlRunOnceExecuteOnce,ZwTraceControl,memcmp,RtlNtStatusToDosError,RtlFreeHeap,RtlAllocateHeap,RtlNtStatusToDosError,RtlFreeHeap, | 0_2_6DF74D3B |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E018ED6 RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E018ED6 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF71520 RtlInitializeCriticalSectionEx,RtlInitializeCriticalSectionEx,RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6DF71520 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89520 ZwWaitForSingleObject, | 0_2_6DF89520 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFFFD22 ZwQueryInformationProcess,RtlUniform, | 0_2_6DFFFD22 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD1D0B ZwSetInformationProcess, | 0_2_6DFD1D0B |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFF64FB ZwOpenKey,ZwQueryValueKey,RtlEqualUnicodeString,RtlEqualUnicodeString,RtlEqualUnicodeString,ZwClose, | 0_2_6DFF64FB |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF4F4E3 RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwSetEvent, | 0_2_6DF4F4E3 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD1CE4 ZwQueryInformationProcess, | 0_2_6DFD1CE4 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF42CDB RtlFreeHeap,ZwClose,ZwSetEvent, | 0_2_6DF42CDB |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7CCC0 memcpy,RtlGetNtSystemRoot,RtlInitUnicodeString,memcpy,ZwOpenKey,ZwClose,ZwEnumerateKey,DbgPrintEx,DbgPrintEx,DbgPrintEx, | 0_2_6DF7CCC0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E018F6A RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E018F6A |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFC3C93 wcschr,RtlInitUnicodeString,wcstoul,RtlAnsiStringToUnicodeString,RtlCompareUnicodeString,ZwProtectVirtualMemory,DbgPrintEx,RtlFreeUnicodeString, | 0_2_6DFC3C93 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8A480 ZwInitializeNlsFiles, | 0_2_6DF8A480 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89C70 ZwAlpcConnectPort, | 0_2_6DF89C70 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF85C70 TpSetPoolMaxThreadsSoftLimit,ZwSetInformationWorkerFactory, | 0_2_6DF85C70 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD1C76 ZwQueryInformationProcess, | 0_2_6DFD1C76 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7AC7B ZwFreeVirtualMemory,RtlFillMemoryUlong,RtlFlushSecureMemoryCache,ZwFreeVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,DbgPrint,DbgPrint,DbgPrint, | 0_2_6DF7AC7B |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF6746D RtlLeaveCriticalSection,ZwClose,RtlFreeHeap, | 0_2_6DF6746D |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFF3C60 RtlFlushSecureMemoryCache,ZwQueryVirtualMemory, | 0_2_6DFF3C60 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF45450 RtlClearThreadWorkOnBehalfTicket,memcmp,RtlClearThreadWorkOnBehalfTicket,ZwSetInformationThread, | 0_2_6DF45450 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD1C49 ZwQueryInformationProcess, | 0_2_6DFD1C49 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89C40 ZwAllocateVirtualMemoryEx, | 0_2_6DF89C40 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF6FC39 ZwAssociateWaitCompletionPacket, | 0_2_6DF6FC39 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8A420 ZwGetNlsSectionPtr, | 0_2_6DF8A420 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF80413 ZwUnmapViewOfSection, | 0_2_6DF80413 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF50FFD RtlInitUnicodeString,ZwQueryValueKey, | 0_2_6DF50FFD |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD0FEC ZwDuplicateObject,ZwDuplicateObject, | 0_2_6DFD0FEC |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E001411 ZwTraceEvent, | 0_2_6E001411 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E018C14 RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E018C14 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF737EB RtlImageNtHeader,RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,ZwCreateIoCompletion,ZwCreateWorkerFactory,RtlAcquireSRWLockExclusive,RtlGetCurrentServiceSessionId,ZwSetInformationWorkerFactory, | 0_2_6DF737EB |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7DFDF RtlWakeAddressAllNoFence,ZwAlertThreadByThreadId,RtlWakeAddressAllNoFence, | 0_2_6DF7DFDF |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8AFD0 ZwShutdownWorkerFactory, | 0_2_6DF8AFD0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF4F7C0 EtwNotificationUnregister,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwClose,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,EtwNotificationUnregister, | 0_2_6DF4F7C0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF897C0 ZwTerminateProcess, | 0_2_6DF897C0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7D7CA RtlImageNtHeader,RtlFreeHeap,ZwCreateSection,ZwMapViewOfSection,ZwClose,RtlImageNtHeader,ZwClose,RtlFreeHeap,ZwClose,ZwClose,ZwUnmapViewOfSection, | 0_2_6DF7D7CA |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF42FB0 RtlDestroyHeap,RtlDeleteCriticalSection,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlDestroyHeap,DbgPrint,DbgPrint,DbgPrint,RtlDebugPrintTimes,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,ZwTraceEvent,RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6DF42FB0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF897A0 ZwUnmapViewOfSection, | 0_2_6DF897A0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF83FA0 RtlGetLocaleFileMappingAddress,ZwInitializeNlsFiles,RtlGetLocaleFileMappingAddress,ZwUnmapViewOfSection, | 0_2_6DF83FA0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7FF9C RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,RtlInitUnicodeString, | 0_2_6DF7FF9C |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E018C75 RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E018C75 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFF5F87 ZwUnmapViewOfSection, | 0_2_6DFF5F87 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD5780 DbgPrompt,ZwWow64DebuggerCall, | 0_2_6DFD5780 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89F70 ZwCreateIoCompletion, | 0_2_6DF89F70 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89770 ZwSetInformationFile, | 0_2_6DF89770 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFFCF70 RtlpGetUserOrMachineUILanguage4NLS,RtlInitUnicodeString,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,ZwClose,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,ZwClose,ZwClose, | 0_2_6DFFCF70 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD176C ZwOpenEvent,ZwWaitForSingleObject,ZwClose, | 0_2_6DFD176C |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF46F60 RtlGetPersistedStateLocation,ZwOpenKey,memcpy,RtlGetPersistedStateLocation,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,RtlAllocateHeap,ZwQueryValueKey,RtlExpandEnvironmentStrings,memcpy,ZwClose,ZwClose,RtlFreeHeap, | 0_2_6DF46F60 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E004496 ZwAllocateVirtualMemory,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint, | 0_2_6E004496 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8AF60 ZwSetTimer2, | 0_2_6DF8AF60 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7CF6A memcpy,memcpy,RtlDosPathNameToRelativeNtPathName_U,ZwOpenFile,memcpy,RtlFreeHeap,RtlDeleteBoundaryDescriptor,DbgPrintEx,DbgPrintEx,DbgPrintEx,ZwClose,RtlFreeHeap,DbgPrintEx,memcpy,DbgPrintEx,ZwClose, | 0_2_6DF7CF6A |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD5F5F RtlInitUnicodeString,ZwOpenFile,ZwClose,RtlFreeHeap,RtlFreeHeap,RtlAllocateHeap,RtlInitUnicodeString,ZwQueryDirectoryFile,RtlAllocateHeap,memcpy,RtlFreeHeap,ZwClose, | 0_2_6DFD5F5F |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89750 ZwQueryInformationThread, | 0_2_6DF89750 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E014CAB ZwTraceControl, | 0_2_6E014CAB |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF80F48 ZwOpenKey,ZwClose,ZwClose,ZwCreateKey,RtlInitUnicodeStringEx,ZwSetValueKey,RtlInitUnicodeStringEx,ZwSetValueKey,ZwClose, | 0_2_6DF80F48 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E019CB3 RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E019CB3 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89740 ZwOpenThreadToken, | 0_2_6DF89740 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7174B ZwFreeVirtualMemory,RtlFlushSecureMemoryCache,ZwFreeVirtualMemory, | 0_2_6DF7174B |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7E730 RtlDecodePointer,ZwQueryInformationProcess,RtlRaiseStatus,RtlAllocateAndInitializeSid,RtlAllocateHeap,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid, | 0_2_6DF7E730 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89730 ZwQueryVirtualMemory, | 0_2_6DF89730 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFFCF30 ZwAlertThreadByThreadId, | 0_2_6DFFCF30 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E018CD6 RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E018CD6 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89710 ZwQueryInformationToken, | 0_2_6DF89710 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD6715 memset,memcpy,ZwTraceEvent, | 0_2_6DFD6715 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF79702 RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwReleaseWorkerFactoryWorker, | 0_2_6DF79702 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E0014FB memset,RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E0014FB |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF4B6F0 EtwEventWriteNoRegistration,ZwTraceEvent,RtlNtStatusToDosError, | 0_2_6DF4B6F0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD16FA ZwQueryWnfStateNameInformation,ZwUpdateWnfStateData,EtwEventWriteNoRegistration, | 0_2_6DFD16FA |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF9DEF0 RtlRaiseException,RtlCaptureContext,ZwRaiseException,RtlRaiseStatus, | 0_2_6DF9DEF0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF576FE RtlInitUnicodeString,RtlAppendUnicodeToString,RtlAppendUnicodeToString,RtlAppendUnicodeToString,ZwOpenKey,ZwClose, | 0_2_6DF576FE |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF6E6F9 ZwAlpcSetInformation, | 0_2_6DF6E6F9 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF896E0 ZwFreeVirtualMemory, | 0_2_6DF896E0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF466D4 RtlInitUnicodeString,ZwQueryValueKey, | 0_2_6DF466D4 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF79ED0 RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlAcquireSRWLockExclusive,RtlAcquireSRWLockShared,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,ZwWaitForAlertByThreadId, | 0_2_6DF79ED0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF896D0 ZwCreateKey, | 0_2_6DF896D0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF42ED8 ZwWaitForAlertByThreadId,ZwWaitForAlertByThreadId, | 0_2_6DF42ED8 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E018D34 RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E018D34 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF896C0 ZwSetInformationProcess, | 0_2_6DF896C0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF6E6B0 RtlSetThreadWorkOnBehalfTicket,memcmp,ZwSetInformationThread,RtlSetThreadWorkOnBehalfTicket, | 0_2_6DF6E6B0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E011D55 ZwFreeVirtualMemory,RtlWakeAddressAllNoFence, | 0_2_6E011D55 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD2EA3 RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6DFD2EA3 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E006D61 ZwAllocateVirtualMemoryEx, | 0_2_6E006D61 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFFBE9B RtlAcquireSRWLockExclusive,ZwAllocateVirtualMemory,RtlReleaseSRWLockExclusive, | 0_2_6DFFBE9B |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7DE9E RtlAcquireSRWLockExclusive,RtlAcquireSRWLockExclusive,RtlGetCurrentServiceSessionId,ZwUnsubscribeWnfStateChange,RtlReleaseSRWLockExclusive,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlFreeHeap, | 0_2_6DF7DE9E |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF42E9F ZwCreateEvent,ZwClose, | 0_2_6DF42E9F |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF43E80 RtlSetThreadSubProcessTag,RtlGetCurrentServiceSessionId,RtlSetThreadSubProcessTag,RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6DF43E80 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E00B581 RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E00B581 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E001582 ZwTraceEvent, | 0_2_6E001582 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8967A NtQueryInformationProcess, | 0_2_6DF8967A |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8AE70 ZwSetInformationWorkerFactory, | 0_2_6DF8AE70 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89670 ZwQueryInformationProcess, | 0_2_6DF89670 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7BE62 ZwProtectVirtualMemory,RtlGetCurrentTransaction,RtlGetCurrentTransaction, | 0_2_6DF7BE62 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8B650 RtlUnhandledExceptionFilter,ZwTerminateProcess, | 0_2_6DF8B650 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89650 ZwQueryValueKey, | 0_2_6DF89650 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD6652 ZwClose,RtlAllocateHeap,memcpy,ZwUnmapViewOfSection, | 0_2_6DFD6652 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8B640 RtlUnhandledExceptionFilter,ZwTerminateProcess, | 0_2_6DF8B640 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFFFE3F memset,RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6DFFFE3F |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF4B630 ZwWaitForKeyedEvent, | 0_2_6DF4B630 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89E30 ZwCancelWaitCompletionPacket, | 0_2_6DF89E30 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89E20 ZwCancelTimer2, | 0_2_6DF89E20 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD2E14 RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6DFD2E14 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF4C600 LdrQueryImageFileKeyOption,RtlInitUnicodeStringEx,ZwQueryValueKey,LdrQueryImageFileKeyOption,RtlFreeHeap,RtlAllocateHeap,ZwQueryValueKey,RtlFreeHeap,RtlUnicodeStringToInteger,memcpy, | 0_2_6DF4C600 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E018214 RtlAcquireSRWLockExclusive,ZwSetInformationWorkerFactory,RtlReleaseSRWLockExclusive, | 0_2_6E018214 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD19C8 ZwCreateSection,ZwMapViewOfSection,memset,ZwUnmapViewOfSection,ZwClose, | 0_2_6DFD19C8 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFC51BE ZwQuerySystemInformation,ZwQuerySystemInformationEx,RtlAllocateHeap,ZwQuerySystemInformationEx,RtlFindCharInUnicodeString,RtlEnterCriticalSection,memcpy, | 0_2_6DFC51BE |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8A9B0 ZwQueryLicenseValue, | 0_2_6DF8A9B0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7C9BF DbgPrintEx,wcsrchr,memcpy,DbgPrintEx,ZwClose,DbgPrintEx,DbgPrintEx,RtlDosPathNameToRelativeNtPathName_U,DbgPrintEx,ZwOpenFile,ZwClose,RtlFreeHeap,DbgPrintEx,DbgPrintEx,DbgPrintEx,RtlDeleteBoundaryDescriptor,ZwClose,RtlFreeHeap, | 0_2_6DF7C9BF |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8B1A0 ZwWaitForKeyedEvent, | 0_2_6DF8B1A0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E018A62 RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E018A62 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89990 ZwQueryVolumeInformationFile, | 0_2_6DF89990 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF4519E RtlEqualUnicodeString,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap, | 0_2_6DF4519E |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF6C182 RtlGetCurrentServiceSessionId,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwWaitForAlertByThreadId,RtlAcquireSRWLockExclusive, | 0_2_6DF6C182 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8B180 ZwWaitForAlertByThreadId, | 0_2_6DF8B180 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89980 ZwCreateEvent, | 0_2_6DF89980 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFF6186 ZwQueryValueKey,memmove,RtlInitUnicodeString, | 0_2_6DFF6186 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7D976 ZwCreateFile,ZwCreateFile, | 0_2_6DF7D976 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF4B171 ZwQueryDebugFilterState,_alloca_probe_16,memcpy,_vsnprintf,ZwWow64DebuggerCall,RtlRaiseException, | 0_2_6DF4B171 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD1976 ZwCreateEvent, | 0_2_6DFD1976 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8B160 ZwUpdateWnfStateData, | 0_2_6DF8B160 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8A160 ZwCreateWorkerFactory, | 0_2_6DF8A160 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF4F150 RtlOpenCurrentUser,RtlFormatCurrentUserKeyPath,ZwOpenKey,RtlFreeUnicodeString,RtlOpenCurrentUser,RtlInitUnicodeString,ZwOpenKey, | 0_2_6DF4F150 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8B150 ZwUnsubscribeWnfStateChange, | 0_2_6DF8B150 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF4395E RtlAcquireSRWLockShared,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlReleaseSRWLockExclusive,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwGetCompleteWnfStateSubscription,RtlFreeHeap, | 0_2_6DF4395E |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF6B944 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,RtlGetCurrentServiceSessionId,ZwSetTimer2,RtlGetCurrentServiceSessionId,ZwCancelTimer2, | 0_2_6DF6B944 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD193B ZwRaiseException,ZwTerminateProcess, | 0_2_6DFD193B |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8A130 ZwCreateWaitCompletionPacket, | 0_2_6DF8A130 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89920 ZwDuplicateToken, | 0_2_6DF89920 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E018ADD RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E018ADD |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF49100 TpReleasePool,RtlAcquireSRWLockExclusive,ZwShutdownWorkerFactory,RtlGetCurrentServiceSessionId,TpReleasePool,TpReleasePool,RtlDebugPrintTimes,TpReleasePool, | 0_2_6DF49100 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF50100 LdrUnloadAlternateResourceModuleEx,RtlAcquireSRWLockExclusive,ZwUnmapViewOfSection,ZwClose,LdrUnloadAlternateResourceModuleEx,RtlFreeHeap,RtlFreeHeap,RtlReAllocateHeap, | 0_2_6DF50100 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89900 ZwOpenEvent, | 0_2_6DF89900 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFE5100 RtlAssert,RtlCaptureContext,DbgPrintEx,DbgPrompt,ZwTerminateThread,DbgPrintEx,RtlAssert,ZwTerminateProcess, | 0_2_6DFE5100 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF4B8F0 TpSetPoolStackInformation,ZwSetInformationWorkerFactory, | 0_2_6DF4B8F0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF440FD RtlImageNtHeaderEx,DbgPrintEx,memset,RtlDebugPrintTimes,DbgPrintEx,wcsstr,DbgPrintEx,DbgPrintEx,wcschr,DbgPrintEx,ZwSetInformationProcess, | 0_2_6DF440FD |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFF60E9 ZwOpenKey,ZwClose,ZwClose, | 0_2_6DFF60E9 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E00131B RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E00131B |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF898D0 ZwQueryAttributesFile, | 0_2_6DF898D0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8A0D0 ZwCreateTimer2, | 0_2_6DF8A0D0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF810D7 ZwOpenKey,ZwCreateKey, | 0_2_6DF810D7 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF470C0 ZwClose,RtlFreeHeap,RtlFreeHeap, | 0_2_6DF470C0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF800C2 ZwAlertThreadByThreadId, | 0_2_6DF800C2 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7F0BF ZwOpenFile,RtlFreeHeap,ZwQueryVolumeInformationFile,RtlAllocateHeap,memcpy,ZwClose,ZwClose,RtlFreeHeap, | 0_2_6DF7F0BF |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8B0B0 ZwTraceControl, | 0_2_6DF8B0B0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF718B9 ZwCreateTimer2,ZwCreateWaitCompletionPacket,ZwAssociateWaitCompletionPacket,ZwClose, | 0_2_6DF718B9 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF6F0AE ZwSetInformationWorkerFactory, | 0_2_6DF6F0AE |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E018B58 RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E018B58 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFF60A2 ZwQueryInformationFile, | 0_2_6DFF60A2 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF6E090 RtlWow64EnableFsRedirectionEx,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwSetEvent, | 0_2_6DF6E090 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8A890 ZwQueryDebugFilterState, | 0_2_6DF8A890 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89890 ZwFsControlFile, | 0_2_6DF89890 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8108B ZwClose, | 0_2_6DF8108B |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF43880 TpSetWaitEx,RtlAllocateHeap,ZwGetCompleteWnfStateSubscription,RtlFreeHeap,TpSetWaitEx, | 0_2_6DF43880 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7A080 RtlDeleteCriticalSection,RtlAcquireSRWLockExclusive,RtlDeleteCriticalSection,RtlDeleteCriticalSection,ZwClose,RtlDeleteCriticalSection, | 0_2_6DF7A080 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD1879 ZwAllocateVirtualMemory,memset,RtlInitializeSid, | 0_2_6DFD1879 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E00138A memset,RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E00138A |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF5106F ZwOpenKey,ZwClose, | 0_2_6DF5106F |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF45050 RtlSetCurrentDirectory_U,RtlAllocateHeap,RtlFreeHeap,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlSetCurrentDirectory_U,RtlFreeHeap,RtlFreeHeap, | 0_2_6DF45050 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E001BA8 RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E001BA8 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89850 ZwQueryDirectoryFile, | 0_2_6DF89850 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E018BB6 RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E018BB6 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89840 ZwDelayExecution, | 0_2_6DF89840 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E019BBE RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E019BBE |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89830 ZwOpenFile, | 0_2_6DF89830 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF74020 RtlGetVersion,RtlGetSuiteMask,RtlGetNtProductType,RtlInitUnicodeString,ZwQueryLicenseValue,RtlGetSuiteMask,RtlGetVersion, | 0_2_6DF74020 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF4F018 RtlAllocateHeap,ZwQueryValueKey,memcpy,RtlFreeHeap, | 0_2_6DF4F018 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF423F6 ZwClose,RtlFreeHeap, | 0_2_6DF423F6 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89BF0 ZwAlertThreadByThreadId, | 0_2_6DF89BF0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF5A3E0 RtlFormatCurrentUserKeyPath,ZwQueryInformationToken,RtlLengthSidAsUnicodeString,RtlAppendUnicodeToString,RtlConvertSidToUnicodeString,RtlFreeUnicodeString, | 0_2_6DF5A3E0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E01F019 RtlInitUnicodeString,RtlInitUnicodeString,ZwQueryValueKey,RtlAllocateHeap,ZwQueryValueKey,RtlInitUnicodeString,ZwClose,RtlFreeHeap, | 0_2_6E01F019 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF42BC2 ZwOpenThreadToken,ZwSetInformationThread,ZwClose, | 0_2_6DF42BC2 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8A3A0 ZwGetCompleteWnfStateSubscription, | 0_2_6DF8A3A0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E018858 ZwAlertThreadByThreadId, | 0_2_6E018858 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF74BAD RtlAcquireSRWLockExclusive,memset,ZwTraceControl,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,RtlFreeHeap,RtlAllocateHeap,RtlNtStatusToDosError,RtlFreeHeap, | 0_2_6DF74BAD |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF42B93 TpSetDefaultPoolMaxThreads,ZwDuplicateToken, | 0_2_6DF42B93 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7939F RtlInitializeCriticalSectionEx,ZwDelayExecution, | 0_2_6DF7939F |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8AB70 ZwReleaseWorkerFactoryWorker, | 0_2_6DF8AB70 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF42B7E ZwSetInformationThread,ZwClose, | 0_2_6DF42B7E |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF73B7A RtlAllocateHeap,ZwQuerySystemInformationEx,memset,RtlFreeHeap, | 0_2_6DF73B7A |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD8372 ZwClose,RtlStringFromGUIDEx,ZwCreateKey,RtlFreeUnicodeString, | 0_2_6DFD8372 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFF6369 RtlInitUnicodeString,ZwOpenFile,ZwCreateSection,ZwMapViewOfSection,ZwClose,ZwClose, | 0_2_6DFF6369 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8AB60 ZwReleaseKeyedEvent, | 0_2_6DF8AB60 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD6365 RtlAllocateHeap,ZwQueryVirtualMemory,memcpy,wcsrchr,RtlFreeHeap,RtlAllocateHeap,memcpy, | 0_2_6DFD6365 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF73B48 ZwClose,ZwClose, | 0_2_6DF73B48 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF49335 ZwClose,ZwClose, | 0_2_6DF49335 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF75306 ZwReleaseKeyedEvent, | 0_2_6DF75306 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF44B00 TpCallbackMayRunLong,TpCallbackMayRunLong,ZwSetInformationWorkerFactory, | 0_2_6DF44B00 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89B00 ZwSetValueKey, | 0_2_6DF89B00 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89AE0 ZwTraceEvent, | 0_2_6DF89AE0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8AAE0 ZwRaiseException, | 0_2_6DF8AAE0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF6FAD0 RtlAcquireSRWLockShared,RtlDllShutdownInProgress,ZwWaitForAlertByThreadId,RtlAcquireSRWLockShared,ZwTerminateProcess, | 0_2_6DF6FAD0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD1AD6 ZwFreeVirtualMemory, | 0_2_6DFD1AD6 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8AAC0 ZwQueryWnfStateNameInformation, | 0_2_6DF8AAC0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E01F13B ZwOpenKey,ZwCreateKey, | 0_2_6E01F13B |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89AB0 ZwWaitForMultipleObjects, | 0_2_6DF89AB0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7E2BB ZwWaitForAlertByThreadId, | 0_2_6DF7E2BB |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF41AA0 RtlAllocateHandle,RtlReAllocateHeap,ZwAllocateVirtualMemory,ZwAllocateVirtualMemory,RtlAllocateHeap, | 0_2_6DF41AA0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF75AA0 TpSetPoolMaxThreads,ZwSetInformationWorkerFactory,RtlGetCurrentServiceSessionId,TpSetPoolMaxThreads, | 0_2_6DF75AA0 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7D294 ZwQueryAttributesFile,RtlFreeHeap,ZwClose,RtlFreeHeap, | 0_2_6DF7D294 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E018966 RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E018966 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8AA90 ZwQuerySystemInformationEx, | 0_2_6DF8AA90 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF4429E RtlInitUnicodeString,ZwClose,LdrQueryImageFileKeyOption, | 0_2_6DF4429E |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF62280 RtlAcquireSRWLockExclusive,RtlDllShutdownInProgress,ZwWaitForAlertByThreadId,RtlAcquireSRWLockExclusive,ZwTerminateProcess, | 0_2_6DF62280 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF8B280 ZwWow64DebuggerCall, | 0_2_6DF8B280 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7DA88 RtlAcquireSRWLockExclusive,RtlImageNtHeader,RtlAllocateHeap,ZwUnmapViewOfSection,ZwClose,RtlReAllocateHeap, | 0_2_6DF7DA88 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E00A189 RtlAcquireSRWLockExclusive,ZwGetNlsSectionPtr,RtlAllocateHeap,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive, | 0_2_6E00A189 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E0049A4 ZwAllocateVirtualMemory,RtlCompareMemory,memcpy,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint, | 0_2_6E0049A4 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89A50 ZwCreateFile, | 0_2_6DF89A50 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF49240 ZwClose,ZwClose,RtlFreeHeap,RtlFreeHeap,RtlFreeHeap,RtlAcquireSRWLockExclusive,RtlFreeHeap, | 0_2_6DF49240 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E01F1B5 RtlAllocateHeap,ZwQueryValueKey,memcpy,RtlFreeHeap, | 0_2_6E01F1B5 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD1242 ZwUnmapViewOfSection,ZwClose,ZwClose,ZwClose,ZwClose,ZwClose, | 0_2_6DFD1242 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF7B230 EtwEventWrite,ZwTraceEvent,RtlNtStatusToDosError,EtwEventWrite, | 0_2_6DF7B230 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89A30 ZwTerminateThread, | 0_2_6DF89A30 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF48239 RtlInitUnicodeStringEx,ZwQueryValueKey,RtlInitUnicodeStringEx,RtlPrefixUnicodeString,ZwEnumerateKey,ZwOpenKey,RtlInitUnicodeStringEx,ZwQueryValueKey,RtlFreeHeap,ZwClose,RtlAllocateHeap,RtlCompareUnicodeString,ZwClose,RtlFreeHeap,ZwClose, | 0_2_6DF48239 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF44A20 RtlGetCurrentServiceSessionId,RtlFreeHeap,ZwClose,RtlReleaseActivationContext,LdrUnloadDll, | 0_2_6DF44A20 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DFD4A28 ZwOpenKey,DbgPrintEx,ZwQueryValueKey,DbgPrintEx,DbgPrintEx,memcpy,ZwClose, | 0_2_6DFD4A28 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF6A229 ZwAllocateVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,ZwQueryVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlFillMemoryUlong,DbgPrint,DbgPrint,DbgPrint, | 0_2_6DF6A229 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF45210 RtlGetCurrentDirectory_U,memcpy,RtlGetCurrentDirectory_U,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap, | 0_2_6DF45210 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6E0189E7 RtlGetCurrentServiceSessionId,ZwTraceEvent, | 0_2_6E0189E7 |
Source: C:\Users\user\Desktop\http___citycapproperty.ru_localmod_nmode.exe | Code function: 0_2_6DF89A00 ZwProtectVirtualMemory, | 0_2_6DF89A00 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_00401718 Sleep,NtTerminateProcess, | 17_2_00401718 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_004012E3 NtAllocateVirtualMemory, | 17_2_004012E3 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_00401288 NtAllocateVirtualMemory,NtMapViewOfSection,NtMapViewOfSection,NtMapViewOfSection,NtMapViewOfSection, | 17_2_00401288 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_004016B6 Sleep,NtTerminateProcess, | 17_2_004016B6 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_00402368 NtClose, | 17_2_00402368 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_00401723 Sleep,NtTerminateProcess, | 17_2_00401723 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_0040172E Sleep,NtTerminateProcess, | 17_2_0040172E |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E049600 ZwOpenKey,LdrInitializeThunk, | 17_2_6E049600 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E049660 ZwAllocateVirtualMemory,LdrInitializeThunk, | 17_2_6E049660 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E049780 ZwMapViewOfSection,LdrInitializeThunk, | 17_2_6E049780 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E049820 ZwEnumerateKey,LdrInitializeThunk, | 17_2_6E049820 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E049860 ZwQuerySystemInformation,LdrInitializeThunk, | 17_2_6E049860 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E0498C0 ZwDuplicateObject,LdrInitializeThunk, | 17_2_6E0498C0 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E0499A0 ZwCreateSection,LdrInitializeThunk, | 17_2_6E0499A0 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E00C600 LdrQueryImageFileKeyOption,RtlInitUnicodeStringEx,ZwQueryValueKey,LdrQueryImageFileKeyOption,RtlFreeHeap,RtlAllocateHeap,ZwQueryValueKey,RtlFreeHeap,RtlUnicodeStringToInteger,memcpy, | 17_2_6E00C600 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E092E14 RtlGetCurrentServiceSessionId,ZwTraceEvent, | 17_2_6E092E14 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E049E20 ZwCancelTimer2, | 17_2_6E049E20 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E0D3E22 ZwTraceControl,RtlNtStatusToDosError,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error, | 17_2_6E0D3E22 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E00B630 ZwWaitForKeyedEvent, | 17_2_6E00B630 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E0BFE3F memset,RtlGetCurrentServiceSessionId,ZwTraceEvent, | 17_2_6E0BFE3F |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E049E30 ZwCancelWaitCompletionPacket, | 17_2_6E049E30 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E04B640 RtlUnhandledExceptionFilter,ZwTerminateProcess, | 17_2_6E04B640 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E04B650 RtlUnhandledExceptionFilter,ZwTerminateProcess, | 17_2_6E04B650 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E049650 ZwQueryValueKey, | 17_2_6E049650 |
Source: C:\Users\user\AppData\Roaming\eurbbce | Code function: 17_2_6E096652 ZwClose,RtlAllocateHeap,memcpy,ZwUnmapViewOfSection, | 17_2_6E096652 |
Source: C:\Users\user\AppDat |